Hahn Loeser’s Data Privacy Team takes a hands-on, comprehensive approach to handling data and privacy risks. We help clients foresee potential threats and work to put necessary protections in place before a breach occurs. Hahn Loeser provides strategic counseling to companies developing or updating their data privacy policies. We also help organizations provide employee training on data privacy best practices.
As compliance rules continue to evolve, we provide practical, actionable advice on the patchwork of US and global requirements governing data privacy, particularly the California Consumer Privacy Act (CCPA), Illinois Biometric Privacy Information Act (BIPA), Personal Information Protection and Electronic Documents Act (PIPEDA), EU General Data Protection Regulation (GDPR), and other leading regulatory standards. We conduct ongoing preparedness reviews to evaluate safeguards and work to ensure that specific regulatory requirements are met in extremely sensitive areas such as international data transfers and government contracting.
Our dedicated team includes patent lawyers and former professional engineers with hands-on experience in computer programming, networks, and infrastructure. This insight positions us at the forefront of data privacy law which allows us to work with clients from both legal and technological perspectives, helping to proactively identify potential vulnerabilities and respond accordingly. Our team also includes seasoned trial and appellate advocates with wide-ranging experience in complex commercial litigation, investigations, and compliance.
We have worked with clients on these initiatives:
Draft Data Privacy Addenda and Agreements: Develop templates for data privacy addenda, review and negotiate data privacy agreements with third parties.
Develop and Implement Data Protection Policies and Procedures: Assist in creating guidelines and policies for how data should be stored, handled, and shared including implementing clear, enforced policies regarding encryption, and secure file sharing.
Risk Assessments & Audits: Conducting routine, comprehensive audits of digital security, including hardware and software to identify vulnerabilities.
Technical Security Controls: Enforcing MFA for all applications, using strong password management, securing remote access via VPNs and keeping all systems’ security patches up-to-date.
Training and Education: Create and implement training for staff regarding data protection policies and legal requirements, including changing legislation and best practices regarding data protection.
Incident Response Plan: A documented, tested plan for detecting, responding to, and recovering from breaches, including protocols for notifying clients and regulators.
Vendor Management: Reviewing the security practices of third-party vendors, including cloud storage providers, to ensure client data is protected throughout the supply chain.
Insurance & Compliance: Maintaining appropriate cyber liability insurance and ensuring compliance with state, federal and international regulations.
