Information Security Compliance and Data Breach Response

In an age in which technology advances daily, it is essential to keep up with the growing volume of industry, legal and regulatory safeguards for electronic information.  We can assist in this endeavor in a way that will demonstrate compliance with the laws and regulations pertaining to information security while leveraging these requirements into cost-beneficial business practices.

Businesses, and professional organizations such as health care providers, create, collect, maintain and disclose personally identifiable information and other protected data on a daily basis. As such, regardless of the size of the business or professional practice, there are laws that pertain to how the organization maintains and uses its data and numerous responsibilities under state, federal and, in the case of multinational entities, laws of several nations.

Security concerns are also business concerns. Companies have a responsibility to shareholders and customers to safeguard proprietary, or confidential and trade secret information, and the adverse publicity that can follow a data breach can have a profound effect on business reputation and goodwill.

Rashbaum Associates, LLC has deep experience in providing counsel on the laws and regulations concerning the security of personal and other protected electronic information, facilitating the development, implementation of information security initiatives and workforce training on security policies and procedures and data breach contingency response programs, with notifications and coordination of criminal and civil responses following a data breach.

We utilize our experience in the flows of information in business and professional settings to assist clients in understanding and complying with the various laws and standards that regulate the collection, use, sharing and protection of personal data, as well as records management and information governance.

Rashbaum Associates, LLC provides the following counseling and litigation services:

• Compliance counsel who identify and assist in meeting all U.S. federal and state privacy and information management requirements and international data protection laws, as well as the security and data safeguard requirements of other nations in which the organization does business or has facilities.
• Compliance, risk, and management assessment audits including preparation of data flow maps, legal and regulatory framework for defensible policies and information security policies and procedures, and preparation of training materials and delivery of workforce training on those protocols.
• Identification of theft prevention, breach response, mitigation, and notification requirements for the states and countries whose laws and regulations may apply to a breach.
• Vetting of technical vendors, including IT forensics and related experts, and preparation and review of service level agreements.
• Guidance and counsel for the performance of HIPAA Security Risk Assessments, including documentation of the Assessment required by HIPAA and HITECH
• Data Breach Response Hotline that immediately connects clients to a team member who will assess the crisis and implement measures, assemble the appropriate team of professionals to handle the situation, and begin the process of remediation of a security breach.
• Defense of actions and regulatory proceedings brought against business and professional organizations and practices as a result of breaches, including those brought under federal laws such as Gramm–Leach–Bliley Act, Computer Fraud and Abuse Act and HIPAA, as well as individual state and local consumer protection laws.
• Prosecution on behalf of businesses for claims of damages caused by security breaches, including actions filed under the Computer Fraud and Abuse Act and state laws.
• Facilitation of dispute resolution and management of consumer concerns.
• Counsel on post-breach remediation measures to help protect against future security breaches.
• Preparation of information security risk management tools, and review and assessment of current insurance coverage with cyber-risk