Cybersecurity and Data Privacy

Cybersecurity and Data Privacy
Alternate image for Cybersecurity and Data Privacy

For most law firms, cybersecurity and data privacy is a relatively new service area that has emerged in the 21st Century.

But because of our long history in the financial services industry, McGlinchey Stafford attorneys have been practicing in this arena for decades, often pioneering the best practices to deal with the cybersecurity and data privacy issues that manifest at the crossroads of law and business.

In addition to our extensive tenure in this field of law, we also bring a depth and breadth of knowledge to our practice. We draw attorneys from across our many disciplines to help clients develop a comprehensive approach to compliance with data privacy and network security laws, including mandatory documentation and the best strategies to avoid or mitigate risks. Our group consists of members of the firm’s Intellectual Property, Labor & Employment, Consumer Financial Services Compliance, Government and Internal Investigations, and Commercial Litigation groups.

This multidisciplinary teamwork enhances our ability to help clients comply with applicable regulatory obligations, and prevent and respond to data breaches. Through our collaborative efforts, we fully understand the ins and outs of the statutory framework that affects our clients’ businesses – both the nuances of the myriad rules and regulations, and the big-picture legal ramifications.

One attribute that especially distinguishes us is our deep experience in many different industries. While our attorneys may not fully know what a new client’s exact system looks like, we have a very good idea of how most systems operate, who’s accessing what system, and what information various systems contain. Consequently, we know a lot about the client before we start asking questions – and we ask a lot of questions, the right ones that quickly and efficiently unearth the answers we need to deliver practical strategies and solutions within their budget.

Furthermore, when we deliver that service, we match our communication style and content with what the clients want – some prefer detailed-oriented responses with citations and explanations and others prefer a clear, concise summary. We can do both and anything in between.

Our attorneys offer clients many services, some of which include:

  • We develop proactive policies, process management, and practices, including evaluating which state, federal, and foreign laws may apply, and best practices to avoid or mitigate data breaches and exposure for violation of applicable consumer privacy rights.
  • We draft incident response plans, written information security programs (WISP), training programs, confidentiality agreements, and document retention and employee policies.
  • We counsel clients about cybersecurity insurance coverage.
  • We manage data breach response, including crisis management.
  • We address potential liability for company officers and directors.
  • We assist clients with third-party vendor management.
  • We conduct internal investigations within client organizations.
  • We litigate the myriad, complex direct and derivative actions that can stem from a data breach.

Our Cybersecurity & Data Privacy team has particular experience counseling companies and financial institutions in the following areas:

  • We represent a wide range of providers and business enterprises (including life science and data management companies) on mandated state and federal compliance obligations and related mandated documentation.
  • We navigate potential breach events and evaluate whether installed security measures have avoided a reportable breach event, or if breach notification is mandated under state or federal laws.
  • We evaluate evolving complexities triggered by broader circulation of health data related to employment, growing integration of genetic/genomic data, and harmonizing compliance solutions with state and federal legal obligations triggered by variable data types.
  • Negotiating and drafting mission-critical cloud service and other data processing agreements taking into account critical data security, privacy regulatory compliance, insurance, and risk mitigation on behalf of our clients.

Our service extends to these areas:

FinTech

  • We represent companies and marketplace lenders offering alternative lending and payment solutions. 
  • We provide legal compliance advice on virtually all types of issues FinTech companies face, including evaluating existing compliance programs, establishing data storage and sharing protocol, and assessing organizations’ risk of data breaches and cyberattacks.
  • We counsel in response to cyberattacks and data breaches, from communications with customers and stakeholders to litigation arising from these types of incidents.

Consumer Privacy & Notifications

  • We draft policies and procedures that establish the permissible use, disclosure, and disposal of consumers’ personally identifiable information, including consumer report information.
  • We develop notices to provide financial privacy disclosures required by the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), California Financial Information Privacy Act (CFIPA), and other applicable state privacy laws.
  • We produce service agreements that restrict service providers’ use and disclosure of consumer information and that establish requirements for keeping consumer information secure, require reporting any breach in the security of the system, and require destroying or returning consumer information.
  • We provide breach notifications to individuals affected by security breaches as required by state law, as well as providing related notifications to consumer reporting agencies and state enforcement agencies.

Website Compliance & Online Transactions

  • We develop website terms of use and online privacy policies to mitigate risk of federal and state trade practice claims, and to comply with California and other state laws regarding online privacy.
  • We review the online borrower experience in executing electronic loan documents or applying for loans or credit, as well as reviewing applicable documents.
  • We draft opinion letters on the enforceability of electronic records and signatures for consumer credit transactions, including E-SIGN compliance.
  • We help ensure compliance with the Uniform Electronic Transactions Act (UETA) and other laws governing the retention of paper records, such as checks and electronic signatures, and maintaining documentation of online activity, such as loans.
  • We handle compliance issues related to Automated Clearing House (ACH) transactions and the National Automated Clearing House Association (NACHA), wire transfer, and Regulation E, as well as other electronic payment issues and statutes.
  • We conduct state licensing analysis governing online lenders, entities purchasing loans from originating lenders, online loan brokers, and lead generators.

Lending Programs, Contracts, & Joint Marketing Agreements

  • We advise FinTech lenders on the creation of multistate lending programs.
  • We set up bank partnership models and draft loan agreements.
  • We develop joint marketing agreements with other institutions to market a jointly endorsed or sponsored financial product.
  • We write computer software licensing and service agreements.
  • We draft credit card processing contracts.
  • We help craft and implement vendor management programs, including ongoing audits.
  • We assist clients with state licensing, particularly in helping FinTech startups with compliance and 50-state licensing.

Intellectual Property

  • We handle all aspects of software patent applications, such as those on novel encrypted payment methods, investment models, and bond trading platforms, as well as IP portfolio development, management and enforcement.
  • We provide counsel on trade secret protection policies and procedures relevant to proprietary data stores.

Risk Assessment

  • We assess security risks to consumer information, develop strategies for mitigating those risks, and draft information security policies and procedures for adoption and implementation by financial institutions.
  • We perform due diligence on lead generators and brokers.
  • We help ensure compliance with state licensing and servicing issues for unsecured and personal property secured credit.

Investigations & Litigation

  • We respond to civil investigative demands and other requests for information in conjunction with administrative enforcement actions relating to privacy and data security issues, including with respect to the use of GPS and other technology to locate and disable collateral.
  • We negotiate and revise contracts with consumer reporting agencies and other third-party data providers, regarding the financial institution’s use and furnishing of information.
  • We litigate direct and derivative actions — as both plaintiff and defendant — related to data breaches and data incidents.

Featured Client Stories - How McGlinchey Gives You More

featured insights

Media item displaying Where is the Love: Bridging the Gap Between Regulators, Banks and Fintech to Serve Consumers
Presentation / November 19, 2024
Read Time: 1 min
Where is the Love: Bridging the Gap Between Regulators, Banks and Fintech to Serve Consumers
More
Media item displaying Generative AI Transparency: State and Federal Legislative Approaches
Presentation / October 7, 2024
Read Time: 1 min
Generative AI Transparency: State and Federal Legislative Approaches
More
Media item displaying Podcast: #WhyMcGlinchey? Lateral to Leadership with Kelly Lipinski
Podcasts / August 23, 2024
Read Time: 17 mins
Podcast: #WhyMcGlinchey? Lateral to Leadership with Kelly Lipinski
More
Media item displaying Colorado Enacts Law Regulating High-Risk Artificial Intelligence Systems
Published Article / July 23, 2024
Read Time: 7 mins
Colorado Enacts Law Regulating High-Risk Artificial Intelligence Systems
More
Media item displaying Staying Nimble and Embracing Values Are Essential for Mid-Size Law Firms’ Survival
Published Article / July 18, 2024
Read Time: 5 mins
Staying Nimble and Embracing Values Are Essential for Mid-Size Law Firms’ Survival
More
cyberattacks
Alert, Cybersecurity and Data Privacy Alert, Environmental Law Alert, Government Alert / May 31, 2024
Read Time: 3 mins
Cyberattacks Against U.S. Water Supplies on the Rise: EPA Urges Utilities to Fortify Defenses
More
datacenter
Published Article / May 1, 2024
Read Time: 1 min
FinCEN Seeks Information in Efforts to Modernize CIP Rule
More
finance concept
Presentation / November 23, 2024
Read Time: 1 min
Four McGlinchey Attorneys to Participate in the 2024 MBA LIRC Conference
More
View all

featured news & media

In the Media / October 18, 2024
As Midsize Firms Seek Scale to Compete, Should They Choose Mergers or Grow With What They Have?
McGlinchey’s Managing Member, Michael Ferachi, was interviewed by LAW.com on October 18, 2024 in "As Midsize Firms Seek Scale to Compete, Should They Choose Mergers or Grow With What They Have?"
More
In the Media / October 1, 2024
Merging Law Firms Face Challenge of Creating New Identity
McGlinchey's Managing Member, Michael Ferachi, was interviewed by Bloomberg Law in an article "Merging Law Firms Face Challenge of Creating New Identity," published on October 1, 2024.
More
News Release / September 27, 2024
McGlinchey Attorneys Named to 2024 Super Lawyers Massachusetts Rising Stars
McGlinchey Stafford is pleased to announce that Benjamin P. Lajoie and Marisa Roman, attorneys in the firm’s Boston office, have been recognized on the Super Lawyers 2024 Massachusetts Rising Stars list.
More
In the Media / September 10, 2024
How Payment Firms Are Responding to CFPB Pressure
Member Aaron Kouhoupt (Cleveland) was interviewed by American Banker on September 10, 2024, in "How Payment Firms Are Responding to CFPB Pressure."
More
View all