The Cybersecurity & Data Privacy practice group at Hall Estill is well versed in providing legal services in this rapidly evolving area. From Fortune 500 companies to small family-owned businesses, no one is immune from cyberattacks and data breaches.
Attorneys in this practice assist clients who have experienced a cybersecurity incident in evaluating the company's legal obligations, including notification requirements, under various state and federal laws. This includes evaluating whether an incident qualifies as "breach" under the appropriate jurisdiction, analyzing the information accessed during the breach to determine whether it meet the definition of Protected Health Information (PHI) or Personally Identifiable Information (PII), and then recommending a course of action based on that analysis, including outlining notification requirments if needed.
In addition, Hall Estill Cybersecurity & Data Privacy attorneys assist clients with the following:
- Preparation of Information Security/Data Retention policies and procedures
- Preparation of cybersecurity incident response plans
- Review of service provider/third party agreements to mitigate potential exposure arising from any data security incident by clearly defining a client's relationship with the service provider
- Cybersecurity regulation compliance, and insurance and dispute review
- Defending data breach claims and lawsuits