Most businesses, regardless of size, have to be aware of state and federal laws regarding security and privacy. Knowledge of the law is especially important when a company is experiencing a security incident. Scott & Scott, LLP’s incident response team is ready to respond to a data breach affecting a client’s data. Scott & Scott’s attorneys, who are regularly called upon by their peers to speak about privacy laws and security concerns, can also help develop privacy policies that comply with the law and guide employees in the event of a security incident. Our experienced professionals can also work with businesses to manage their vendors and subcontractors to ensure compliance with federal and state privacy laws. For those businesses subject to HIPAA, GLBA, or NASD privacy and security rules, Scott & Scott has formulated solutions that make sense.
Data Breach Incident Response
Every business collecting, using, maintaining, or storing electronic data is at risk for a security incident. Even those companies who have implemented the most advanced security initiatives are not immune from data breaches. Scott & Scott helps its clients prepare for and mitigate the liability, costs, and brand-damage associated with data security breaches or incidents. After a security incident occurs, time is of the essence.
By drafting policies that companies can follow, Scott & Scott helps mitigate the risk of an FTC or regulatory investigation, or unfair competition claim, based on failure to follow enumerated privacy and security policies. We have helped clients design privacy and security policies that comply with Sarbanes-Oxley, the Gramm-Leach-Bliley Act (GLBA) and the Heath Insurance Portability and Accountability Act (HIPAA), as well as numerous state and industry regulations.
As security incidents continue to threaten businesses, it is crucial to employ appropriate document retention and destruction strategies. Many states require business to take all reasonable steps to destroy records by shredding, erasing, or otherwise modifying the personal information to make it unreadable or undecipherable. Additionally, there are a number of state laws that require businesses to maintain reasonable security procedures and practices appropriate to the nature of the information to protect from unauthorized access, destruction, use, modification, or disclosure.
Many companies are struggling with the issue of vendor management and outsourcing. While outsourcing technology and account services can be valuable in industries like banking and healthcare, the original service provider has the responsibility to ensure that the data is protected.