key contact
related professionals
related practices
National Trial Practice National Class Actions Business Transactions EnergyHealth Care
Government Law and Consulting
Financial Services and Insurance Litigation Corporate
Consumer Finance and Banking
Discovery
Intellectual Property and Technology
related industries
Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email Joseph W. Swanson Of Counsel T: 813.229.4335 F: 813.229.4133 emailWe provide clients across industries with comprehensive counsel on complex,
evolving, and multifaceted issues related to information security and data breach. We blend our skills and experiences as litigators and transactional attorneys with a deep understanding of information security and data breach law to meet and anticipate our clients’ needs. Carlton Fields' team includes attorneys who have earned the
designation of Certified Information Privacy Professional (CIPP/US), as well as former federal cybersecurity prosecutors. They are active and hold leadership positions in data privacy and cybersecurity organizations, such as:
● International Association of Privacy Professionals (IAPP)
● The Sedona Conference Working Group on Data Security and Privacy Liability ● DRI - Data Management and Security Committee
● ABA - Privacy and Computer Crime Committee CLE Working Group ● ABA - Computer and Software Legislation Committee
● ABA - Electronic Filing Committee
● ABA - Internet Relationships and Cloud Computing Committee ● ABA - Section of Science & Technology Law
● The International Security Management Association
● ISACA (Information Systems Audit and Control Association)
Our services include:
Data Breach and Incident Response
● Help clients prepare for, and respond to, data breaches and the full range of
government investigations they may prompt
● Develop comprehensive incident response plans that address internal and external
actions
● Provide immediate support, via phone and email, for clients that learn of a possible
Development Commercial Finance Health Care
Insurance
Securities & Investment Companies
Technology
Telecommunications Consumer Finance and Banking
data breach and must act immediately to thwart potential liability
Policy Drafting and Implementation
● Draft data privacy and information security policies, procedures, and programs for
businesses of all sizes with both domestic and international operations
● Update existing client policies to meet evolving business challenges
Federal and State Privacy Laws
● Regularly assist clients with their obligations pursuant to laws including,
Gramm-Leach-Bliley, the Fair Credit Reporting Act, HIPAA, and HITECH
● Help clients navigate state breach notification laws
International Privacy Regulations and Global Policies
● Counsel clients on compliance with the safe harbor negotiated between U.S.
Department of Commerce and European Commission, which streamlines the method for U.S. companies to comply with the EU’s data protection directive
● Counsel clients on compliance with International Standards of Organization, the
internationally recognized best practices for personal data use, transmission, and storage
Employee Privacy Issues
● Advise employers on a wide range of privacy areas, including compliance with
federal and state regulations
● Counsel clients on compliance with the Fair Credit Reporting Act and analogous
state law regarding pre-employment background checks and post-hire investigations
Website and Social Networking Issues
● Help ensure client compliance with FTC and other regulations
● Assist clients with the wide-ranging issues that arise as a result of social media use
and an Internet presence, and help them develop related proactive policies and standards
Key matters
● Helped clients implement companywide privacy and security policies to ensure
protection of sensitive data such as patient information
● Helped clients that have experienced data breaches due to theft (e.g., stolen laptops
and servers) or accident (e.g., natural disasters, lost backup tapes)
● Defended clients being investigated by federal and/or state government agencies
subject to the federal HIPAA privacy and security regulations respond to
investigations by the U.S. Department of Health and Human Services’ Office for Civil Rights.)
resources and tools
Implications Of Internal Data Theft At Hospitals
Tips for preventing and handling data breaches by employees.
Resources
Hot Topics in Cyber Coverage [PODCAST]
Insurers face a potential double whammy when it comes to cybersecurity threats.
Phishing for Cybersecurity Coverage: When is a Fraud a "Computer Fraud"?
So when is a fraud a covered "computer fraud"? A look at the cases reveals the ways courts are struggling with this issue.
Client Alerts
SEC Continues to Focus on Cybersecurity Risks
Articles
9 Things Employees Should Do to Prevent Data Breaches
Employees should adopt "safe" practices to minimize their mistakes and help thwart criminals.
Resources
Cyber Caremark: Protecting Your Board from Shareholder Derivative Litigation After a Data Loss Event [PODCAST]
A company’s board of directors has an important oversight role in protecting its company’s assets and its shareholders’ interests in an environment of increasing cyber threats.
Cybersecurity as a Regulatory Issue: The NAIC Considers The Anthem Breach And Weighs a "Cybersecurity Bill of Rights"
A blog post on PropertyCasualtyFocus.
Secure Communications: How a Monthly Lunch Can Protect Your Company in a Data Breach
Internet Savvy Senior Lacks Standing to Bring Website Privacy Putative Class Claims Against AARP
A blog post on Classified: The Class Action Blog.
Seventh Circuit Petitioned for Rehearing En Banc to Determine Whether Data Breach Class Claims Survive Clapper, Satisfy Article III Standing Requirements
A blog post on Classified: The Class Action Blog.
Articles
A Firewall for the Boardroom: Best Practices to Insulate Directors and Officers From Derivative Lawsuits and Related Regulatory Actions Regarding Data Breaches
Articles
Checking in on Target’s Derivative Litigation: 18 Months Later, Directors Remain Stuck in the Checkout Line
Lessons for companies that want to learn from Target’s experience.
Articles
What Every Company’s Board Must Know About Cybersecurity Taking the right steps and asking the right questions is critical.
Articles
Spoofing Whales: How Companies Can Protect Their CEOs and CFOs from the "Business Email Compromise”
Innovative fraudsters borrow elements from targeting phishing scams.
Cyberclaim Coverage Denied: The TCPA Protects Privacy, Not Personally Identifiable Information
A blog post on PropertyCasualtyFocus.
Articles
Articles
Don’t Let Employee Trade Secret Thieves Turn the Table on You: Ten Tips for Minimizing Employment Liability
Seeking Clarity on SEC Disclosure Obligations Related to Cybersecurity
Cybersecurity Coverage Litigation: Learning to Survive After the Second Wave A blog post on PropertyCasualtyFocus.
Nevada Federal District Court Follows National Trend, Dismisses Data Breach Class Action for Lack of Standing
A blog post on Classified: The Class Action Blog.
Client Alerts
Florida Enacts Law Providing for Civil Remedy Against Cyber Fraud and Abuse A goal is to provide a remedy to businesses that suffer losses resulting from unauthorized access to computers.
Telematics and Usage-Based Insurance: Benefits, Challenges, and the Future A blog post on PropertyCasualtyFocus.
Data Breach Class Actions: Don’t Overlook Standing Defense Just Because Plaintiff Alleges Identity Theft
Target Reaches Preliminary Settlement in Consumer Data Breach Class Action A blog post on Classified: The Class Action Blog.
Threat of Identity Theft is Not Enough: Another Data Breach Class Action Dismissed for Lack of Standing
Expect Focus
Expect Focus - Volume I, Winter 2015
A quarterly review providing legal news and updates on important developments affecting the insurance, financial services, consumer finance, health care, and technology industries.
Client Alerts
New York's Banking Regulator Proposes Tougher Anti-Money Laundering and Cybersecurity Enforcement Rules
Federal regulation has not done the job.
Articles
A Different Kind of Data Breach—Loss or Disclosure of Company Information by Employee Theft
A data breach can be an “inside job.”
Cyber Risk as a Regulatory Issue: Tales of Encryption A blog post on PropertyCasualtyFocus.
No Harm, No Standing: Texas Federal Court Dismisses Data Breach Class Action A blog post on Classified: The Class Action Blog.
Cyber Risk as a Regulatory Issue: A Connecticut Regulator Shares Her Insights A blog post on PropertyCasualtyFocus.
Will 2015 Be The Year of the Data Breach Class Action?: Target Data Breach Claims Survive Motions to Dismiss
A blog post on Classified: The Class Action Blog.
Expect Focus
Expect Focus
Cybersecurity: Dig That Crazy Important Beat
The SEC and FINRA urge broker-dealers to assess their approaches to cybersecurity risk management.
Expect Focus
Standard CGL Policy Form Adds Data Breach Coverage Exclusion
Cyberspace Developments: Obama's Proposed Information-Sharing Bill
U.S. companies should get ready for increased oversight, regulation, and enforcement by the federal government on all cybersecurity and information management matters
Client Alerts
Consumer Financial Protection Bureau Attempts to Regulate Telecom
A recent action filed against wireless service provider Sprint suggests that the Consumer Financial Protection Bureau may be attempting to extend its reach beyond industries that offer consumer financial products and services. The alert below discusses this development.
news, events & publications
Events
How to Maintain the Health of Your Business: Prevent Data Security Issues and Learn About Laws that A ffect You
Contractors University
The Sedona Conference Working Group 11 on Data Security and Privacy Liability Annual Meeting
News
Insurers Must Be Prepared For Cybercrime Coverage Battles
Carlton Fields Attorney Bill Cheng Earns Certified Information Privacy Professional Designation
The Next Tsunami: Cybersecurity for Property and Casualty Insurers
NAIC Cybersecurity Task Force Weighs Credit Freezes
Rule Change Would Let Law Enforcement Access Computers Remotely Regardless of Location
Insurers Must Be Prepared For Cybercrime Coverage Battles
