Phillips Lytle’s Data Security & Privacy Team assists clients – from startups to established international businesses – in developing prevention tactics, responding to incidents and carrying out legally and economically sound post-incident plans.

Compliance and Emerging Technologies

  • Review information technology and incident response policies for legal compliance and completeness based upon knowledge gained from our extensive involvement in responding to numerous data security incidents.
  • Test policies through customized tabletop exercises.
  • Monitor news and legal/regulatory developments and provide updates to clients through alerts, articles and training sessions, e.g., GDRP, DFS Cybersecurity Regulation, HIPAA.
  • Analyze third-party vendor contracts and audits of those vendors.
  • Leaders in working with clients addressing emerging technologies and practices, such as blockchain.

Incident Response

We have substantial experience in responding to large- and small-scale data incidents, including cyberattacks, ransomware, fraudulent EFTs, data theft and errors. Our firm’s 24/7 crisis response phone line connects clients facing a data incident (or any urgent matter) to an attorney who will rapidly coordinate an incident response and deploy our incident response team. We then swiftly engage tested technology teams to help mitigate business, legal and financial risk to get our clients’ businesses back up and running as soon as possible. Our substantial understanding of this area also ensures that our clients will have experienced counsel engaging with government agencies and customers, or advising our clients how they can do so effectively.

Post-Incident Activities

We have represented numerous clients in reporting data security incidents globally, responding to government inquiries, notifying potentially impacted customers and representing corporate clients in federal and state litigation concerning data security incidents and third-party vendor matters.