At Barton, we utilize our experience with the flows of information in business and professional settings to assist clients in understanding and complying with the various laws and standards that regulate the collection, use, sharing, and protection of personal data. We work with our clients to facilitate their implementation of current legal and regulatory standards and best practices when it comes to records management and information governance.
We assist our clients with fulfilling pertinent U.S. federal and state privacy and information management requirements and international data protection laws, including the security and data safeguard requirements of all countries in which the client does business or has facilities. In light of the EU’S recently effective General Data Protection Regulation (GDPR), which impacts most U.S. organizations, and the growing number of U.S. state privacy and cybersecurity laws and regulations, it is crucial for businesses dealing with sensitive and protected data to become and remain compliant with these new laws, regulations, and industry best practices.
Barton attorneys conduct compliance, risk, and management assessment audits, including preparation of data flow maps; create legal and regulatory frameworks for defensible policies and information security procedures; and prepare and deliver training materials to be used in conjunction with workforce training on privacy and information security protocols. In addition, our privacy and cybersecurity team can vet technical vendors (including IT forensics and related experts) and can negotiate and draft service agreements with customers, vendors, and other business partners who access and use protected data. The team can also, across a wide spectrum of industry verticals, prepare privacy and cybersecurity law due diligence questions for acquirers and prepare responses to such questions on behalf of target organizations.
Barton attorneys have also advised the New Jersey State Assembly on privacy and cybersecurity legislation and have testified before legislative committees as experts in privacy and cybersecurity. In addition, one of our attorneys created a law school course on privacy, cybersecurity, and technology transactions and teaches that course as an Adjunct Professor of Law at Fordham Law School.
In the event that a data breach does occur, Barton will immediately connect clients to a team member who will assess the crisis and implement the proper measures, assemble the appropriate team of professionals to handle the situation, and begin the process of remediation. Our cybersecurity team can identify theft prevention, breach response, mitigation, and notification requirements for the states and countries whose laws and regulations apply to a data/security breach. Barton attorneys have had success defending actions and regulatory proceedings brought against clients as a result of breaches and unlawful disclosures of protected information, including those brought under U.S. laws such as the Computer Fraud and Abuse Act, the Defend Trade Secrets Act, the Electronic Communications Privacy Act, and HIPAA, as well as individual state and local consumer protection laws and regulations of agencies such as the Financial Industry Regulatory Authority (FINRA) and the New York Department of Financial Services (NYDFS).
Additional services include:
- Guidance and counsel for the performance of Security Risk Assessments, including documentation of the Assessment pursuant to HIPAA, state laws, and GDPR.
- Facilitation of work groups comprising the relevant compliance stakeholders (i.e., Marketing, Risk/Compliance, Legal, IT, Finance, Human Resources, and Business Owners) and in-house counsel for the drafting of privacy and security policies and procedures tailored to the client’s industry, business processes, and organization culture.
- Preparation of training materials with regard to privacy, security, and social media policies and procedures, and delivery of training sessions (in formats such as classroom, on-line, or train-the-internal-trainers).
- Preparation for and counsel with regard to audits (i.e., by state regulatory agencies and offices of the attorney general, F.D.A., Office of Civil Rights of the U.S. Department of Health and Human Services, etc.) with connection to financial information and healthcare information management and safeguards as well as social media protocols and activities.
- Representation in regulatory proceedings or litigation that may arise from management of financial, healthcare, and other personal information and data protected by law, and with regard to social media activities.
- Preparation of status assessment (“gap analysis” reports, which may be protected from disclosure by attorney-client privilege) with regard to existing information privacy and security practices and social media activities and initiatives, followed by recommendations to achieve and maintain compliance under applicable laws, rules, and regulations.