information SecUrity
 data Protection
         Across the online services spectrum, anywhere personal information —  nancial, health, human resources, online behavioral data, private user communications and images — are stored or processed, they are likely to be covered by a myriad of overlapping and occasionally contradictory legal requirements. Do you have to retain data for a certain period, or are you required by law to delete it? Can you collect and monetize location data? We develop consumer-facing and internal privacy policies that can bring your company into compliance with applicable laws and help you keep pace with developing industry standards. Speci cally, we help our clients with:
– Compliance with the EU Data Protection Directive, US-EU Safe Harbor, HIPPA, COPPA, Gramm-Leach
Bliley, FCRA, FTC Rulings and Consent Decrees, and compliance with other federal, state, and international privacy laws.
– Development of privacy policies that articulate corporate practices in a way that satis es legal requirements and meets industry best practice guidance for plain language and transparency.
– Internal mechanisms to facilitate the transfer of data to af liates, foreign data storage locations, service providers, partners, and advertisers.
– Internal reviews and checklists for determining compliance with regulatory requirements.
– Contract provisions regarding data protection requirements.
– Compliance plans for speci c types of sensitive data, including data related to children, health or other sensitive areas.
– Employee training.
If you collect data in any part of your business, you increasingly face  nancial and regulatory pressures to protect it. Threats come from all directions -- disgruntled employees, accidental losses of laptops, organized
crime syndicates and underground hacker groups. The cost of a security breach is signi cant. You could lose intellectual property or trade secrets, sensitive consumer data, customers’ trust and con dence. Running afoul
of regulators and privacy watchdog groups is just as perilous to your bottom line.
ZwillGen attorneys have been advising clients on security issues for years. Our team has diverse experience working on these issues in roles such as a NSA Cryptographer, an information security consultant, cybercrime prosecutors and in house attorneys. We have attorneys who double as Certi ed Information Systems Security Professionals (CISSPs). They know how to get and give the answers your security staff or contractors need if a security breach occurs and prepare you for your worst case scenarios.
Our attorneys are ready to help:
– Advise on security breach investigations, user requirements and defend resulting regulatory inquiries and civil litigation.
– Conduct information security assessments.
– Develop and implement policies and procedures to minimize vulnerabilities, including incident response plans, data breach noti cation procedures, record retention and related policies.
– Advise on the security requirements of the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA), Gramm-Leach Bliley (GLB), the Fair Credit Reporting Act (FCRA), state and local security breach noti cation laws, and other U.S. state, federal and international security requirements.
– Perform information security due diligence for corporate acquisitions or equity investments.
  Practices continued
5