+ Why should my business have a cybersecurity program?

The three best reasons to start a cyberscurity program for your company are:

1. To comply with applicable data privacy and cybersecurity laws.
2. To reduce downtime by being able to quickly recover when an outage or a data breach occurs.
3. To prepare your business to contract with bigger clients who will require their vendors be cyber-compliant.

+ Does the New York SHIELD Act apply to my business?

The SHIELD Act creates affirmative obligations on any business that handles sensitive personal information belonging to a New York resident. It applies whether or not your business is located within New York state.

For businesses with fewer than 50 employees, less than $3 million in gross revenues in each of the last three fiscal years, or less than $5 million in year-end total assets, those small businesses must maintain “reasonable administrative, technical and physical safeguards that are appropriate for the size and complexity of the small business, the nature and scope of the small business’s activities, and the sensitivity of the personal information the small business collects from or about consumers.”

For businesses larger than that, they must implement a data security program that meets specific requirements lists in the law.

We work with clients to meet the requirements of the SHIELD Act as painlessly as possible.

+ Does the California Consumer Privacy Act apply to my business?

The CCPA may apply to your business if it has “annual gross revenues in excess of twenty-five million dollars ($25,000,000)”, or it “annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices”, or it “derives 50 percent or more of its annual revenues from selling consumers’ personal information”.

That said, even if your business is not large enough for the CCPA to apply directly, you are not out of the woods yet. If you are doing business with customers who are subject to the CCPA, they have an affirmative obligation to make sure that vendors are safeguarding sensitive information. In other words, even if the CCPA does not apply to you, you may find yourself contractually obligated to comply anyway.

We work with clients in negotiating vendor contracts cybersecurity obligations that they enter into are reasonable and achievable.

+ What does a Data Privacy and Cybersecurity Lawyer do?

Typically, there two areas of concern for a Data Privacy and Cybersecurity lawyer: Compliance and Breach Response.

Compliance deals with making sure that a client has met the legal and contractual requirements applicable to them. A goood privacy compliance program will keep your business out of legal trouble, and will create efficiencies and opportunities for growth. A good cybersecurity program make a data breach less likely to occur. It also makes your company more attractive to potential clients and customers.

Breach response is the process of addressing the legal and technical requirements to recover from a data breach. Time is of the essence when dealing with a data breach and a good compliance program will make recovering significantly cheaper and easier to deal with.

+ What should I do if I experienced a data breach?

Call our office at 315-991-8000. If it is after hours, leave a voicemail and expect a call back from us promptly. Most calls can be returned within an hour.

We work with clients to facilitate a comprehensive response to a breach, including coordinating a technical recovery if the client does not already have technology professionals in place. Time is of the essence, so we work quickly.