Cyber preparedness is necessary to mitigate the risk arising from a cyberattack. With the proliferation of e-commerce, electronic record keeping, and improved data collection techniques, the incidence of cyber intrusions have increased such that it is not a question of whether a data breach for any given system will occur, but when. Twenty-first century data breaches involve sophisticated attacks on the network and information systems which underpin modern commercial and corporate activities for companies of all sizes. This malicious activity affects all types of entities including retail companies, financial institutions, investment advisors, energy companies, governmental agencies, and other commercial or business ventures.
At Bracewell, we work with our clients to develop and implement information security plans to minimize risk and to insulate management from the regulatory and shareholder scrutiny that inevitably follows a breach. Preemptive activity can also streamline the time and expense of the response effort in case of a breach by ensuring that a rapid response plan is already in place and available for implementation on short notice. And when data breaches occur, we assist clients in managing all aspects of the incident, including the deployment of effective media and governmental communications to mitigate and minimize repercussions, both financial and reputational. Our team is comprised of a diverse array of lawyers across a range of disciplines that reflect the myriad client needs in the cyber arena, from former prosecutors to seasoned civil litigators and strategic communications experts.
Recent Notable Matters
Global asset management firm — advised on the drafting of an information security policy and incident response plan
Oil and gas exploration and production company — assisted with cyber preparedness matters including the drafting of an incident response plan and an information security policy
Public water and waste water services district — provided advice after being victimized by an email compromise scheme
Privately owned real estate firm — drafted an information security policy and managed the fallout after the loss of personally identifiable information (“PII”)
Real estate investment firm — provided advice on notice obligations after client was victimized by a cyberattack
Retailer — managed government relations and strategic communications after the detection of an external data breach
International energy company — advised client after the company was victimized by an email compromise scheme
Fortune 500 companies — provided advice to both US and foreign-based companies on compliance with GDPR, including assistance in developing documentation required for GDPR, and developing policies and procedures for managing communications, employees, and third party contracts