Cyber Law and Data Protection

The Cybersecurity and Data Privacy group is comprised of a multidisciplinary team of highly qualified lawyers with intimate knowledge of the insurance industry and experienced in compliance, corporate governance, first and third-party coverage, and litigation. 

Insurance carriers long have turned to White and Williams for advice. For cybersecurity and data privacy, it is no different. Our attorneys bring a deep breadth of experience in the insurance industry, and advise insurance carriers in a wide array of matters from compliance and corporate governance to first-party and third-party coverage matters, and litigation.

Compliance with Data Security and Privacy Laws and Regulations (Pre-Breach Services)

If your company has data, it's a target. Depending upon the industry, your company likely has legal requirements to develop and implement an adequate data security program to safeguard the confidentiality, integrity and availability of information and your company’s information systems. Data security programs include written policies and procedures, documented employee training, vendor oversight, and sometimes personal certification of compliance with a cybersecurity law or regulation by a C-Suite officer. 

White and Williams assists clients with developing and implementing comprehensive data security and privacy programs to meet their legal needs under growing state and federal data protection laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HI-TECH Act), the Gramm-Leach-Bliley Act (GLBA), and the New York Department of Financial Services cyber regulations. We also help clients comply with the EU’s General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA). Our lawyers help clients draft policies and procedures, including incident response plans, respond to requests for certification of compliance from regulators and business partners, conduct training and tabletop exercises, and establish third-party vendor management programs.

Mergers, Acquisitions, and Corporation Disclosures

An entity’s cybersecurity health is critical to its value in the context of a merger or sale. A prior cybersecurity incident or lax safeguards that fail to mitigate risk represent significant potential liability (and decreased value). White and Williams helps clients conduct the required and critical due diligence to assess and evaluate cybersecurity policies, programs, and incidents, whether they are the subject of a potential sale and looking for fair value, or to provide an evaluation of risks a client may inherit through a transaction. Our lawyers also review technology contracts and transactions to strengthen our client's interests and protection.

Cybersecurity Incident Response and Notification

When an organization sustains a suspected cybersecurity incident they are required by law (or sometimes by contract, or both) to undertake a prompt investigation and provide notification of the incident in a short period of time. Sometimes, a company's notification window is a mere 72 hours after knowledge of the event. White and Williams provides clients with critical crisis management to investigate and respond to cybersecurity incidents. From ransomware to data breaches, our lawyers work with forensic investigators to determine the “who, what, why and how” of an incident. We help companies with coordinated public relations efforts, potential interactions with law enforcement, and determination of required third-party notifications to consumers, business partners, regulators, State Attorneys General, and others.

Litigation

A dispute involving a cybersecurity incident can devolve into litigation, whether a business-to-business lawsuit or a data breach class action. White and Williams represents corporations in a wide variety of business sectors in litigation in state and federal courts across the country. The firm’s approach to complex litigation matters is to staff them with senior litigators who assemble efficient teams of attorneys.

Insurance

Insurance carriers long have turned to White and Williams for first-party and third-party coverage matters. For cyber liability, it is no different. Our lawyers provide exposure analysis and litigate complex coverage matters for cybersecurity incidents, from data breaches and business email compromises (BECs) to wrongful collection and use of personal identifiable information (PII), media liability, and e-surveillance. Our lawyers regularly write and lecture on insurance law, including on cyber and privacy insurance, and assist with policy drafting. White and Williams also offers in-house instruction and continuing education courses to insurance claims professionals on cyber liability and coverage issues.