Cybersecurity & Data Privacy

Our Cybersecurity & Data Privacy team helps businesses protect sensitive data, manage cyber risk, and comply with evolving privacy regulations. We advise clients on building data governance policies, structuring vendor agreements, and preparing for cybersecurity threats in line with industry best practices and legal requirements.

We support compliance with a range of federal, state, and international laws, including GDPR, CCPA, HIPAA, and other sector-specific regulations. Our attorneys assist with drafting privacy policies, data use terms, breach response protocols, and cybersecurity frameworks tailored to each organization’s operational needs.

When incidents occur, we guide clients through breach response, regulatory notifications, internal investigations, and communications strategies to limit exposure and ensure legal compliance. We also work closely with IT and risk management teams to review incident readiness and conduct tabletop exercises and audits.

Whether you’re mitigating regulatory risk, responding to a breach, or building a scalable privacy program, we provide practical, forward-thinking legal counsel that protects your data, reputation, and business operations.

Related Services

Data Privacy and Cybersecurity Assessments

Based on the NIST Privacy Framework and the NIST Cybersecurity Framework, we have a four-step process that helps you determine where your Data Privacy Program currently excels and where it needs work. Our “Four Steps to Improved Privacy Practices” include:
  • Identify your data
  • Create a reasonable improvement plan
  • Identify your legal requirements
  • Identify your deficiencies

Written Information Security Plan Development

Based on best practices from multiple Data Privacy Frameworks, we have the ability to generate, one, some, or all of you Policies and Procedures regarding Data Privacy and Cybersecurity, including:

  • Data Privacy General Provisions
  • Data Protection Officer Policy
  • Risk Analysis and Management Policy
  • Sanctions Policy
  • Asset Management Policy
  • Hardware and Software Acquisition Policy
  • Information Access Management Policy
  • Education, Training and Awareness Policy
  • Acceptable Use Policy
  • Endpoint, Email & Web Browser Protection Policy
  • Network Security Policy
  • Physical Security Policy
  • Privacy and Security Incident Policy
  • Business Continuity Plan
  • Evaluation Policy
  • Log Management, Vulnerability Scanning and Penetration Testing Policy
  • Back-Ups and Disaster Recovery Plan
  • Workstation Administration Policy
  • Patch Management Policy
  • Change Management Policy
  • Data Encryption and Key Management Policy
  • Bring Your Own Device (BYOD) Policy
  • Configuration Standards Policy
  • Remote Access Management Policy
  • Sensitive Data Management Policy
  • Document Retention and Destruction Policy

Outsourced Data Privacy Officer

Having a plan is great. Having Policies and Procedures are also great. But who is keeping their eye on things to make sure the house stays in order? Our premier service, our Outsourced Data Privacy Officer service, includes:

  • Continuous Assessments
  • Improvement Plan Development and Continuous Revisions
  • Initial Drafting of Policy and Procedure Reviews plus periodic Review and Revisions
  • Assistance Completing Vendor Assessments
  • Assistance in Selecting Cyber Insurance
  • Assistance in Security Solution Selection
  • Security Vendor Management

Experienced Attorneys

  • David J. Myers

Partner

  • Akron

Press Releases

Are you in compliance with the California Consumer Privacy Act (CCPA)?

  • Buckingham
  • May 16, 2019
  • 2 mins, 3 secs

The CCPA is a landmark consumer privacy law that requires significant changes for businesses, including those operating online, [...]

Read more

CYBERSECURITY AND DATA BREACHES: YOU MUST TAKE STEPS NOW TO AVOID PERSONAL AND COMPANY LOSS

  • Buckingham
  • February 22, 2019
  • 4 mins, 32 secs

Unfortunately, no industry or business is immune from data security events. Nearly every business collects some form of [...]

Read more

Client Alert – Cybersecurity “Safe Harbor” in Ohio for Data Breach Lawsuits

  • Buckingham
  • October 3, 2018
  • 0 mins, 48 secs

Ohio’s new Data Protection Act will help safeguard businesses from legal action if they meet industry-recognized standards in [...]

Read more