Stradley Ronon’s dedicated data breach response team understands the importance of a prompt and proper data breach investigation and response. We and our technology partners help our clients take the quick and prudent actions necessary in the hours, days and weeks following a data breach or incident to understand the scope of the compromise; evaluate the parameters and elements of unauthorized access, movement or exfiltration of data; and assess the actions needed to maintain legal compliance and mitigate damages. We work with highly trained technology specialists and carefully selected vendors to spearhead the investigation into the breach. Our attorneys recognize that there is no standard approach for a data breach response because there is no standard data breach. Information technology systems vary from business to business, the geneses of breaches vary widely (from criminal hacking or data theft to equipment failure or human error), and legal requirements arising from a data compromise vary from state to state, industry to industry and breach to breach, often depending on the types of information compromised.
Once a breach investigation is underway, where a breach triggers regulatory disclosures and possible fines or penalties, Stradley’s attorneys interface with state and federal regulators to ensure legal compliance and minimize damages. We are experienced in regulatory affairs, legal compliance and resolution of regulatory disputes across many industries, including health care, insurance, financial services and education. Where a breach spurs lawsuits, our experienced litigation attorneys are ready to defend our clients against all claims, both serious and spurious, that may be asserted. We work to protect our clients’ corporate reputation at every stage in the breach response. If someone else caused the breach, we have significant experience representing clients as individuals or class action plaintiffs.
We also provide comprehensive pre-breach counseling. Our attorneys have extensive experience with the state and federal laws governing the protection of confidential, personally identifiable information; personal health information; and other private records — and what steps are required in the event of unauthorized access. We use this knowledge to help clients assess, prioritize and address their current risks; create and implement best-in-market policies and procedures; develop incident response plans; create training programs and conduct training; assess cyber insurance policies; and review and negotiate vendor agreements to ensure compliance.
THE Services We Provide
THE Stradley Difference
- Pre-breach counseling
- Develop policies and procedures
- Create training programs
- Review vendor agreements
- Evaluate cyber insurance policies
- Post-breach response
- Prompt and proper breach investigation with best-in-class technology partners
- Assessment of data compromise and attendant legal obligations
- Mitigation of damages
- Fulfillment of regulatory and disclosure obligations
- Post-breach litigation
- Defense of class action and individual claims
- Mitigation of damages
- Resolution of claims through summary disposition, negotiation and/or trial
- Pursuit of recovery against parties responsible for breach, where appropriate
Stradley brings industry-specific knowledge and regulatory experience to our data breach response engagements. Also, in conjunction with our robust government affairs practice group, we stay on the cutting edge of legal developments regarding data breaches, and help shape the laws and legal obligations in this field. Our attorneys have in-depth regulatory experience in industries including financial services, health care, higher education, manufacturing, insurance and many others particularly prone to data breaches. Our attorneys regularly speak, write and train others on data security issues, and we use this knowledge to keep our clients in compliance, prepared to respond if and when a breach occurs and, with the comfort of Stradley as a trusted adviser, focused on their business.