As commerce and communications have become increasingly dependent upon computing, apps, big data, the internet of things, machine learning and public and private electronic networks, global businesses must understand and manage the risks and opportunities associated with data systems and data management. A complex web of evolving privacy and data security laws and regulations, including the GDPR, now affects corporate activities and business transactions throughout the world. Wood & Lee lawyers regularly advise the firm’s clients on matters of privacy and data security compliance, GDPR cross-border data flows in transactional and intra-company data flows, security breach responses and investigations, records retention and e-discovery programs, and the protection of proprietary corporate information assets.
Wood & Lee lawyers have extensive experience working closely with clients to address and reduce their cybersecurity and privacy risks and exposures. These risks affect organisations in every industry, including healthcare, financial institutions, retailers, utilities and manufacturers, among others. Wood & Lee’s Cybersecurity, Privacy and GDPR team offers enterprise-wide cybersecurity and data protection services to its clients. We counsel clients on:
- How to keep information and trade secrets secure.
- Privacy, data security and GDPR compliance assessments.
- Corporate information security policies.
- Data security breach prevention and response programs; breach investigations.
- Records retention and records management programs.
- Corporate employee policies for computer, IT systems and Internet use.
- Global employee and customer privacy compliance programs for multinational businesses.
- Cross-border data transfers in global transactions, including Mergers and acquisitions, outsourcing, restructuring and data centre consolidations.
- Privacy compliance in direct marketing and integrated advertising programs.
- Responding to government requests for corporate data.
- Policy advice to sovereign states concerning privacy laws.
- How to comply with the expanding array of legal, regulatory and contractual obligations.
- How to respond quickly and appropriately in the event of a suspected data breach.
- How to represent companies before regulatory agencies.
- How to defend against third-party claims and any litigation.
The first step in protecting data is identifying information on systems and evaluating its security. Wood & Lee can perform an initial risk assessment of sensitive data in a company’s network and environment. When necessary, we work with technical advisors to create an efficient process identifying any issues of compliance with industry or statutory requirements. This includes compliance with laws governing the collection, retention and security of such information – such as the GDPR – and any applicable requirements for disclosure of those business practices.
Our lawyers also conduct contract reviews and assist in due diligence of service providers to assess their cybersecurity compliance and ensure appropriate allocation of responsibility for data security and incident response. We take into account the specific needs of the company, as well as industry guidelines and governing law, to develop an individualised plan to satisfy the governing standards.
Preparedness is an essential aspect of minimising the costs presented by a data breach and the resulting damage to a company’s reputation and operations; it is also a regulatory and legal requirement in most industries. We regularly work with companies in developing an incident response plan, and in training the company and its employees in the implementation of that plan, including through table top exercises and other drills.
In the event of a data breach, your organisation must respond and follow a clearly defined plan. The decisions made immediately following a data breach can significantly impact future outcomes. While every breach has its own unique set of circumstances, our experience enables us to respond quickly and strategically. The Wood & Lee incident response team understands the critical importance of the response and can assist your organisation to quickly take the necessary steps when faced with a cybersecurity incident.
This is an era of rapidly expanding regulatory requirements for pre-breach cyber security and post-breach response, and for business practices involving the collection and use of consumer information. Companies in all industries who sustain a cyber-incident must demonstrate that they have responded to a breach promptly and effectively and are in compliance with applicable regulations and statutes (including the GDPR). They must also provide evidence of proper conduct in their pre-breach activities.
Our firm understands the costs a cyber-incident can present to your company. We can provide direction to not only protect your data, but also your reputation. When you need an effective solution to assist your organisation in preparing for or responding to the threat of a cyber-incident, call on the Wood & Lee cybersecurity, privacy and GDPR team.
Increasing globalisation of business requires comprehensive knowledge of the regional directives and local enabling laws concerning data management, transmission outside the host country and disclosure. Procedures and policies in these areas, and data protection agreements can assist clients in navigating the maze of often-conflicting international data protection and preservation norms.
Our lawyers assist clients in crafting appropriate policies and procedures so that they can prepare themselves, long before lawsuits arise, to quickly and easily comply with litigation discovery orders. We help our clients implement search and retrieval and discovery processes that provide a competitive edge in the earliest stages of litigation because, with our assistance, they have a detailed understanding of the applicable electronic discovery obligations and can enforce them against opponents.
Our lawyers counsel clients as how to best leverage their own human resources and legal professionals in the implementation of practicable policies to manage and secure sensitive employee information. Our advance-planning strategies, policy review services and drafting skills also help clients implement risk management protocols to minimise litigation risks and commensurate costs.
Our lawyers’ understanding of identity theft and privacy protection laws – and our watchdog approach to pending legislation – means clients should not be caught off guard. From policy review and drafting to training and, where necessary, trial representations, our services allow clients to remain confident that confidential data, whether about employees or customers, stays secure and that legal liability remains firmly at a distances.