Our combination of insurance and data protection experience ensures that insurers and their policy holders get the support they need from people who understand the risks and can help manage the exposures.
Our deep team of cyber lawyers relies on decades of experience providing practical, specialized business and compliance advice to insurers and companies in all vertical markets, as well as universities and other institutions. They learn and know the business before advising on data protection, risk mitigation and incident responses that serve all stakeholders.
Our lawyers have a wealth of experience addressing cyber and data incidents, including through our decades of experience working with major insurance companies and corporate policy holders. From phishing and hacking to social media storms and accidental IT failures, we have handled cyber incidents involving loss of data or money and significant business interruption. From first response and regulatory reporting to the resolution of third party claims, we rapidly identify the issues and help manage the exposures to achieve cost effective outcomes.
Our team of privacy and cyber security lawyers has advised clients on some of the largest data security breaches in recent years, and works with clients every day to manage compliance and response following information incidents and cyber attacks. Our breach response team offers 24/7 availability and is able to respond to incidents quickly with a well-developed plan. We can also work as part of an existing incident response team. As breach coach, we will work with you and your policy holder to effectively plan for and respond to cyber security incidents, retain relevant professionals such as data security specialists, identify and comply with breach notification obligations, manage crisis communications, and minimize future liability and business risk. We also represent clients facing litigation or regulatory actions related to data breaches, including under HIPAA and GDPR.
We have successfully addressed incidents in the finance, professional services, healthcare, retail, manufacturing, technology, non-profit, university, and government sectors, and are adept at working
with non-profits and regulated entities that have an additional layer of stakeholders to consider when managing an incident. Whether insider threats, data access or integrity attacks, electronically initiated fraud or traditional computer exploitation and data loss, our team understands that competence, planning, and resilience are critical to successful incident response.
Womble Bond Dickinson’s Privacy and Cyber Security team includes data generalists and lawyers with a wealth of experience in the healthcare, financial, communications, insurance and retail industries as well as working with universities and government. This team also features a former cyber crime prosecutor of the US Department of Justice with experience investigating and prosecuting cyber crimes.
Investigate data incidents and help coordinate the client’s response, preserving privileges and minimizing legal, reputational, and business risk
Advise on cyber policy coverage
Manage interactions with regulators and law enforcement
Ensure compliance with breach notification laws, regulations, system rules and contract obligations, including GDPR and HIPAA
Devise response plans which benefit both clients and affected third parties
Create e-discovery strategies including preservation, collection, and review
Manage and/or represent clients in any litigation, regulatory actions, or other investigations arising out of cyber security incidents
Contribute to a lessons-learned review of the incident to mitigate future risk and minimize legal liability
Pre-emptive services
Lead data audits and analysis of how data flows and computer systems impact cyber risk and associated legal obligations
Assist with creation of incident response plans and data policies and procedures
Draft cyber policy wordings
Provide data protection and incident response training to executives, risk teams, technologists and client’s employees
Assist with creation of Incident Response Team
Facilitate table-top training exercises for IRT, C-Suite and board of directors
Listen to and advise clients on protections and processes built for the precise needs and obligations of that business
Examples of work
Improved data resilience for RAI by conducting tabletop exercises and regular team meetings to examine changes in technology and regulation, and to update definitions and policies
Advised Heartland Payment System in its response to the loss of 130 million credit card data sets
Successfully represented the State of South Carolina in litigation involving the exposure of six million tax records
Assisted major public university in recovery from an extensive data exposure incident
Addressed healthcare vendor data exposures affecting employees and retirees of client companies
Investigated and advised on liability and recovery actions after £millions diverted from law firm accounts in phishing scams leading to significant recoveries
Advised on email fraud perpetrated on bond broker causing clients funds to be diverted to fraudsters. Obtaining partial recovery from insurance agent
Advised on hack of insurance broker's email account and dealing with regulatory action ensuring compliance but minimization of profile of incident
A national retailer exposed information about tens of thousands of customers on its website during a project to migrate to a new server. Working with the retailer's IT team, we determined what data had been accessed and we advised about notification to the regulator and customers. We also advised on the recovery from a negligent IT contractor
A major security breach as a result of hard-drives, containing 3,000,000+ banking records, not being securely destroyed. We advised on how to manage the breach, worked with IT forensics to assess the accessibility of the data on the hard-drives and drafted the notification to the ICO. Our client's prompt and comprehensive response, along with the extremely detailed report submitted to the ICO, meant that the ICO took no further action
A disgruntled employee stole a customer data and sent malicious communications to the retailer's customers. We investigated the incident and prepared responses to the ICO's request for information following a customer complaint to the ICO. We also advised on the disciplinary proceedings against the employee and a possible defamation action in relation to the malicious communications
A large medical training provider suffered a serious email hacking incident. We advised on issues relating to proceedings against the hacker and an IT provider. We also defended an ensuing libel claim
Client’s HR manager took home HR records (including medical information) about employees and accidentally misplaced them when the records should have been stored in a locked cabinet. We advised on pro-actively notifying the regulator. As a result, the regulator accepted that this was a one-off incident that did not require further investigation.
Overview
Overview
Our combination of insurance and data protection experience ensures that insurers and their policy holders get the support they need from people who understand the risks and can help manage the exposures.
Our deep team of cyber lawyers relies on decades of experience providing practical, specialized business and compliance advice to insurers and companies in all vertical markets, as well as universities and other institutions. They learn and know the business before advising on data protection, risk mitigation and incident responses that serve all stakeholders.
Our lawyers have a wealth of experience addressing cyber and data incidents, including through our decades of experience working with major insurance companies and corporate policy holders. From phishing and hacking to social media storms and accidental IT failures, we have handled cyber incidents involving loss of data or money and significant business interruption. From first response and regulatory reporting to the resolution of third party claims, we rapidly identify the issues and help manage the exposures to achieve cost effective outcomes.
Our team of privacy and cyber security lawyers has advised clients on some of the largest data security breaches in recent years, and works with clients every day to manage compliance and response following information incidents and cyber attacks. Our breach response team offers 24/7 availability and is able to respond to incidents quickly with a well-developed plan. We can also work as part of an existing incident response team. As breach coach, we will work with you and your policy holder to effectively plan for and respond to cyber security incidents, retain relevant professionals such as data security specialists, identify and comply with breach notification obligations, manage crisis communications, and minimize future liability and business risk. We also represent clients facing litigation or regulatory actions related to data breaches, including under HIPAA and GDPR.
We have successfully addressed incidents in the finance, professional services, healthcare, retail, manufacturing, technology, non-profit, university, and government sectors, and are adept at working
with non-profits and regulated entities that have an additional layer of stakeholders to consider when managing an incident. Whether insider threats, data access or integrity attacks, electronically initiated fraud or traditional computer exploitation and data loss, our team understands that competence, planning, and resilience are critical to successful incident response.
Womble Bond Dickinson’s Privacy and Cyber Security team includes data generalists and lawyers with a wealth of experience in the healthcare, financial, communications, insurance and retail industries as well as working with universities and government. This team also features a former cyber crime prosecutor of the US Department of Justice with experience investigating and prosecuting cyber crimes.
What we do
Breach response
Investigate data incidents and help coordinate the client’s response, preserving privileges and minimizing legal, reputational, and business risk
Advise on cyber policy coverage
Manage interactions with regulators and law enforcement
Ensure compliance with breach notification laws, regulations, system rules and contract obligations, including GDPR and HIPAA
Devise response plans which benefit both clients and affected third parties
Create e-discovery strategies including preservation, collection, and review
Manage and/or represent clients in any litigation, regulatory actions, or other investigations arising out of cyber security incidents
Contribute to a lessons-learned review of the incident to mitigate future risk and minimize legal liability
Pre-emptive services
Lead data audits and analysis of how data flows and computer systems impact cyber risk and associated legal obligations
Assist with creation of incident response plans and data policies and procedures
Draft cyber policy wordings
Provide data protection and incident response training to executives, risk teams, technologists and client’s employees
Assist with creation of Incident Response Team
Facilitate table-top training exercises for IRT, C-Suite and board of directors
Listen to and advise clients on protections and processes built for the precise needs and obligations of that business
Need legal advice and guidance in Cyber Risk?
Our team is able to help provide solutions to you and your organization. Browse through our lawyers and professional staff to find the right attorney near you.
Examples of our work and how we’ve helped companies of all sizes with a wide range of challenges.
Improved data resilience for RAI by conducting tabletop exercises and regular team meetings to examine changes in technology and regulation, and to update definitions and policies
Advised Heartland Payment System in its response to the loss of 130 million credit card data sets
Successfully represented the State of South Carolina in litigation involving the exposure of six million tax records
Assisted major public university in recovery from an extensive data exposure incident
Addressed healthcare vendor data exposures affecting employees and retirees of client companies
Investigated and advised on liability and recovery actions after £millions diverted from law firm accounts in phishing scams leading to significant recoveries
Advised on email fraud perpetrated on bond broker causing clients funds to be diverted to fraudsters. Obtaining partial recovery from insurance agent
Advised on hack of insurance broker's email account and dealing with regulatory action ensuring compliance but minimization of profile of incident
A national retailer exposed information about tens of thousands of customers on its website during a project to migrate to a new server. Working with the retailer's IT team, we determined what data had been accessed and we advised about notification to the regulator and customers. We also advised on the recovery from a negligent IT contractor
A major security breach as a result of hard-drives, containing 3,000,000+ banking records, not being securely destroyed. We advised on how to manage the breach, worked with IT forensics to assess the accessibility of the data on the hard-drives and drafted the notification to the ICO. Our client's prompt and comprehensive response, along with the extremely detailed report submitted to the ICO, meant that the ICO took no further action
A disgruntled employee stole a customer data and sent malicious communications to the retailer's customers. We investigated the incident and prepared responses to the ICO's request for information following a customer complaint to the ICO. We also advised on the disciplinary proceedings against the employee and a possible defamation action in relation to the malicious communications
A large medical training provider suffered a serious email hacking incident. We advised on issues relating to proceedings against the hacker and an IT provider. We also defended an ensuing libel claim
Client’s HR manager took home HR records (including medical information) about employees and accidentally misplaced them when the records should have been stored in a locked cabinet. We advised on pro-actively notifying the regulator. As a result, the regulator accepted that this was a one-off incident that did not require further investigation.
This selection will switch the website from presenting information primarily about the United Kingdom to information about the United States. If you would like to switch back, you may use location selection options at the top of the page.
Contact
Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any legal matter until we authorize you to do so. To initiate a possible representation, please call one of our lawyers or staff members.
By clicking the “ACCEPT” button, you agree that we may review any information you transmit to us. You recognize that, even if you submit information that you consider confidential in an effort to retain us, our review of that information will not create an obligation on us to keep it confidential and will not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.
Please click the “ACCEPT” button if you understand and accept the foregoing statement and wish to proceed.
