Our global economy is a direct result of the digitalization of business and our ability to leverage data. This power has also created a potential for misuse of sensitive and personal data. Born of this potential, and actual misuse, regulatory agencies have unleashed a wide array of regulatory action worldwide, most recently with the General Data Protection Regulation (GDPR). These regulations vary by jurisdiction, and are complex. Through the mass adoption of websites, companies now can easily offer goods and services internationally. This makes implementing privacy policies to comply with the various jurisdictions’ regulations a complicated undertaking. The consequences of a misstep can be serious: heavy fines, injunctions, government audits, even criminal liability.
In our Privacy & Data Security practice, we take an interdisciplinary approach, partnering with experts in IT audit and cybersecurity to deliver specialized risk management services and to develop sophisticated internal and external privacy policies.
We also work with penetration testing and intrusion detection experts to facilitate turn key white hat hacking of medical devices. Best practice is for both the organization requesting a security audit and the auditor represented by legal counsel. Doing so provides the organization an opportunity to protect the audit and its results with attorney-client privilege and under the attorney work product doctrine.