McGrath North partners with its clients to assist in the development and implementation of practical, tailored data privacy and cybersecurity plans. We evaluate applicable regulatory risks and impacts and assess flexible options available to our clients to help them achieve their strategic goals. While today’s privacy and cybersecurity world may be full of uncertainty, our clients rest assured that McGrath North has the capabilities to assist in ensuring each client is prepared.
McGrath North has significant experience in a broad range of matters involving privacy and cybersecurity challenges created by various federal, state and international laws including the recently implemented California Consumer Privacy Act and the EU’s General Data Protection Regulations, as well as, the Federal Trade Commission Act, the, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Payment Card Industry Digital Security Standards, the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act and the Electronic Communications Privacy Act, the Telephone Consumer Protection Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act.
McGrath North’s experience in these areas includes:
- compliance program management and training, including preparing privacy policies, terms of use and opt-out procedures
- data breach response preparation, reaction and training
- cyber insurance policy review and guidance
- performance and assistance with impact assessments
- drafting and review of information technology agreements
McGrath North assists clients in evaluating the application of these federal, state and international laws to their business and updating internal policies and procedures in order to ensure maximum compliance. Additionally, McGrath North attorneys provide onsite counseling at client locations to conduct in-depth training and evaluate internal policies and procedures to maximize compliance with applicable legal requirements.
Privacy
Data Security Practices And Policies. McGrath North provides clients with real-world guidance from start to finish in formulating a data security compliance program. McGrath North assists clients with developing internal practices and policies to comply with the law and ensure an efficient data security and privacy response plan is in place. McGrath North can assist clients through a data impact assessment and a data mapping exercise to determine the current scope of a client’s data landscape to assist the client in structuring an appropriate compliance plan. McGrath North helps plan and participates in client cybersecurity readiness tabletop exercises, alongside outside information technology forensics experts, to assist clients in developing appropriate processes and procedures to address cybersecurity risks.
General Data Protection Regulation (GDPR). The GDPR went into effect on May 25, 2018. Companies globally have been impacted, and various supervisory authorities in Europe have been issuing hefty fines for noncompliance. McGrath North assists clients in assessing whether the client is governed by the GDPR and to what extent compliance is required. McGrath North will guide clients through the operational and legal compliance requirements of the GDPR and assist clients in developing internal policies and procedures and external agreements and responses to ensure the client satisfies all applicable legal requirements. McGrath North will work with clients to minimize operational impacts in an efficient manner to help a client streamline its data privacy procedures around an ever growing global regime.
California Consumer Privacy Act (CCPA). McGrath North is counseling clients affected by the recent passing of the CCPA, and the October 2019 CCPA Proposed Regulations issued by the California Attorney General’s Office. This involves addressing the challenging operational and legal compliance requirements imposed by the CCPA that became effective on January 1, 2020, including conducting due diligence review of the client’s data organization and structure, preparing gap analyses, assisting with data mapping and data impact assessments, developing remediation plans, and undertaking compliance projects, including updates to the client’s privacy disclosures. McGrath North is assisting clients who are impacted by the CCPA to incorporate the CCPA requirements into existing data privacy and security compliance programs and to help identify ongoing compliance requirements to allow clients to better address and incorporate changes under the current evolving data privacy landscape.
Health Insurance Portability and Accountability Act (HIPAA). Providers of medical or other services, providers of health care services and supplies, and entities that furnish, bill, or are paid for health care in the normal course of business are “Covered Entities” subject to HIPAA. Additionally, an employer-sponsored group health plan is subject to HIPAA as a “Covered Entity” because employee data maintained, used or disclosed for group health plan purposes generally constitutes Protected Health Information covered by HIPAA. Accordingly, health care providers and group health plans subject to HIPAA must ensure the confidentiality of Protected Health Information. McGrath North can provide day-to-day HIPAA compliance assistance, review and negotiate service agreements, analyze suspected and actual HIPAA breaches, draft and revise business associate agreements, implement required HIPAA policies and procedures, and conduct HIPAA training for all entities subject to HIPAA. Whether your company is a Covered Entity or a Business Associate, McGrath North can assist with all of your HIPAA compliance needs.
ERISA. Retirement and health plan participant data has more and more frequently become a target for hackers due to the lack of data security sophistication among plan administrators and their providers. McGrath North advises clients on best practices for data security with respect to participant data, assists in the creation of cybersecurity committees for 401(k) and health plan administration, and advises on data security provisions that should be included in service agreements with benefit plan providers.
Cybersecurity
Data Breach / Ransomware. McGrath North works with clients in connection with various federal and state reporting requirements implicated by inside and outside security incidents. McGrath North provides comprehensive assistance with information security breaches, including coordination of network intrusion investigations, customer notification, state and federal regulatory negotiations and discussions with payment card issuers, as well as public relations, call center and investor relations communications and training. Recent matters include:
- Multi-state state data breach reporting for numerous inside and outside security incidents.
- HIPAA data breach reporting for numerous inside and outside security incidents.
- Successful removal of business from email spam Blacklist.
- Resolution of an international ransomware attack which temporarily incapacitated a manufacturing business.
- The successful coordination with Federal Bureau of Investigation and the Internal Revenue Service involving an outside attack involving the tax reporting information of the target’s employees, which resulted in no fraudulent income tax returns being filed in the name of any of the employees.
Cyber Insurance. McGrath North advises clients throughout the cyber insurance application and/or renewal process as well as the claim process under existing cyber insurance policies.
Information Technology Agreements. McGrath North advises clients through each step of the negotiating process when entering into a new information technology agreement. McGrath North can assist in review and diligence of a new technology provider, as well as assessment of the satisfaction of required legal and operational requirements for new and current providers. McGrath North attorneys understand what’s market and use practical guidance to ensure clients satisfy goals while achieving maximum value. McGrath North also represents information technology providers and assists in the development of technology compliance programs and form provider agreements to allow our provider clients to achieve their objectives. Whether the IT engagement is for a customized platform to operate company-wide or the obtainment of new technology products to integrate into an existing infrastructure, McGrath North has the experience to provide efficient and effective negotiation and drafting assistance.
Clint D. Cadwallader
Attorney
Chair, Intellectual Property GroupPhone
(402) 633-6870ccadwallader@mcgrathnorth.com
Micah Q. Carlson
AttorneyPhone (402) 633-1444mcarlson@mcgrathnorth.com
Tom Kelley
AttorneyPhone (402) 633-9549tkelley@mcgrathnorth.com
Daniel E. Kemp
AttorneyPhone (402) 633-1535dkemp@mcgrathnorth.com
Rachel C. Meyer
AttorneyPhone (402) 633-6882rmeyer@mcgrathnorth.com
Stacey A. Shadden
Attorney, Chair, Business and Corporate GroupPhone (402) 633-9591sshadden@mcgrathnorth.com