Cybersecurity & Data Privacy
The Burgher Gray Cybersecurity & Data Privacy team understands information protection from the inside out. Data privacy compliance and risk mitigation start from within an organization, being informed by its IT infrastructure and regulatory mandates. The lawyers at Burgher Gray have spent decades developing financial services and insurance companies’ complex, global cyber risk, incident preparedness and data privacy management programs. Our experience includes data compliance and reporting, supplying C-suite support, and conducting training programs, investigations, forensics and litigation related to data breaches and regulatory enforcement.
Today, preparedness requires that an enterprise marry its cybersecurity and data protection models in a way that allows for sustainable, efficient and thorough compliance. Burgher Gray’s experienced team has led initiatives for multinationals surrounding legal compliance with US National Institute of Standards and Technology (NIST) and EU data privacy mandates, including global controller/processer agreements and obtaining Privacy Shield and other safe harbors. With the new, ongoing NYS’ Department of Financial Services (DFS) new cybersecurity, and the upcoming EU’s General Data Protection Regulation (GDPR) deadlines, we bring clear analysis and problem-solving to these new, intricate requirements. For our clients regulated by the NYS DFS cybersecurity law, we offer legal assessments, policy and procedure drafting, C-suite support and employee training. For our clients regulated by the GDPR, Burgher Gray offers the same services, including as well, privacy impact assessment (PIA) and data privacy impact assessment (DPIA) support and data privacy officer (DPO) outsourcing. Lastly, for those who are impacted by both NIST-based requirements, like those generated by the SEC/FINRA, FTC or the NYS DFS, plus GDPR, working with your IT and security teams, Burgher Gray is uniquely equipped to create programs that address both of these regulatory regimes, with an eye towards proper and scalable compliance.