Bradley Arant Boult Cummings LLP is pleased to announce the formation of a new Privacy and Information Security Team that will focus on representing clients on the most pressing privacy and data security issues. Partners Paige M. Boshell and Amy S. Leopard will serve as co-chairs.
The team brings together a cross-disciplinary group of the firm’s attorneys who currently help clients minimize the risk for data breaches and comply with laws and regulations involving security issues faced by financial institutions and creditors, health care providers, retailers, and other companies.
“We already have a group of attorneys with a significant amount of experience and track record of providing these services to our clients,” said Ms. Boshell. “This new team allows us to further enhance our focus on meeting our clients’ privacy and security needs by facilitating more sharing and collaboration among the firm’s diverse practice areas.”
Ms. Boshell, a partner in the firm’s Banking and Financial Services and Intellectual Property Practice Groups, said that the newly structured team also will help raise awareness of the firm’s robust privacy and security services.
“Companies can be intimidated by privacy and security, so in the past they may have hired a major market law firm with a higher-profile reputation in this practice area without fully realizing that the firm they have trusted and built a relationship with over decades provides the same quality of services, along with added economic advantages,” Ms. Boshell said.
Ms. Leopard, a partner in the firm’s Health Care Practice Group, said it also is critical to get the word out to smaller companies and clients on the importance of adequately mitigating risk before a breach occurs.
“Many new companies have entered the Health Insurance Portability and Accountability Act (HIPAA) regulatory regime as business associates to health plans and providers and are just now beginning to understand their compliance responsibilities and breach reporting duties,” Ms. Leopard said. “Even entities that have been regulated under HIPAA for over a decade often don’t fully comprehend how the bar is being raised, the level of protection that they need, and the steps they can take to guard against future breaches.”
Ms. Boshell added, “A data breach or attack can impact any industry that touches consumer information, especially financial and health care institutions, retailers (both brick-and-mortar and online), universities, magazine publishers, gym clubs—really any business that touches personal consumer information. It can be particularly damaging to a financial institution, but cyber criminals also can do a lot of damage with just a name, an email address, and a social security number. We’re also seeing a lot more employee information being hacked, which is relevant across all industries.”
The firm’s Privacy and Information Security Team attorneys advise clients on prospective risk avoidance through review and analysis of privacy programs and data policies and drafting and negotiating third-party service provider contracts. Upon occurrence of a data breach or attack, they guide clients and protect them through the resulting investigatory, reporting, and disclosure states as well as public relations and liability exposure. Specific services include:
- Risk mitigation:
- Asset management
- Regulatory compliance
- Risk assessment
- Risk-management strategy
- Protection of data and systems:
- Appropriate data sharing
- Access control
- Awareness and training
- Handling processes
- Protective technology
- Response and recovery to unauthorized incidents:
- Response planning
- Breach reporting to individuals and government entities
- Remediation and improvement recommendations
- Recovery planning
- Customer and public communication
In addition, the team advises and helps clients comply with the myriad of laws that govern privacy and security, including consumer protection laws, health care privacy laws and regulations such as HIPAA, and financial privacy and bank secrecy laws and regulations. The attorneys also aggressively defend clients against any claims or actions that may ensue in data breach and other privacy-related litigation.