Practice Areas: Data Privacy and Security

In today's integrated, technology based market, every company deals with data privacy and security concerns. The loss of proprietary and confidential information can be devastating for any company, big or small. The loss of consumer data can result in federal and state enforcement actions as well as class action litigation. But, aside from the legal activity, data privacy and security breaches can result in the loss of consumer trust. The loss of corporate data--such as design schematics, customer lists, and source code--can result in similarly costly, while perhaps less public, consequences.

At Melnik Legal we work with companies on a proactive basis to address privacy and security concerns by helping companies put in the proper processes to monitor and audit internal networks, systems, and compliance processes. We also help companies to train their employees so that they too understand the legal framework involving privacy protections.

But, as anyone who works with people and technology knows, breaches are inevitable. Most breaches are not intentional, but result from a simple oversight. At Melnik Legal, we help companies navigate the federal and state regulatory environment surrounding data breach notification laws, we review cyberliability insurance policies, and we advise on remediation efforts.

For more details, see Representative Matters.
  • Compliance with industry standards, including NIST and OMB standards and guidelines for information security, SAS 70, and others
  • Data Breaches
    • Incident Response and Federal and State Breach Notification Laws
    • Healthcare Industry
    • Financial Services
    • Education
  • Contracts and External Policies
    • Privacy Policy Development (websites, social media, and mobile devices)
    • Terms of Service and Terms of Use Development
    • Employee and Vendor Confidentiality Agreements
    • Employee Non-Compete Agreements
  • Internal Policy Development and Employee Training
    • Data Encryption Policies
    • Confidentiality and Employee Monitoring Policies
    • Social Media Policies
    • Breach Reporting and Notification Policies
  • Transactions Impacting Privacy
    • Data Sales
    • Data Aggregation, Data Analytics, and Big Data Processing Services
    • Development of Consumer Tracking Technologies (e.g., mobile app tracking)
  • Data Destruction and Disposal Laws
  • Financial Privacy and Security Laws
    • State Law Requirements, including laws governing social security numbers, driver's license, and other personally identifiable information
    • Gramm-Leach-Bliley Act (GLBA)
    • Collection Practices
  • Healthcare
    • Business Associate Agreements
    • HIPAA and HITECH Compliance
    • Electronic Healthcare/Medical Records
    • Personal Healthcare Record Systems
    • Health Information and PHI Management
    • eHIM Best Practices
    • Notice of Privacy Practices
  • Insurance
    • Cyberliability Insurance Policies
    • Privacy Liability Insurance
    • Network Security Liability Insurance
    • Cybercrime Coverage

Related Presentations
  • Bring Your Own Device: Policy Drafting and Best Practices Within The Legal Framework, Co-Speaker, SecureWorld Expo - Detroit, Oct. 3, 2012.
  • Executive Officer Leadership Summit of the National Council of State Boards of Nursing on various issues including, general privacy and legal issues with social media as they impacting nursing, and  social media implementation and related concerns, Co-Speaker, June 19, 2012.
  • Data Breaches: Physician Practice vs. Business Associate (Who Is Responsible?), Missouri MGMA Webinar, March 27, 2012.
Related Blog Posts