Our Privacy & Cyber Security Practice Group Contacts
* CIPP/US Certified
Articles and Presentations
- Data & Cyber Security for Lawyers, Presented by Simone McCormick, Director at MPBF, Winston Krone, Managing Director of Kivu Consulting, and Sylvia Johnson, Senior Director, Financial Services Compliance at Salesforce.com, Bar Association of San Francisco, July 2016
- Managed Cyber Risks in Healthcare: How to Prepare for and Respond to a Data Breach, Guy Carpenter Medical Liability Network, April 2015
- 2015 The Year of the Law Firm Hack: Why Preserving Privacy and Data Security is Critical for Law Firms with Winston Krone of Kivu Consulting and Lara Forde of ePlace Solutions, Inc., March 2015
- Interview: Steps Law Firms Should Take to Protect Private Client Data by Mari Frank on the Privacy Piracy Radio Show, a public affairs radio program from the University of California, Irvine, February 2015
- Law firms must take steps to protect private client data, Daily Journal, Nov. 27, 2014
If interested in a customized Presentation or Article, please contact our Privacy & Cyber Security team.
Privacy & Cyber Security
Data Incident Analysis / Breach Coaching / Data/Information Privacy and Security
Businesses face increasingly sophisticated cyber threats and aggressive
regulatory enforcement finding that hackers do not discriminate against their
victims–no company is too small or too big to target. We can help
you understand those threats, mitigate those risks, and respond to the
unthinkable. We have helped our clients in nearly one hundred privacy data
breach incidents and investigations, representing clients in variety of
industries, including: health care, financial services, professional
services, and insurance and the capacity to represent other industries
such as hospitality and small retailers. We can help you develop a privacy
policy for your organization, guide you through immediate forensics
investigations, and coordinate initial crisis management including the maze of
legal notification requirements, data governance standards, regulatory
compliance issues, and contractual obligations. When litigation follows a
data security incident, we will defend you from beginning to end.
Highlights and Services Provided
Compliance and risk management services, including prophylactic counsel;
internal privacy and security program creation; policy development; program
audits; and other services as needed.
Guidance on information management practices to help ensure ongoing
compliance with the wide variety of federal and state regulatory regimens
governing how confidential, personal information, and private financial
records must be protected against inappropriate disclosures.
- Assess technical, administrative and physical security risk
- Prioritize and address risks identified
- Review and/or develop comprehensive and compliant policies and
- Develop incident response plans
- Develop training programs and conduct trainings for Boards and
- Prepare employee contracts including security provisions
- Review subcontractor agreements (Business Associate Agreements) to
improve the organization’s position with regard to data that is shared with
Investigations and Regulatory
We routinely respond to regulatory inquiries and investigations.
Specifically, we handle:
- Security breach investigations and related incident response and crisis
- Manage the crisis of a cyber event
- Guide clients through immediate forensics investigations
- Coordinate initial crisis management, including:
- Federal and state legal notification requirements
- Data governance standards
- Regulatory compliance issues including media notice
- Contractual obligations
- Defend actions, inquiries, and investigations by the Federal Trade
Commission, Department of Health and Human Services, Office of Civil Rights,
Federal Communications Commission, state Attorneys General, financial
regulators, and individuals.
Finally, when necessary following investigations, we vociferously defend
against all litigation.