Overview
McDermott attorneys are experienced in advising corporate counsel and companies’ IT security teams on the complexity of security requirements and evolving best practices. We help clients manage privacy and cybersecurity risks in nearly all aspects of their operations. We have hands-on experience advising on the most challenging issues, including:
Incident Response Preparedness and After-Action Remediation
McDermott attorneys have extensive experience in the development and implementation of cyber incident response plans and data-breach response procedures. We regularly help identify gaps after a security incident and assess and construct tailored remediation plans and protocols.
Risk Management in M&A Transactions
We work with our M&A clients to assess the cybersecurity risks of proposed transactions and to structure deal terms to mitigate that risk. We conduct legal due diligence that may include a review of the client’s privacy and cybersecurity policies, and provide advice on a range of legal issues, including steps that may be taken to mitigate privacy and cybersecurity risk in connection with the transaction. Where appropriate, we partner with leading cybersecurity risk firms to conduct cybersecurity due diligence on potential target companies. This due diligence can include assessing deficiencies in technical controls, establishing benchmarks against best practices and providing recommendations for improvements.
Risk Management for Benefit Plans
McDermott advises benefit plans on the management of cyber risks. Our work often includes a review of the plan’s privacy and cybersecurity policies, an assessment of legal responsibility for losses, recommendations on training policies to reinforce data security, and advising the client on measures to reduce cyber risk. Where appropriate, we partner with leading cybersecurity risk firms to conduct technical assessments of the plan’s systems.
Privacy/Cybersecurity Compliance Programs
We build privacy and data security programs for clients facing the intricacies of collecting, storing, processing, transmitting and disposing of data, and have particular depth assisting multinational organizations. We assist in developing strategies in the data collection arena and assess compliance in notices, privacy policies and backend processes. We regularly perform audits of existing policies, procedures and systems to identify compliance gaps. Following the completion of these audits, we recommend business-minded solutions and help companies implement internal and external controls that can fill those compliance gaps. With our clients’ business objectives in mind, we engage in strategic planning to help them maximize the value and use of consumer data for the benefit of the company. We also draft internally and externally facing privacy and information security policies.
International Privacy Compliance
We advise global clients on compliance with the complex array of privacy and cybersecurity obligations affecting data that crosses borders or relates to foreign employees and individuals. We regularly assist clients with international data transfer mechanisms, including the EU/US Privacy Shield, responses to global data breaches, and compliance with the EU’s data protection laws and General Data Protection Regulation and other non-US privacy laws.
