Privacy and Cybersecurity Solutions Group
To address their privacy and cybersecurity risks in today’s complex environment, companies need both sophisticated legal counsel and seamless delivery of services. Our Solutions Group works hand in hand with the firm’s Privacy and Cybersecurity practice to perform those services that are inherently operational in nature, such as assessments, programmatic enhancement, and development and practical support and guidance for implementation of regulatory requirements and industry common practices.
Sophisticated Solutions, Seamless Delivery
We help clients address a wide range of the most significant issues faced by most companies in the U.S. and internationally. As the privacy and cybersecurity landscape changes throughout the world, we adapt our tried-and-true methodologies, templates and tools to pivot with these changes. Our capabilities include:
- Regulatory and Program Assessment: providing companies with a clear understanding of where their programs are today in terms of compliance and compared to peer companies.
- Remediation Planning and Roadmap Development: creating and implementing a plan, based on priority, risk and ease of implementation, to address identified gaps and to strengthen their programs.
- Privacy Program Enhancement and Development: providing on-the-ground support, including document development, process improvement and implementation of procedures and tools to help mature privacy and cybersecurity programs.
- Data and Vendor Management: helping clients to manage their data, as well as their vendors and third parties, utilizing tools such as custom data mapping techniques that provide companies with a view of their data flows across the enterprise.
- Cybersecurity Incident Response: providing immediate support in the wake of cybersecurity incidents, as well as creating custom incident response plans and conducting tabletop exercises focused on real-life risk scenarios.
- GDPR Compliance Assessments. We have worked with companies for the past several years to assess existing data privacy and cybersecurity practices against GDPR requirements to identify where additional enhancements and improvements can be made to further their compliance posture. Please see our GDPR Compliance Check document for additional details.
- CCPA Compliance Assessments. The broadened definitions of “personal information” and “sale” under CCPA have forced companies to re-evaluate how their data handling practices are defined. We have worked with companies across multiple industries to assess the applicability and impact of CCPA on their operations and to implement or enhance privacy compliance programs. Please see our CCPA Compliance Check and CPRA guidance for additional details.
- HIPAA Compliance Assessments. We review and assesses the current compliance posture of companies that function as covered entities, hybrid covered entities, and business associates against the requirements of the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule. Based upon stakeholder interviews and review of our client’s current HIPAA documentation, we create a gap assessment that notes the areas where additional company policies or procedures are required in order to ensure compliance with HIPAA. We work with our clients to address any issues and to develop policies and procedures.
- Security Assessments and Support Services. We have worked with clients to assess their information security programs against various recognized frameworks, including NIST, ISO 27001, and CIS. Where requested, the Solutions Group can also provide virtual CISO services. Please see our Information Security Requirements Implementation and Virtual CISO Support document for additional details.
- Other Compliance Assessments. We have also conducted assessments with clients related to other data protection laws, including the Illinois Biometric Information Privacy Act (BIPA), the Children’s Online Privacy Protection Act (COPPA), and the NYDFS Cybersecurity Rule, and against established privacy frameworks such as the Generally Accepted Privacy Principles.
- Remediation Roadmap Development. Based on the compliance gap assessment, we can provide you with a prioritized, risk‑based guide for remediating those identified gaps. We also can provide guidance on program governance and oversight, including defining roles and responsibilities, outlining available and recommended tools and technologies, and assessing resource recommendations for implementation and program management.
- Global Privacy Framework Implementation. The Solutions Group has extensive experience in the implementation of global privacy and cybersecurity programs. Where necessary, we work with clients to enhance current internal policies and procedures to meet the requirements of current data protection laws and regulations. We also create new documentation to further privacy and cybersecurity compliance efforts. We work side-by-side with our clients to ensure a thorough understanding of the overall business needs to help develop Privacy and Cybersecurity Trainings and to assist in the selection and integration of appropriate Privacy and Cybersecurity Tools and Technologies.
- Privacy Program Governance and Management. We can provide day-to-day consulting support to your privacy program, including support in managing ad-hoc privacy questions and issues.
- Data Mapping. We are experienced at creating detailed data maps based on your company’s documents and data collection, storage, sharing, and destruction practices. When necessary, we also collaborate with experienced technical firms to provide support for implementation and operationalization of data mapping tools.
- Data Subject Access Requests. Managing data subject privacy requests under varying privacy regimes requires a thorough understanding of the regulatory requirements, as well as streamlined processes, and complete awareness of data processing and storage practices. The Solutions Group has assisted multiple clients in documenting and implementing such processes, as well as provides ongoing ad-hoc support for addressing data subject requests.Please see our Consumer and Data Access Request Support document for additional details.
- Data Breach Response. The Solutions Group has extensive experience in helping clients across several industries manage the post-mortem analysis and response to a data breach. The group can quickly identify reporting obligations and has assisted in managing regulator communications and breach notification requirements. Please see our Data Breach and Incident Response Support document for additional details.
- Tabletop Exercises. We create custom tabletop exercises that we walk through with our clients to help them understand how they would respond to a reality-based threat on their systems and data. These are conducted over a few hours or up to a full day and allows our clients’ key stakeholders to gain insight into incident response in a safe environment that ultimately helps them to prepare for future threats.