Cyber Law & Security
Data Breach Emergencies
We have formed teams to quickly respond to emergencies arising from data breaches of all sizes; rest assured that when you work with us, you will not be alone when a crisis strikes.
The emergency after-hours rapid response number is: 402.231.8585
The Data Breach Rapid Response Team:
Robert L. Kardell
Vickie B. Ahlers
Baird Holm is trusted counsel for clients in the time of preparation and crisis with our Cyber Law & Security group. We take a holistic approach to cyber law and security by helping our clients each step of the way through evaluation to breach response, as well as lessons learned.
Proactively, we guide our clients through implementation of data protection mechanisms and preparation of incident response plans. We can help our clients through the legal maze of regulatory issues and requirements. We help draft policies, plans, and procedures which meet the legal requirements as well as government and regulatory standards, and protect your company from cyber breaches and attacks, investigations and criminal and civil cases.
We react quickly to aid our clients, whether the breach results from a failure of a managed service provider, a managed security service provider, a software platform, or a third-party attack on client systems. We have handled data breach investigations on state and national levels and managed the forensic investigation and analysis to learn from incidents and respond to government inquiry or private action claims. Baird Holm does all of this with cost-effective strategies and know-how because our attorneys come from multiple cross-sections of legal practice.
The Third Annual Report on Cybersecurity in Nebraska is a review of the data breach notifications made to the Nebraska Attorney General’s office through 2020. The breach notifications were analyzed to provide insight as to which industries are being victimized, how the attackers are perpetrating the cyber-attacks, the types of data being stolen, the total and average number of records being breached, and a review of the states from which Nebraska is receiving the most notifications. The review also outlines methods for estimating the costs per record to provide average recovery costs for Nebraska based companies. Companies can use the estimates to analyze their own risks and make a fact-based business risk decision as to how to manage their cyber risk.
At Baird Holm, our Cyber Law & Security attorneys assist our clients with identifying, protecting and securing their information. We help clients identify applicable laws to ensure statutory and regulatory compliance, evaluate the status of their data security, draft policies for the management and retention of sensitive information, assess privacy and security business partners, prepare for and respond to security incidents, defend against government investigations and private litigation, and enforce data protection obligations among internal personnel and external service providers.
Board of Directors Level Preparation
Baird Holm possesses a significant amount of experience at the board level to enable clients and their board to identify key risk issues for the company and the industry, and prepare company-wide remediation plan. We will work with your audit, risk, or oversight committees to ask the key questions to understand IT and breach response risks and either mitigate, avoid, reduce, or accept those risks as necessary. We can work to identify key gaps in a cyber-insurance policy which may create a risk or a gap for the company and work to fill those voids with reasonable and informed mitigation strategy.
Our attorneys understand and regularly counsel clients through risk assessment exercises. We enable clients to safely evaluate their security strengths and pressure points under the protection of attorney-client privilege. We discuss our clients’ data management practices and provide tailored legal insight to meet strenuous industry rules and regulations, from PCI DSS compliance advice to HIPAA coverage profiles. We are also at the forefront of crafting and reconfiguring increasingly common cloud service agreements that create complicated privacy issues requiring vigilant data protection schemes.
Our attorneys help clients with their proactive steps to avoid data breaches. We assist our clients with preparing and updating data breach response plans and conducting readiness and table-top exercises. We can help to identify the legal and regulatory issues to tailor response plans. We keep our clients apprised of changing laws and regulations across state and federal jurisdictions so they can manage compliance. We update and create policies and procedures for our clients that want to manage their data risks and prepare for security incidents of all scales.
A rapid, measured, and experienced response is crucial when there is a breach in privacy, data security, or the loss of sensitive information. Our experienced rapid response team is available to assist clients in responding to such security or data breaches. Members of the team have experience in investigating potential breaches and engaging forensic experts under attorney-client privilege, when necessary. The rapid response team will assess the scope of the breach, determine controlling laws and regulations, advise regarding notification requirements, and recommend strategies to reduce potential liability. We also assist clients in establishing in-house rapid response teams.
Our attorneys work to handle any government inquiry that may arise from a security incident. We manage investigations to limit disruptions to our clients’ business operations and to eliminate or mitigate the chance of regulatory penalties. We have attorneys with experience responding to inquiries from the Federal Trade Commission, Department of Health and Human Services, financial services regulators, and state attorneys general.
Data protection is not always about defense. Clients also need to enforce their chosen data security strategies and privacy rights. We are experienced in preparing and delivering cease-and-desist letters, as well as referrals to proper regulatory agencies. We understand and counsel our clients on the value of monitoring systems that warn them when suspicious or unusual activity is occurring. We also help clients document their privacy and security schemes meant to ward off and prevent phishers, spammers, scammers and other cybercriminals.