McDermott attorneys are experienced in advising corporate counsel and companies’ IT security teams on the complexity of security requirements and evolving best practices. We help clients manage privacy and cybersecurity risks in nearly all aspects of their operations. We have hands-on experience advising on the most challenges issues, including:
Incident Response Preparedness and After-Action Remediation
McDermott attorneys have extensive experience in the development and implementation of cyber incident response plans and data-breach response procedures. We regularly help identify gaps after a security incident and assess and construct tailored remediation plans and protocols.
Risk Management in M&A Transactions
We work with our M&A clients to assess the cybersecurity risks of proposed transactions and to structure deal terms to mitigate that risk. We conduct legal due diligence that may include a review of the client’s privacy and cybersecurity policies, and provide advice on a range of legal issues, including steps that may be taken to mitigate privacy and cybersecurity risk in connection with the transaction. Where appropriate, we partner with leading cybersecurity risk firms to conduct cybersecurity due diligence on potential target companies. This due diligence can include assessing deficiencies in technical controls, establishing benchmarks against best practices and providing recommendations for improvements.
Risk Management for Benefit Plans
McDermott advises benefit plans on the management of cyber risks. Our work often includes a review of the plan’s privacy and cybersecurity policies, an assessment of legal responsibility for losses, recommendations on training policies to reinforce data security, and advising the client on measures to reduce cyber risk. Where appropriate, we partner with leading cybersecurity risk firms to conduct technical assessments of the plan’s systems.
Privacy/Cybersecurity Compliance Programs
We build privacy and data security programs for clients facing the intricacies of collecting, storing, processing, transmitting and disposing of data, and have particular depth assisting multinational organizations. We assist in developing strategies in the data collection arena and assess compliance in notices, privacy policies and backend processes. We regularly perform audits of existing policies, procedures and systems to identify compliance gaps. Following the completion of these audits, we recommend business-minded solutions and help companies implement internal and external controls that can fill those compliance gaps. With our clients’ business objectives in mind, we engage in strategic planning to help them maximize the value and use of consumer data for the benefit of the company. We also draft internally and externally facing privacy and information security policies.
International Privacy Compliance
We advise global clients on compliance with the complex array of privacy and cybersecurity obligations affecting data that crosses borders or relates to foreign employees and individuals. We regularly assist clients with international data transfer mechanisms, including the EU/US Privacy Shield, responses to global data breaches, and compliance with the EU’s data protection laws and General Data Protection Regulation and other non-US privacy laws.
Developed data security addenda for a Massachusetts-based health care system to use with its HIPAA-covered and non-HIPAA covered vendors, and developed a company-wide vendor management policy that fits with the company’s HIPAA security risk analysis
Advised a Japanese company on its obligations under US law to protect data it would receive as a result of its acquisition of a US-based company
Vetted consumer privacy and information security risks in multimillion-dollar transactions involving a private equity company’s acquisition of two national data brokers
A diverse, global network of industry-leading talent committed to you and your vision.