As increasingly serious cyber attacks pose mounting threats to businesses across industry, Mintz, Cohn, Ferris, Glovsky and Popeo, P.C. has formed a dedicated Cybersecurity Risk Management group as part of its long established Privacy & Security practice.
Encompassing a “safety suite” of specialized services geared towards cyber breach prevention, resolution and remediation, the Cyber Security Risk Management group works with clients to develop cyber awareness, plan for incident response, test existing plans as well as prepare for future intrusions, data breaches and cyber incidents – all under the protection of attorney-client privilege.
Services offered as part of the “safety suite” are delivered on a project fee basis – an alternative fee arrangement that doesn’t rely solely on hourly rates – and is customized to meet individual client needs.
“In a world where cyber attacks and data breaches are escalating dramatically, Mintz Privacy & Security attorneys are playing a crucial role in helping clients plan for worst-case scenarios, reduce exposure to damaging incidents and fines and recover after breaches have occurred,” said Cynthia Larose, Chair of the Privacy & Security practice at Mintz. “As companies look to mitigate the risk of threats on all fronts – across state lines and international borders – they are recognizing the need to proactively work with legal counsel to address compliance, insurance and incident response to ensure that operational, reputational, legal and financial risks are minimized to the extent possible.”
The Mintz Cybersecurity Risk Management group recently expanded to include Mark E. Robinson, a nationally recognized expert in government investigations and enforcement, cybersecurity defense and a former deputy chief of the Criminal Division of the U.S. Department of Justice (DOJ). Mr. Robinson joined as a Member in the firm’s Boston office. The group has also added attorneys Ari Moskowitz, CIPP and Peter Day, who will serve in Washington, D.C. and San Diego, respectively, further enhancing the firm’s scope of expertise in privacy and security matters nationwide.
Mintz Privacy & Security practice has been consistently recognized by Chambers Global and Chambers USA. Its practitioners, many of whom are Certified Information Privacy Professionals (CIPPs) with specific U.S. and European Union specialties, offer expert counsel and vigorous representation. They work closely with attorneys across several diverse practice areas to provide integrated, multidisciplinary counsel addressing how cybersecurity issues relate to such matters as transactions, SEC disclosure, HIPAA and management of third-party vendor relationships, among others. They also consult with boards of directors regarding cybersecurity, cyber liability insurance, and investigations into the internal misappropriation of data and trade secrets. Clients further benefit from the expertise of the firm’s government relations consulting affiliate ML Strategies, which provides data breach-related crisis communications.
The Mintz Cybersecurity Safety Suite services include:
• Identification and review of U.S. and global privacy and information-management law compliance
• Risk assessment and gap analysis
• Comprehensive privacy and security audits
• Cybersecurity risk counseling and strategy development
• Information security policy and privacy statement development and review
• Development of third-party vendor assessments and contract review
• Data classification and mapping, and privacy compliance analysis
• Privacy and security risk allocation and transaction services
• Cyber risk insurance policy review
• Transactional due diligence relating to data and privacy issues
• Public policy counseling and representation
• Complete suite of HIPAA Omnibus Rule compliance services for providers or business associates
• Corporate incident and data breach response program development or review
• Information security and cyber risk presentations and/or training for senior management and boards of directors
• Data breach response, including corporate crisis and incident management
• Security consulting and breach consulting in partnership with valued third-party providers
• Negotiation and representation before the Federal Trade Commission and Office for Civil Rights
• Post-incident analysis and reporting
• Attorney-client privileged coordination with third-party forensic analysts and technology specialists
• Review and update of corporate breach response
• Tabletop review exercises
• Dispute resolution concerning privacy and information management
• Insurance coverage disputes
• Privacy class action litigation
• Access to online resources of state data breach notification laws
• Monthly compliance updates
• Monthly third-party review updates
• Annual table-top and training exercises
• Annual data classification and data map refresh
• Annual US-EU and US-Switzerland Safe Harbor recertification
• Annual review of binding corporate rules and policies