Privacy & Security

Cybersecurity Risk Management

Cybersecurity Risk ManagementCompanies are expected to keep data safe and protected, yet in a world where cyber attacks and data breaches are increasing, planning for worst-case scenarios is critical to minimizing your exposure to damaging incidents and fines. Companies can even find themselves liable for their data collection and storage practices when laws and regulations governing privacy and security change or their business practices come to light. No matter how careful your company is, it needs proactive legal counsel to help you mitigate your risks on all fronts, across states and international borders, and addressing compliance, insurance, incident response, and your business relationships and practices.

Mintz Levin’s Cybersecurity Risk Management Practice is comprehensive, and everything our clients discuss with us pertaining to their security is protected by attorney-client privilege. That means all your communications with us are confidential.

Our team includes Certified Information Privacy Professionals (CIPPs) and is integrated with the firm’s practices to address privacy and security issues as they relate to matters including transactions, US SEC disclosure, HIPAA, and third-party vendor relationships. Mintz Levin’s deep bench and privacy and security experience allow us to offer vigorous representation and legal counsel.

Quick Facts

  • Team includes Certified Information Privacy Professionals (US, Government, and EU specialties)
  • Global privacy and security risk management
  • Public policy counseling and representation and crisis communications consulting available through our DC office and our affiliate, ML Strategies, LLC
  • Practice Chair recognized by Chambers Global and Chambers USA for past 4 years

Comprehensive Cybersecurity Services

Cybersecurity Risk Management Protected by Attorney-Client Privilege
  1. Prevention Services
    Attack risk reduction solutions, policies, and procedures
  2. Resolution Services
    Threat and breach remedy plans and procedures
  3. Remediation Services
    Incident response plans and counseling


Prevention Services
  • Identification of and review of US and global privacy and information-management law compliance
    • PCI-DSS
    • State and federal privacy laws
    • HIPAA Omnibus Rule
    • US-EU and US-Switzerland Safe Harbor
    • EU Data Protection Directive (and national implementation) and Binding Corporate Rules
    • APEC

  • Risk assessment and gap analysis
  • Comprehensive privacy and security audits
  • Cybersecurity risk counseling and strategy development
  • Information security policy and privacy statement development and review
  • Development of third-party vendor assessments and contract review
  • Data classification and mapping and privacy compliance analysis
  • Privacy and security risk allocation and transaction services
  • Cyber risk insurance policy review
  • Transactional due diligence relating to data and privacy issues
  • Public policy counseling and representation
  • Complete suite of HIPAA Omnibus Rule compliance services for provider or business associate


Resolution Services
  • Corporate incident and data breach response program development or review
  • Information security and cyber risk presentations and/or training for senior management and board of directors
  • Data breach response, including corporate crisis and incident management
  • Security consulting and breach consulting in partnership with valued third-party providers
  • Includes a “preferred provider” rate from Kroll SEC and other regulatory disclosures
  • Negotiation and representation before the Federal Trade Commission and Office of Civil Rights


Remediation Services
  • Post-incident analysis and reporting
  • Attorney-client privileged coordination with third-party forensic analysts and technology specialists
  • Review and update of corporate breach response
  • Tabletop review exercises
  • Dispute resolution concerning privacy and information management
  • Insurance coverage disputes
  • Privacy class action litigation
Prevention Services Resolution Services Remediation Services