Data privacy and cybersecurity services header

Proactive measures and breach prevention

The cost of a data breach, including fees for privacy professionals and penalties from regulators, can be devastating to your business. Plus, the public relations damage is incalculable! Unfortunately, for many organizations, it’s not a matter of if you will become a victim of a data breach, but when. It’s critical to have a comprehensive, proactive approach to data privacy and cybersecurity for a number of reasons – to minimize risk, mitigate potential costs and to comply with information security laws and standards, depending on your state and industry.

Below is a brief summary of some proactive programs, policies and procedures that we provide:
  • Breach response workshops - Our interactive workshops are designed for individuals at the front line of data breach risk management, including compliance, risk, legal, IT, finance, HR, and communications.
  • Incident response plan - Your incident response plan is the go-to document that identifies the appropriate internal and external resources to properly deal with a data breach.
  • Written Information Security Program (WISP) - A WISP is a document that outlines your privacy policies and procedures. It sets forth the various physical, technical and administrative safeguards your company has taken to secure Personal Information (PI), Protected Health Information (PHI) and confidential information, contained in both electronic and hardcopy form.
  • Confidentiality agreements - It is important to establish your commitment to data privacy from the start of a relationship with any third party. Carefully drafted confidentiality agreements for employees, vendors and visitors can help accomplish this goal.
  • Employee policies - A study found that 59 percent of employees who were fired, laid off or quit admitted to stealing company data. You can reduce the likelihood of this happening by having appropriate IT and electronic policies. Our attorneys draft social media policies, computer usage policies (cell phones, USBs, laptops, personal devices), document retention and destruction policies, telecommuting policies, mobile device usage policies, and “Bring Your Own Device” policies.
  • Employee training - It’s imperative that your employees have appropriate training regarding your data security programs at the inception of employment and on an annual basis thereafter. Our team assists clients in drafting training modules and presentations and we frequently provide on-site training.
  • Storage and disposal of personal information - At least 29 states have enacted information security laws that mandate how personal information should be stored and require entities to destroy, dispose or otherwise make the information unreadable when it is no longer needed for a legitimate business purpose. We can work with you to develop a storage and disposal plan that meets those requirements.



James J. Giszczak, Co-Chair
Dominic Paluzzi, Co-Chair


James J. Giszczak profile image

James J. Giszczak

Dominic A. Paluzzi profile image

Dominic A. Paluzzi

Christine N. Czuprynski profile image

Christine N. Czuprynski

Sherri A. Krause profile image

Sherri A. Krause

Colin M. Battersby, CIPP/US profile image

Colin M. Battersby, CIPP/US

Emily A. Johnson profile image

Emily A. Johnson

William J. O'Neill profile image

William J. O'Neill

Richard H. Blake profile image

Richard H. Blake

Alan M. Burger profile image

Alan M. Burger

Christopher G. Dean profile image

Christopher G. Dean

Joelle H. Dvir profile image

Joelle H. Dvir

Rick L. Hindmand profile image

Rick L. Hindmand

Christopher B. Hopkins profile image

Christopher B. Hopkins

Timothy J. Lowe profile image

Timothy J. Lowe

Dan L. Makee profile image

Dan L. Makee

David T. Movius profile image

David T. Movius

Matthew R. Rechner profile image

Matthew R. Rechner

Raquel (Rocky) A. Rodriguez profile image

Raquel (Rocky) A. Rodriguez

Adam C. Smith profile image

Adam C. Smith

Miriam L. Rosen profile image

Miriam L. Rosen