“As one of the hottest topics in the legal industry today, Hochheiser & Akmal has developed leading-edge, documented solutions that are designed to limit a company’s financial and reputational exposure for potential data security breaches through a low-cost uniquely tailored documented system.”
Hochheiser & Akmal has placed significant emphasis on being in the forefront of the privacy and data security compliance sector by remaining active in communicating privacy and data security requirements and risks to the corporate community. In fact, our attorneys are frequent lecturers on the topic and are a key resource to companies in developing their internal written information security programs. Our practice provides a one-stop resource for companies across a wide array of industries, including information technology, data security, financial privacy, health privacy, and employment privacy. Our firm prides itself on the exceptional level of experience that our attorneys have with relevant privacy and data security laws worldwide including the European Union’s General Data Protection Regulation (GDPR). We assist our clients by structuring and implementing globally valid privacy compliance programs that enable our clients to certify to various international privacy safe-harbor certifications. We recognize that compliance programs and procedures are not complete without corresponding internal controls. It is for this reason that Hochheiser & Akmal has developed key relationships with nationally-recognized accounting and audit firms that can assist our clients with implementation of their written information security programs.
- Perform a risk assessment of existing procedures and identify and address reasonably foreseeable internal and external risks to the security of personal information.
- Implement a practical, streamlined WISP that leverages existing infrastructure and is non-intrusive and minimalist in nature but structured to satisfy applicable regulatory obligations and financial protocols.
- Utilize effective strategies designed to mitigate and/or properly negate privacy exposures and related obligations to provide breach notifications.
- Establish an effective incident response plan.