Privacy & Cybersecurity

Examples of our recent work include:

• Advised a commercial manufacturer that had experienced several cyberattacks. We managed the overall approach to incident response including containment, remediation, indicators of compromise, legal obligations, management-level briefings, and public relations related issues. We also led an overall cyber maturity assessment for the organization and provide ongoing cyber advice to the client.
• Advised an employee screening company that had experienced a cyberattack. We managed the overall approach to incident response arising from a cyberattack, including containment, remediation, indicators of compromise, legal obligations, management-level briefings, public relations and related issues.

• Assisted a US-based global manufacturer of electronic instruments and electromechanical devices with more than 220 manufacturing sites worldwide to bring its EU operations into GDPR compliance. Our team developed a GDPR compliance program to support the processing of HR-related personal data in the US, in a centralized manner.

• Advised a US multinational engineering and construction company on a global privacy project that involved assessing the client’s flows of personal data across its global operations—spanning more than 50 countries in Europe, Asia, North America, Latin America, the Middle East, and Africa—and designing and implementing a compliance program to ensure the lawful cross-border transfer of the data.
• Advised a multinational corporation in the memory technology industry on a global data protection project that involved auditing the company’s collection, use, transfer, disclosure, and retention of human resources data among its operations throughout Asia, Europe, North and Latin America, and the Middle East, and formulating a strategy to ensure the company’s lawful cross-border transfer of that data.
• Conducted a security breach analysis for a major health plan, which involved an extensive investigation, HIPAA risk analysis, and state database security breach analysis involving a short-term computer system vulnerability that was not exploited and was ultimately determined not to be a breach under applicable laws.
• Advised a client who had experienced a HIPAA privacy breach by a third-party administrator with regard to mitigating the damage and documenting the breach in an investigative report, as well as represented the company with regard to the third-party administrator’s breach of the business associate agreement. The incident resulted in an employee filing a privacy complaint with Health and Human Services/Office of Civil Rights, which the client was able to close with no penalties by producing the investigation report and other documentation prepared by Seyfarth’s Privacy & Security team.
• Negotiated and completed the outsourcing agreements for a financial services company for offshore vendors to provide business process services, including the security and privacy of customer financial and other protected information.

• Aided multiple clients in maturing their cyber programs through a variety of methods including maturity assessments, red team penetration, audits, table top exercises and other activities.

• Managed the investigation and response and dealt with issues arising from a systems comprise for a client that experienced a systems breach by a former IT employee.

• Developed scenarios and managed attacks for a client that desired to extensively test their systems through sophisticated red team activities, simulating attackers of varying skills sets.

• Represented a HR services and technology client in its $426 million CDN acquisition of a leading global EAP and wellness provider. The deal included a significant data protection component due to the target company's industry and jurisdiction (Canada), which has strong data protection laws.