Privacy & Cybersecurity

Michael Best provides full-service compliance counseling across the evolving spectrum of global privacy and cybersecurity law, under U.S. federal and state regulations and industry standards (e.g., CAN-SPAM, COPPA, GLBA, HIPAA, NYDFS, PCI-DSS, and FTC/FCC regulation); European Union regulations, including GDPR; and Latin America and Asia-Pacific regional standards.

We take an innovative approach to managing regulatory issues, with the Best Privacy & Cybersecurity Toolkit, which is an online platform that helps our clients manage compliance with a variety of regulatory frameworks including the NIST Cybersecurity Framework and GDPR.

In addition to our Toolkit, we provide ongoing support in mitigating risk and maintaining compliance with GDPR, as further guidance’s are published.

We also provide counsel on privacy and cybersecurity e-commerce issues including CAN-SPAM, TCPA, Do Not Call, E-Sign, internet privacy, and many others, keep our clients compliant with every changes rules and regulations, enabling our clients to achieve their business objectives.

Our team, which has in-house experience in government and business, has critical insight into how federal and state governments define, enact, and manage cybersecurity policy and regulations.

We help clients develop incident response plans, conduct on-site tabletop exercises, remediate data breaches, respond to third party investigations or claims, and manage crisis communications.

We partner with trusted resources to manage and investigate small and large scale breaches arising from all varieties of cybercrimes and threats, engaging third party resources, preserving the attorney-client privilege.

We tailor the tabletop exercise to their business, their people. Through the response to the exercise, we update/craft a response plan to assist in mitigating future risk, in accordance with applicable regulatory requirements.

We develop robust risk mitigation strategies to help you defend reputational and legal challenges through our customized, integrated approach to policy, procedure, and risk assessment and management.

We represent clients throughout internal audits and investigations, third-party disputes, federal and state government investigations, and regulatory enforcement actions, helping them navigate federal and state agencies and external auditors.

Our team also focuses on stakeholder preparation and counseling, working with individuals who are externally facing, to prepare them for media spotlight, testimony, depositions, and other public statements.

We strategically partner with our litigation team to provide clients a full range of resources if litigation is imminent.  Our team advises and provides support to the litigation team throughout the litigation process, assisting with case evaluation, discovery and settlement strategy, evaluating the merits of the claim, seeking indemnification where available, tendering to cyber insurance carriers and following protocols, all to achieve a beneficial outcome for our clients.

We advise customers and suppliers on privacy and cybersecurity risk concerns, including pre-contract diligence, contract preparation and negotiations, and post-contract audits. 

Our team is available to assist through the entire life cycle, starting with vendor selection process through contract termination and exit strategy.

When clients are developing or adopting new technologies (e.g., IoT or blockchain), we help them achieve business objectives while being mindful of emerging law and interpretations.

Our team helps clients integrate privacy and cybersecurity into their new technologies and projects from the onset, incorporating the principles of Privacy by Design and Default.

Click here for additional resources.

Our training programs empower your organization to develop a first line of defense in privacy and cybersecurity risk management, by creating a structured program to identify key cybersecurity and privacy issues.

We counsel gaming industry clients on crucial privacy and data security issues, creating customized compliance programs for risk mitigation. We advise on the full spectrum of privacy and cybersecurity regulations at the state, federal, and global level. Our experience includes developing privacy policies and terms of service that address gaming regulations across multiple states; counsel on issues related to third-party data transfers; and data breach incident preparation and response.