Privacy and Cybersecurity

McGrath North partners with its clients to assist in the development and implementation of practical, tailored data privacy and cybersecurity plans. We evaluate applicable regulatory risks and impacts and assess flexible options available to our clients to help them achieve their strategic goals. While today’s privacy and cybersecurity world may be full of uncertainty, our clients rest assured that McGrath North has the capabilities to assist in ensuring each client is prepared.

McGrath North has significant experience in a broad range of matters involving privacy and cybersecurity challenges created by various federal, state and international laws including recently implemented state laws, including the California Consumer Privacy Act, California Privacy Rights Act, Nebraska Data Privacy Act, Iowa Consumer Data Protection Act, and the EU’s General Data Protection Regulations, as well as, the Federal Trade Commission Act, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Payment Card Industry Digital Security Standards, the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act and the Electronic Communications Privacy Act, the Telephone Consumer Protection Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act.

McGrath North’s experience in these areas includes:

• compliance program management and training, including preparing privacy policies, terms of use and opt-out procedures
• data breach response preparation, reaction and training
• cyber insurance policy review and guidance
• performance and assistance with impact assessments
• drafting and review of information technology agreements

McGrath North assists clients in evaluating the application of these federal, state and international laws to their business and updating internal policies and procedures in order to ensure maximum compliance. Additionally, McGrath North attorneys provide onsite counseling at client locations to conduct in-depth training and evaluate internal policies and procedures to maximize compliance with applicable legal requirements.

Privacy

Data Security Practices And Policies. McGrath North provides clients with real-world guidance from start to finish in formulating a data security compliance program. McGrath North assists clients with developing internal practices and policies to comply with the law and ensure an efficient data security and privacy response plan is in place. McGrath North can assist clients through a data impact assessment and a data mapping exercise to determine the current scope of a client’s data landscape to assist the client in structuring an appropriate compliance plan. McGrath North helps plan and participates in client cybersecurity readiness tabletop exercises, alongside outside information technology forensics experts, to assist clients in developing appropriate processes and procedures to address cybersecurity risks.

International Privacy Laws. Companies globally have been impacted by the enactment of international privacy laws like the General Data Protection Regulation (GDPR). McGrath North assists clients in assessing whether the client is governed by the GDPR or other international privacy laws and to what extent compliance is required. McGrath North will guide clients through the operational and legal compliance requirements of these laws and assist clients in developing internal policies and procedures and external agreements and responses to ensure the client satisfies all applicable legal requirements. McGrath North will work with clients to minimize operational impacts in an efficient manner to help a client streamline its data privacy procedures around an ever growing global regime.

State Privacy Laws. McGrath North is counseling clients affected by the recent passing of various state privacy laws. This involves addressing the challenging operational and legal compliance requirements imposed by these laws, including conducting due diligence review of the client’s data organization and structure, preparing gap analyses, assisting with data mapping and data impact assessments, developing remediation plans, and undertaking compliance projects, including updates to the client’s privacy disclosures. Each state law has unique components that McGrath North attorneys can assist clients to navigate through for recommended implementation and compliance considerations. McGrath North is assisting impacted clients  incorporate requirements into existing data privacy and security compliance programs and to help identify ongoing compliance requirements to allow clients to better address and incorporate changes under the current evolving data privacy landscape.

Health Insurance Portability and Accountability Act (HIPAA). Providers of medical or other services, providers of health care services and supplies, and entities that furnish, bill, or are paid for health care in the normal course of business are “Covered Entities” subject to HIPAA. Additionally, an employer-sponsored group health plan is subject to HIPAA as a “Covered Entity” because employee data maintained, used or disclosed for group health plan purposes generally constitutes Protected Health Information covered by HIPAA. Accordingly, health care providers and group health plans subject to HIPAA must ensure the confidentiality of Protected Health Information. McGrath North can provide day-to-day HIPAA compliance assistance, review and negotiate service agreements, analyze suspected and actual HIPAA breaches, draft and revise business associate agreements, implement required HIPAA policies and procedures, and conduct HIPAA training for all entities subject to HIPAA. Whether your company is a Covered Entity or a Business Associate, McGrath North can assist with all of your HIPAA compliance needs.

ERISA. Retirement and health plan participant data has more and more frequently become a target for hackers due to the lack of data security sophistication among plan administrators and their providers. McGrath North advises clients on best practices for data security with respect to participant data, assists in the creation of cybersecurity committees for 401(k) and health plan administration, and advises on data security provisions that should be included in service agreements with benefit plan providers.

Cybersecurity

Data Breach / Business Email Compromise (BEC) / Ransomware. McGrath North works with clients in connection with various federal and state reporting requirements implicated by inside and outside security incidents. McGrath North provides comprehensive assistance with information security breaches, including coordination of network intrusion investigations, customer notification, state and federal regulatory negotiations and discussions with payment card issuers, as well as public relations, call center and investor relations communications and training. Recent matters include:

• Multi-state state data breach reporting for numerous inside and outside security incidents.
• HIPAA data breach reporting for numerous inside and outside security incidents.
• Successful removal of business from email spam Blacklist.
• Resolution of an international ransomware attack which temporarily incapacitated a manufacturing business.
• The successful coordination with Federal Bureau of Investigation and the Internal Revenue Service involving an outside attack involving the tax reporting information of the target’s employees, which resulted in no fraudulent income tax returns being filed in the name of any of the employees.

Cyber Insurance. McGrath North advises clients throughout the cyber insurance application and/or renewal process as well as the claim process under existing cyber insurance policies.