Cybersecurity and data privacy are global issues that affect nearly all companies, governments and other entities. The costs of a data breach or other cybersecurity event can be devastating, and thus protecting organizations from a breach has become the responsibility of senior executives and directors. In today’s world, it is critical that every company implement appropriate safeguards and best practices to protect data and minimize risks. The failure to follow proper cybersecurity and data privacy protocols can expose an organization to significant liability.

Carter Ledyard’s Cybersecurity and Data Privacy Group helps clients to better understand the ever-changing landscape of cybersecurity and data protection threats and how to best address those threats. We counsel clients on a wide variety of cybersecurity and data privacy issues, including:

  • Development of cybersecurity, data protection, and privacy policies;
  • Compliance counseling;
  • Corporate governance;
  • Data protection and breach prevention;
  • Risk assessment and management, and mitigation strategies;
  • Incident response planning;
  • Incident response execution and related investigations;
  • Third-party vendor assessment and management;
  • Cybersecurity insurance assessment; and
  • Litigation

Our team brings expertise from across numerous practice areas, including litigation, intellectual property, corporate transactions and financial services regulations. This diversity of experience enables the Cybersecurity and Data Privacy Group to provide clients with well-rounded advice on developing, strengthening, testing, and enforcing their information protection policies and procedures. The Group has advised for-profit and not-for-profit clients of various sizes, from small firms and start-ups with limited resources to middle market firms and large public companies.

Carter Ledyard helps clients navigate the myriad of state, federal and international cybersecurity and data protection regulations and guidelines, including:

  • The European Union’s General Data Protection Regulation (GDPR);
  • The New York State Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies;
  • Sarbanes-Oxley (SOX) Act;
  • The Gramm-Leach-Blilely Act (GLBA);
  • FINRA’s Report on Cybersecurity Practices for broker-dealers;
  • SEC Regulation S-P;
  • SEC Risk Alerts on Cybersecurity Examination Sweep Summary and Observations from Cybersecurity Exams;
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework for Improving Critical Infrastructure;
  • Federal Financial Institutions Examination Council’s (FFIEC’s) Cybersecurity Assessment Tool and Guidelines;
  • The Federal Reserve Board, Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency’s Proposed Rulemaking on Enhanced Cyber Risk Management Standards;
  • The Fair Credit Reporting Act (FCRA);
  • The Electronic Communications Privacy Act (ECPA);
  • The Stored Communications Act (SCA);
  • The Computer Fraud and Abuse Act (CFAA); and
  • The Health Insurance Portability and Accountability Act (HIPAA)
  • The California Consumer Privacy Act (CCPA)

Our attorneys have helped numerous clients develop cybersecurity and data privacy programs and manage related challenges, including:

  • Conducted a cybersecurity assessment and developed cybersecurity policies and procedures, an incident response plan, and vendor due diligence protocol for a FinTech company;
  • Advised international organizations on GDPR compliance;
  • Advised an industrial conglomerate in connection with a data breach resulting in the theft of a domain name and website, which involved a forensic investigation, litigation, and related strategies to recover the domain name;
  • Analyzed conflicting U.S. and foreign regulations regarding data and employee privacy for a global financial firm engaged in private banking, asset management, and investment banking;
  • Drafted a GDPR-compliant privacy policy and terms of use for a not-for-profit membership corporation with members in the U.S. and abroad;
  • Assisted a not-for-profit organization in developing a standard certification of cybersecurity best practices to be included in its third-party contracts; and
  • Responded to a regulatory inquiry on behalf of a broker-dealer in connection with a cyber attack, and reviewed the client’s cybersecurity policies, procedures, and incident response plan.

Return to Mark R. Zancolli's Bio »

Group Members:

© Copyright 2020 Carter Ledyard & Milburn LLP