Greg Fliszar, a member of Cozen O’Connor’s Health Law practice group, discusses the increased use of ransomware against U.S. hospitals by cyber extortionists. More
Cozen O’Connor was an early leader in the field of electronic information management and hosts a fully integrated, multidisciplinary Privacy, Data & Cybersecurity group. Drawing on skilled attorneys from numerous practice areas, including labor & employment, government affairs, insurance, energy, health care, intellectual property and corporate, we serve clients in a wide range of industries such as technology, retail, health care, energy and utilities, insurance, financial services, manufacturing, and media and entertainment. Cozen O’Connor provides comprehensive counseling, regulatory, transactional and litigation services.
Much of our work in this realm focuses on problem prevention — advising on policies and procedures to avert data loss, creating effective compliance regimes, negotiating privacy-wise corporate transactions and collaborations, developing risk management strategies, and drafting cyber security insurance and indemnity agreements. But we also decisively address problems as they arise — advocating for clients before government officials, providing crisis management services in the event of data loss or cyber attack, and representing clients in all manner of privacy and data security litigation.
Prescient Business Counsel
As privacy, data and cybersecurity laws evolve and regulators continue to bolster enforcement, companies must achieve compliance with an enduring set of rules and regulations. Cozen O’Connor counsels clients regarding the full range of corporate information governance policies and procedures: bring-your-own-device rules; social media and email policies; technology usage and information flow; data storage and document retention; intellectual property and trade secret protection; privacy and publicity rights safeguards; and breach-prevention systems. Unlike technology consultants, Cozen O’Connor is able to provide these services under the umbrella of attorney-client privilege, a feature that many clients value.
Our attorneys also bring their deep understanding of privacy, data and cybersecurity issues to bear when negotiating major corporate transactions, including mergers, acquisitions and sales, and when helping clients draft outsourcing and service agreements with third parties. We design commercial software and end-user licensing and anti-sourcing agreements, arrange technology transfers, and form joint ventures partnerships, including the sharing of proprietary technology and information for collaborative development.
As a long-time leader in the insurance bar, Cozen O’Connor helps policyholders and insurers design practical loss prevention and risk management strategies and avoid or minimize financial and reputational injury. We draft first- and third-party privacy policies and endorsements, negotiate insurance policy terms and protections, and draft indemnity agreements to protect against loss of commercial or personal data. We are also able to design cyber/technology policies tailored to specific industries, a practice we anticipate will grow in coming years.
Tenacious Advocacy and Defense
There is a loud and continuous drumbeat for more and different legislation regarding personal data privacy and electronic information security. An important aspect of the work done by Cozen O’Connor’s Privacy, Data & Cybersecurity team is monitoring potential changes in state and federal policy and representing clients before regulators and legislators. Cozen O’Connor’s Washington D.C.-based Public Strategies group advocates for corporate clients with a clear stake in the outcome of these regulatory and legislative decisions and helps ensure client voices are heard.
In the event of data loss, systems breach, or cyber attack, the firm’s multidisciplinary team of attorneys and government affairs professionals is fully prepared to mount a successful and immediate response. We design a comprehensive strategy to conduct forensic and recovery operations, send out necessary notifications, arrange for customer outreach and data monitoring, communicate directly with data security and privacy regulators, and help shield clients from liability. We also represent clients in all types of privacy and data-related litigation, from alleged HIPAA violations and consumer class actions to employment trade secrets litigation and financial fraud claims.
While all businesses must follow state and federal guidelines regarding data security, privacy protection and proper electronic records management, a handful of industries, because of the nature of their work, are subject to various additional requirements. Health care and energy are among the largest of those industries. Cozen O’Connor’s Privacy, Data & Cybersecurity team includes practitioners who focus exclusively on serving health and energy clients, which means they have a detailed knowledge of industry operations and how state and federal privacy laws apply.
Cozen O’Connor represents health care providers (health systems, hospitals, hospices, mental health providers, physician groups), group health plans and business associates in a full range of HIPAA/HITECH matters. Particularly since the issuance of the much anticipated HIPAA/HITECH Omnibus Final Rule in January 2013, which made significant changes to the HIPAA regulations, health care clients need counsel with health care expertise. We develop compliance programs, review and draft contracts with business associates and subcontractors, represent clients in enforcement actions by the Office of Civil Rights, and train staff in how to abide by ever-changing policies and procedures.
Energy and utilities companies are also facing major changes to their privacy, data security and cyber defense protocols as the federal government focuses on keeping the country’s critical infrastructure safe from disruption. Cozen O’Connor’s nationally known energy and utilities attorneys operate on the cutting edge of energy, privacy and technology law and are well positioned to help energy and utilities clients mount an effective response. We were among the first law firms to write publicly about the “Improving Critical Infrastructure Cybersecurity” executive order released in February 2013 and have the capacity to advise clients who own or operate critical infrastructure assets on compliance with the new framework.
Cozen O’Connor Privacy, Data & Cybersecurity attorneys understand that legal solutions must fit the business context. Therefore, we help achieve compliance by designing policies and procedures that suit each client’s unique culture, business model and operational norms. Our job is not to generate binders full of accurate but unworkable recommendations that collect dust on a shelf. Our job is to help clients understand the full scope of the risks, opportunities, and options they face in the privacy and data security arena and to help design practical information governance strategies.
Counsel corporate clients on information governance policies and procedures, including bring-your-own-device rules; social media, email and other employment related policies; technology usage and information flow; data storage and document retention; intellectual property and trade secret protection; privacy and publicity rights safeguards; and breach-prevention systems
Negotiate privacy aspects of corporate transactions, including mergers, acquisitions, sales, outsourcing and service agreements, commercial software and end-user licensing deals, technology transfers, and joint ventures and other partnership agreements, including the sharing of proprietary technology and information for collaborative development
Draft first- and third-party privacy policies and endorsements, negotiate cyber/technology insurance policy terms and protections, and draft indemnity agreements to protect against loss of commercial or personal data
Monitor potential changes in state and federal policy on privacy, data security and cyber security
Advocate on behalf of clients before regulators and legislators
Provide crisis management services in the event of data loss, systems breach or cyber attack
Represent clients in all types of privacy and data-related litigation
Offer industry-specific privacy counsel to clients in the health care and energy and utilities sectors