For over 20 years, the members of our Van Berings’ Data Privacy and Cybersecurity Team has added value to Clients by assisting them in navigating the rapidly changing privacy and technology landscapes to minimize their legal risk, and helping them enhance their business opportunities.
From counselling with respect to the Client’s cyber incident response plan, to mobilize a data breach response, or conduct a privacy audit of the Client’s vendors, we have the capabilities necessary to provide companies with tailored or full-service primary advice, and maintain the continuity of their operations amidst evolving cyber-threats and a complex regulatory landscape.
Well conscious that a cyber- or privacy-related development can expand to encompass a number of other significant legal issues, our Van Berings’ Data Privacy and Cybersecurity Team works seamlessly with attorneys in our White Collar Defense & Investigations, Regulatory, Corporate Litigation and Employment Litigation practices to address subsequent risks such as government or regulatory inquiries, shareholder, consumer or employee class action litigation, trade secrets theft, and funding or financial issues.
Van Berings maintains excellent and long-lasting working relationships with insurance carriers and brokers, public relations and communications firms, and other cyber-first responders and forensic experts, so that our Clients can rely on a “Legal Firewall” to immediately and comprehensively access all of the resources necessary to swiftly manage and resolve any cyber- or privacy-related crisis situation.
Backed by all of these resources, our Van Berings’ Data Privacy and Cybersecurity Team routinely advises Clients to:
- Develop cybersecurity and privacy Incident Response Plans;
- Draft privacy and data protection policies;
- Investigate potential acquisitions and revise privacy policies for newly-acquired companies;
- Counsel on legal compliance with domestic and international data protection laws, including the EU Data Protection and Telecommunications Privacy Directives;
- Advise on cybersecurity insurance issues;
- Draft and negotiate vendor contractors and information use and distribution agreements;
- Conduct privacy audits of companies and of third party vendors;
- Negotiate cloud-computing agreements;
- Address data protection issues in the context of outsourced arrangements, including global HR databases;
- Mitigate reputational damage;
- Develop employee training and compliance programs;
- Compliance with email and telemarketing regulations;
- Conduct internal investigations on privacy and foreign corruption practices related issues;
- Advise on specific EU data protection issues;
- Counsel on data protection issues arising out of use of social media platforms;
- Create strategies for international data transfers, including Binding Corporate Rules, Safe Harbour Clauses, and Model Clauses.
Global Privacy Policies
Increasing innovative mining and analytic tools have boosted companies’ attitude to find innovative ways to monetize the huge amounts of information about their customers that are available to them, thus drawing the close attention of regulators, government officials and employees’ or consumers. Companies that do not have robust privacy compliance programs are facing increased legal exposure.
Many of our Clients use and distribute data across multiple geographic regions and across multiple device types. We counsel clients on establishing and maintaining global privacy policies that are customized to the requirements of each single country. Our Van Berings’ Data Privacy and Cybersecurity Team closely works with Clients to understand and comply with cross-border data flow requirements in a manner that is best suited for their business needs.
With respect to data transfer out of the EU, we advise clients on Model Contracts and Binding Corporate Rules, and assist clients with certifying to the EU-U.S. Privacy Shield as well as with respect to the new requirements on companies accessing the data of EU residents, which will go into effect in 2018 under the EU General Data Protection Regulation (GDPR). Our
Van Berings’ Data Privacy and Cybersecurity Team works closely with clients to design compliance programs so that they are prepared to meet the GDPR requirements.
Privacy Audits and Compliance Programs
Van Berings’ Data Privacy and Cybersecurity Team also conducts data privacy compliance audits helping the Clients eliminate potential areas of liability, and engenders a culture of vigilance with respect to privacy compliance.
As part of our privacy audits we:
- ensure the client collects and utilizes personally identifiable information in a manner that complies with applicable legal requirements as well as statements it has made to customers and employees;
- ensure the company is in compliance with any data use restrictions imposed by third parties, including social media platforms;
- establish internal processes and create policies to ensure that personally identifiable information is always used in a manner that complies with applicable legal requirements and external and internal disclosures;
- establish a data map of how information is collected, used, managed, stored and distributed internally and externally that can be updated and monitored on a regular basis;
- establish ongoing training and monitoring programs; and
- review and/or create all necessary policies and procedures.
The members of our Van Berings’ Cybersecurity Rapid Response Team are ready (24 – 7 - 365) to respond to urgent advice, investigations and defence needs in case of prosecution or enforcement at a moment’s notice, and manage the potential civil and criminal consequences involved. To enter in direct contact with the head of our Cybersecurity Rapid Response Team please click here.