DATA SECURITY, PRIVACY + GOVERNANCE

The BurgherGray Data Security, Privacy & Governance team understands information protection from the inside out.  Data privacy compliance and risk mitigation start from within an organization, being informed by its IT infrastructure and regulatory mandates.  The attorneys at BurgherGray have spent decades developing financial services and insurance companies’ complex, global cyber risk, incident preparedness and privacy management programs.  Our experience includes data compliance and reporting, supplying C-suite support, and conducting training programs, investigations, forensics and litigation related to data breaches and regulatory enforcement.

For clients we advise and negotiate in the areas global information governance and privacy compliance, vendor and partner standards, breach notification, data rights and protection, encryption and ethical hacking, data processing agreements, spam, spyware and computer-crime issues.  We also advise public corporations, retailers, financial services firms, and other consumer-facing companies with respect to the implementation of preventive measures, as well as remedial measures after enforcement action has already been instituted.

Today, preparedness requires that an enterprise marry its cybersecurity and data protection models in a way that allows for sustainable, efficient and thorough compliance.  BurgherGray’s experienced team has led initiatives for multinationals surrounding legal compliance with US National Institute of Standards and Technology (NIST) and EU data privacy mandates, including global controller/processer agreements and obtaining Privacy Shield and other safe harbors.  With the new cybersecurity regulations from the NYS Department of Financial Services (DFS), and EU’s General Data Protection Regulation (GDPR) deadlines, we bring clear analysis and problem solving to these new, intricate requirements.

For our clients regulated by the NYS DFS cybersecurity law, we offer legal assessments, policy and procedure drafting, C-suite support and employee training.  For our clients regulated by the GDPR, BurgherGray offers the same services, as well as privacy impact assessment (PIA) and data privacy impact assessment (DPIA) support and data privacy officer (DPO) outsourcing.  Lastly, for those who are impacted by both NIST-based requirements, like those generated by the SEC/FINRA, FTC or the NYS DFS, plus GDPR, BurgherGray is uniquely equipped to create programs alongisde IT and security teams that address both of these regulatory regimes, with an eye towards proper and scalable compliance.

Pin It on Pinterest

Share This