MENU

Cybersecurity, Data Privacy, GDPR Compliance

See work in this area

As personal and private data are increasingly created, shared, and stored electronically, the threats posed by cybercrime and regulatory investigations into alleged privacy and cybersecurity protection law violations have never been greater.

Practices > Cybersecurity, Data Privacy, GDPR Compliance
Arbitration Artificial Intelligence Banking and Finance Bankruptcy, Restructuring, and Creditors’ Rights Business Transactions Capital Markets Commercial Litigation Corporate Formation, Governance, and Compliance Cybersecurity, Data Privacy, GDPR Compliance Emerging Companies and Venture Capital Executive Compensation and Separation Financial Services, Investment Funds, and Regulatory Compliance Immigration Insurance Intellectual Property Intellectual Property Litigation Internal Investigations Labor & Employment Advice and Counsel Labor and Employment Disputes Matrimonial and Family Law Real Estate Securities Litigation, Regulatory Investigations, and Enforcement Tax Consulting, Structuring, and Controversy: Federal, International, and State & Local White Collar Defense

At Barton, we utilize our experience with the flows of information in business and professional settings to assist clients in understanding and complying with the various laws and standards that regulate the collection, use, sharing, and protection of personal data. We work with our clients to facilitate their implementation of current legal and regulatory standards and best practices when it comes to records management and information governance.

We assist our clients with fulfilling pertinent U.S. federal and state privacy and information management requirements and international data protection laws, including the security and data safeguard requirements of all countries in which the client does business or has facilities. In light of the EU’S recently effective General Data Protection Regulation (GDPR), which impacts most U.S. organizations, and the growing number of U.S. state privacy and cybersecurity laws and regulations, it is crucial for businesses dealing with sensitive and protected data to become and remain compliant with these new laws, regulations, and industry best practices.

Barton attorneys conduct compliance, risk, and management assessment audits, including preparation of data flow maps; create legal and regulatory frameworks for defensible policies and information security procedures; and prepare and deliver training materials to be used in conjunction with workforce training on privacy and information security protocols. In addition, our privacy and cybersecurity team can vet technical vendors (including IT forensics and related experts) and can negotiate and draft service agreements with customers, vendors, and other business partners who access and use protected data. The team can also, across a wide spectrum of industry verticals, prepare privacy and cybersecurity law due diligence questions for acquirers and prepare responses to such questions on behalf of target organizations.

Barton attorneys have also advised the New Jersey State Assembly on privacy and cybersecurity legislation and have testified before legislative committees as experts in privacy and cybersecurity. In addition, one of our attorneys created a law school course on privacy, cybersecurity, and technology transactions and teaches that course as an Adjunct Professor of Law at Fordham Law School.

In the event that a data breach does occur, Barton will immediately connect clients to a team member who will assess the crisis and implement the proper measures, assemble the appropriate team of professionals to handle the situation, and begin the process of remediation. Our cybersecurity team can identify theft prevention, breach response, mitigation, and notification requirements for the states and countries whose laws and regulations apply to a data/security breach. Barton attorneys have had success defending actions and regulatory proceedings brought against clients as a result of breaches and unlawful disclosures of protected information, including those brought under U.S. laws such as the Computer Fraud and Abuse Act, the Defend Trade Secrets Act, the Electronic Communications Privacy Act, and HIPAA, as well as individual state and local consumer protection laws and regulations of agencies such as the Financial Industry Regulatory Authority (FINRA) and the New York Department of Financial Services (NYDFS).

Additional services include:

  • Guidance and counsel for the performance of Security Risk Assessments, including documentation of the Assessment pursuant to HIPAA, state laws, and GDPR.
  • Facilitation of work groups comprising the relevant compliance stakeholders (i.e., Marketing, Risk/Compliance, Legal, IT, Finance, Human Resources, and Business Owners) and in-house counsel for the drafting of privacy and security policies and procedures tailored to the client’s industry, business processes, and organization culture.
  • Preparation of training materials with regard to privacy, security, and social media policies and procedures, and delivery of training sessions (in formats such as classroom, on-line, or train-the-internal-trainers).
  • Preparation for and counsel with regard to audits (i.e., by state regulatory agencies and offices of the attorney general, F.D.A., Office of Civil Rights of the U.S. Department of Health and Human Services, etc.) with connection to financial information and healthcare information management and safeguards as well as social media protocols and activities.
  • Representation in regulatory proceedings or litigation that may arise from management of financial, healthcare, and other personal information and data protected by law, and with regard to social media activities.
  • Preparation of status assessment (“gap analysis” reports, which may be protected from disclosure by attorney-client privilege) with regard to existing information privacy and security practices and social media activities and initiatives, followed by recommendations to achieve and maintain compliance under applicable laws, rules, and regulations.
View all key contacts
Related News
Senior Counsel Ken Rashbaum Recognized in Legal 500 US Elite Rankings
First Things First: Understand Your AI Model in Order to Manage Its Legal Risks
What Is ‘Surveillance Pricing’ and How Is It Being Regulated?
View All Related News
All Practice Areas
Work in this Area

Cybersecurity, Data Privacy, GDPR Compliance

Close
Representative Matters

Represented a cybersecurity professional in a lawsuit against a former business partner in a start-up security firm. Tried the case and obtained a judgment awarding the client significant fraud damages, while the former partner was awarded only nominal damages for a breach of contract counterclaim. The judgment was affirmed on appeal.

Counseled multiple organizations—such as fashion studios, CPA firms, law firms, hospitals and technology and media companies—on cybersecurity attack investigations, breach response, and remediation initiatives.

Negotiated a contract for data collection on a global basis between a consultancy and one of the largest investment banks in the world, with a particular focus on international data transfer laws and regulations.

Has represented several multi-national organizations, providing counsel and advice on privacy and cybersecurity compliance pursuant to applicable laws and regulations including facilitation of security risk assessments; preparation of policies and procedures; and delivery and presentation of corporate training materials.

Represented an insurance broker with regard to federal and state claims concerning allegations of data misuse and theft and defeated motions to dismiss.

Prepared information security, privacy, and data preservation protocols and training for a five-hospital system in New York.

Advised a Boston academic hospital system on health data preservation protocols, prepared preservation policies, and conducted work force training on the protocols.

Represented a global media company in negotiation of service level and vendor agreements pursuant to the General Data Protection Regulation of the European Union (GDPR) and provided counsel in GDPR requirements and privacy/cybersecurity requirements of multiple U.S. states.

Served as a special consultant to the New Jersey Assembly assisting in the preparation of a bill that, if passed, would have become New Jersey’s first comprehensive privacy and cybersecurity law. Ken testified as a cybersecurity and privacy expert before the New Jersey Homeland Security and State Preparedness Committee.

Obtained a Temporary Restraining Order, and then a favorable settlement, on the client’s behalf, in a matter in which an insurance broker’s employees stole and transferred company data in an attempt to start a competing organization.

Has represented security consultancies, CPA firms, media companies, and life science organizations in the negotiation of service agreements with customers and vendors from multiple countries.

Represented an individual in litigation involving a title insurance company and an escrow agent alleging that cybersecurity and confidentiality deficiencies by the defendants led to an intrusion by a fraudster into communications for purchase of a home and resulted in a loss by the client to the fraudster of over $285,000.

Represented a family-owned real estate company regarding a data incident. Our role was to liaise with insurance carriers, secure and contract with a forensic investigator, lead the investigation and analyze the results to determine whether a breach had occurred while keeping the conversation privileged.

Delivered Grand (teaching) Rounds at three academic medical centers on patient safety, cybersecurity, and privacy risks in the design of electronic medical records systems.

Represented a major assisted living facility in a cybersecurity audit by the New York Department of Financial Services.

Provided FDA remediation training required by audit findings at biotech corporations with regard to record-keeping and manufacturing practices.

Provided counsel to healthcare IT app developers regarding solutions for secure, real-time sharing of medical information among providers.

Represented a New York City hospital system by leading an investigation into breach of patient information from five hospitals and disclosure onto five Internet search engines, while also coordinating breach response and reporting.

Barton LLP
Privacy Overview

Our website uses certain cookies to enhance site navigation, analyze website usage, and assist in marketing efforts that may collect your personal information. You can accept or reject these cookies.