Proactive measures and breach prevention


The cost of a data breach, including fees for privacy professionals and penalties from regulators, can be devastating to your business. Plus, the public relations damage is incalculable! Unfortunately, for many organizations, it’s not a matter of if you will become a victim of a data breach, but when. It’s critical to have a comprehensive, proactive approach to data privacy and cybersecurity for a number of reasons – to minimize risk, mitigate potential costs and to comply with information security laws and standards, depending on your state and industry.

Below is a brief summary of some proactive programs, policies and procedures that we provide:

  • Breach response workshops - Our interactive workshops are designed for individuals at the front line of data breach risk management, including compliance, risk, legal, IT, finance, HR, and communications.
  • Incident response plan - Your incident response plan is the go-to document that identifies the appropriate internal and external resources to properly deal with a data breach.
  • Written Information Security Program (WISP) - A WISP is a document that outlines your privacy policies and procedures. It sets forth the various physical, technical and administrative safeguards your company has taken to secure Personal Information (PI), Protected Health Information (PHI) and confidential information, contained in both electronic and hardcopy form.
  • Confidentiality agreements - It is important to establish your commitment to data privacy from the start of a relationship with any third party. Carefully drafted confidentiality agreements for employees, vendors and visitors can help accomplish this goal.
  • Employee policies - A study found that 59 percent of employees who were fired, laid off or quit admitted to stealing company data. You can reduce the likelihood of this happening by having appropriate IT and electronic policies. Our attorneys draft social media policies, computer usage policies (cell phones, USBs, laptops, personal devices), document retention and destruction policies, telecommuting policies, mobile device usage policies, and “Bring Your Own Device” policies.
  • Employee training - It’s imperative that your employees have appropriate training regarding your data security programs at the inception of employment and on an annual basis thereafter. Our team assists clients in drafting training modules and presentations and we frequently provide on-site training.
  • Storage and disposal of personal information - At least 29 states have enacted information security laws that mandate how personal information should be stored and require entities to destroy, dispose or otherwise make the information unreadable when it is no longer needed for a legitimate business purpose. We can work with you to develop a storage and disposal plan that meets those requirements.


Show More