Crowell & Moring represents clients that have experienced security breaches involving personal information, trade secrets, and other proprietary information. We are on the ground from the initial internal investigation stage through the notification, government enforcement, and class action stages. Despite the prevalence of data incidents today, particularly cyber intrusions, a data infiltration is not necessarily a catastrophe for a business. Rather, proper crisis management, timely remedial action, accurate assessments of harm, and, if necessary, individual and governmental notifications can salvage, or at least mitigate, a breach crisis. We handle all aspects of breach response including:
- Assisting with the legal/business decision whether to notify given the facts, and if so, the extent of notification required; we have developed detailed outlines and spreadsheets of the various requirements of and nuances between the many state security breach laws to make this a quick and effective process.
- Drafting notifications to individuals and regulators.
- Preparing statements for external sources, e.g., media and law enforcement.
- Assisting with communications to other required agencies, such as consumer reporting agencies.
- Preparing statements, e-mail notices, and personalized correspondence with employees affected by security incidents.
- Advising clients on both legal requirements and best practices with respect to post-incident assistance to those affected (e.g., credit monitoring, insurance, etc.).
- Defending against state and federal regulatory investigations.
- Defending against state attorneys general lawsuits.
- Defending individual and class action lawsuits arising from data and privacy breaches.
- Responding to individual complaints regarding privacy and data security.
- Conducting postmortem analysis of breach to enhance cybersecurity and corporate compliance programs to safeguard data against future security breaches.
View More