Cybersecurity and Privacy
Cybersecurity and privacy risks and the exposures they present are one of the top concerns for companies in every industry. Essential to every business is the ability to protect its data and to have uninterrupted use of its networks. The Sedgwick Cybersecurity & Privacy Group is a multi-disciplinary group of attorneys with extensive experience working closely with clients to address and reduce their cybersecurity and privacy risks and exposures. These risks affect organizations in every industry, including healthcare, financial institutions, retailers, utilities and manufacturers, among others.
Being prepared to identify and address these risks to operations is essential for businesses. Such risks include:
- Loss of personally identifiable information of customers and employees
- Theft of business and trade secrets, and other intellectual property
- Attacks on networks and operating systems and resulting business disruption
- Challenges to business practices involving collection and usage of information about customers and the disclosure of those practices
- Risks to data security emerging from service providers and business partners
- Vulnerabilities presented by the growing interconnectedness of businesses and the devices they use in their operations
Sedgwick’s Cybersecurity & Privacy Group offers enterprise-wide cybersecurity and data protection services to its clients. We counsel clients on how to:
- Keep information secure
- Develop information security plans, incident response procedures and employee training programs
- Comply with the expanding array of legal, regulatory and contractual obligations
- Respond quickly and appropriately in the event of a suspected data breach
- Represent companies before state and federal regulatory agencies
- Defend against third-party claims and any litigation that arises
Assessing and Managing the Risks
The first step in protecting data is identifying information on systems and evaluating its security. Sedgwick can perform an initial risk assessment of sensitive data in a company’s network and environment. When necessary, we work with technical advisors to create an efficient and cost-effective process identifying any issues of compliance with industry or statutory requirements. This includes compliance with laws governing the collection, retention and security of such information, and any applicable requirements for disclosure of those business practices.
Our attorneys also conduct contract reviews and assist in due diligence of service providers to assess their cybersecurity compliance and ensure appropriate allocation of responsibility for data security and incident response. We take into account the specific needs of the company, as well as industry guidelines and governing law, to develop an individualized plan to satisfy the governing standards.
Preparing for a Data Breach or Other Cyber Incident
Preparedness is an essential aspect of minimizing the costs presented by a data breach and the resulting damage to a company’s reputation and operations; it is also a regulatory and legal requirement in most industries. We regularly work with companies in developing an incident response plan, and in training the company and its employees in the implementation of that plan, including through table top exercises and other drills.
Responding to a Data Breach with the Sedgwick Incident Response Team
In the event of a data breach, your organization must respond and follow a clearly defined plan. The decisions made immediately following a data breach can significantly impact future outcomes. While every breach has its own unique set of circumstances, our experience enables us to respond quickly and strategically. The Sedgwick Incident Response Team understands the critical importance of the response and can assist your organization to quickly take the necessary steps when faced with a cybersecurity incident.
Complying with Regulatory Requirements
This is an era of rapidly expanding regulatory requirements for pre-breach cyber security and post-breach response, and for business practices involving the collection and use of consumer information. Companies in all industries who sustain a cyber incident must demonstrate that they have responded to a breach promptly and effectively, consistent with governing agency guidelines, and are in compliance with applicable regulations and statutes. They must also provide evidence of proper conduct in their pre-breach activities.
Defense and Litigation by the Sedgwick Litigation Team
Our Cyber & Privacy Litigation Team offers exceptional experience in defending consumer class actions and individual lawsuits asserting violations of rights to privacy and unfair trade practices. These frequently arise when a large data breach occurs or a company’s business practices in the collection and usage of consumer information are challenged. The Sedgwick team includes a deep bench of highly skilled and experienced trial, class action and regulatory attorneys who have an extensive background in multi-jurisdictional litigation and industry regulatory investigations. Our trial attorneys have successfully defended consumer class action claims and individual claims alleging data security and privacy violations, as well as various state consumer fraud and unfair business practice statutes.
Sedgwick has been approved by numerous insurers to represent their policyholders in breach response and in litigation arising from cybersecurity incidents. Because of our extensive knowledge of the insurance industry as well as of cyber risks, we also have worked with insurers in the developing and handling their cyber insurance programs.
Our firm understands the costs a cyber incident can present to your company. We can provide direction to not only protect your data, but also your reputation. When you need a cost-effective solution to assist your organization in preparing for or responding to the threat of a cyber incident, call on the Sedgwick Cybersecurity & Privacy Group.