Cybersecurity and Data Privacy

Team Leaders

Team Leader

Shawn A. Morgan

Member

shawn.morgan@steptoe-johnson.com

Download VCard

Overview

Data and cybersecurity issues have never been more important than they are today. Privacy concerns touch upon all aspects of commerce and consumer dealings. Businesses must remain vigilant to keep up with evolving technology, while keeping data secure. Failing to follow privacy and cybersecurity laws and regulations can lead to compliance issues, regulatory and public scrutiny, data loss, and the need to notify clients and regulatory agencies.

Through good planning, companies can create strong organizational and outward facing policies to protect important and sensitive business and personal data, minimize the chance of a breach, and to address any incident that occurs.

Representative Experience

Served as breach counsel for higher education, health care, manufacturing, and retail clients
Investigated data security incidents for clients, including coordination with insurers, retention of experts, interaction with governmental and regulatory authorities, preparation of post-incident reports, and advising clients regarding post-incident remediation
Advised clients, including online retailers, on data security matters including data security program compliance
Counseled global manufacturing and engineering firm on domestic U.S. and EU GDPR compliance and program implementation
Responded to energy, health care, higher education, retail, and financial services industry clients’ data breaches and potential security incidents involving hacking, ransomware, and phishing and whaling attacks, providing breach notification assistance and advice on cybersecurity information-sharing
Oversight activities for bank-wide compliance of the Gramm-Leach-Bliley Act of 1999, including implementation of entity-wide compliant data security and privacy program for a large regional financial institution
Drafted data privacy and security policies, procedures, and notices for a myriad of commercial and consumer facing businesses
Handled security incident investigations and responses, including data breach notifications to regulatory authorities, state authorities, and individuals
Addressed data privacy and security issues in contract negotiation
Reviewed cyber insurance policies and provided coverage advice
Represented banks relating to financial privacy, Bank Secrecy Act, and customer and fiduciary issues

Highlights

The Steptoe & Johnson Cybersecurity Team helps clients:

Understand and comply with data privacy and cybersecurity laws and regulations
Plan and develop compliant organization-wide data security programs
Plan for and respond to any breach and re-evaluate existing cybersecurity plans following a breach