fbpx

    When sensitive information such as PHI and customer data is not adequately protected, regulatory investigations, and even litigation, may follow.

    Data privacy refers to an individual’s ability to self-determine what data or information can be shared by a third party, and with whom. Data protection or data security refers first to a company’s responsibility to protect individuals’ data from unauthorized use, and second to actual safeguards adopted pursuant to that responsibility. Data privacy and security statutes typically require businesses to protect certain sensitive information such as Protected Health Information (PHI), Personally Identifiable Information (PII), customer data, employee records, and proprietary corporate information. When such information is not adequately protected, regulatory investigations, and even litigation, may follow.

    Technical Analysis to Assist Attorney’s Compliance Services

    DisputeSoft understands that attorneys are best equipped to provide legal guidance and counseling with respect to an organization’s compliance obligations and internal data privacy standards. Our experts complement the services offered by counsel by providing the technical expertise required to assess software and systems to understand an organization’s current data usage practices and whether they adhere to U.S., international, or self-mandated requirements. Our core analyses provide insight into an organization’s data collection, retention, and use practices. DisputeSoft experts have hands on experience investigating data privacy and data security-related issues, and possess relevant credentials including the Certified Information Privacy Professional (CIPP) certification through the International Association of Privacy Professionals (IAPP).

    How We Can Help

    Our Services

    DisputeSoft experts assess system vulnerability, evaluate client policies and practices against specific regulatory frameworks, and opine on the root cause and impact of privacy and security events through a combination of core analyses, including:

    1. Data Forensics and Mapping
    • Investigate and assess how data is collected, stored, used, encrypted, transmitted, and discarded.
    • Provide counsel and client a birds-eye view of an organization’s data usage practices to demonstrate compliance and identify potential vulnerabilities.

    DisputeSoft experts assess system vulnerability, evaluate client policies and practices against specific regulatory frameworks, and opine on the root cause and impact of privacy and security events.

    2. Code Review and Analysis
    • Perform a comprehensive review of a portion of a system or an entire system, including:
      • Review and analyze a system’s back-end source code as a means of demonstrating compliance;
      • Identify exploitable security vulnerabilities that enable unauthorized access to protected data; and/or
      • Identify instances where data transmissions between disparate components or systems can be, or were, compromised.
    3. Network Forensics
    • Monitor and analyze computer network traffic to identify intrusions and other anomalous network activity that may be indicative of a breach, and examine metadata to identify the source of a security breach.
    • Determine exploitable weaknesses or vulnerabilities in a network, how data was accessed via the network, and the source of intrusion, to allow attorneys to give a client the appropriate advice.

    Application of Our Services

    DisputeSoft applies our core data privacy and data security analyses in contexts including pre-litigation investigations and assessments, regulatory investigations, and litigation.

    Pre-Litigation Investigations

    In pre-litigation investigations, DisputeSoft assists counsel and client to identify risks associated with an organization’s data practices and system vulnerabilities so that attorneys can advise clients on how to mitigate risks and achieve compliance. Our experts work with a client’s IT department and make specific recommendations for remediating system vulnerabilities. Such recommendations may include updating virus protection software, properly configuring firewall protections, ensuring consistent implementation of group network policies, and configuring endpoint security and DNS protection. In one such investigation, DisputeSoft conducted an on-site audit of a financial management firm’s endpoint and DNS protection software to determine whether existing protective measures were sufficient to prevent internal security policy infractions.

    Data Breach & Class Action Litigation

    DisputeSoft also provides services related to a client’s defense of its policies and practices in regulatory investigations or civil litigation resulting from a data privacy or data security incident. DisputeSoft evaluates whether a client’s policies and practices:

    1. Observe a specific regulatory framework, such as the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR);
    2. Adhere to the client’s written policies and procedures; and/or
    3. Adhere to court-mandated standards for data privacy and data security.

    In the context of litigation, our experts identify security vulnerabilities that were exploited to gain access to confidential information. DisputeSoft preserves relevant electronic information, identifies the root cause of a privacy or security event, assesses the impact of the event, and presents findings and opinions to a client or trier of fact in the form of an expert report or expert testimony. DisputeSoft also assists clients in remediating system vulnerabilities to adhere to court-mandated standards for data privacy and data security.

    Breach of Contract Litigation

    As data privacy legislation continues to evolve across all industries, organizations may include data security related provisions in service level agreements (SLAs) for software and system implementations. Where an organization alleges that a software implementation vendor did not adhere to contractually mandated standards for data protection, encryption, and security, civil litigation may result. DisputeSoft experts investigate whether software functions in accordance with data protection and encryption specifications set out in a software implementation agreement, and we opine on our findings in the form of expert reports and testimony.

    The Evolving Regulatory Landscape

    DisputeSoft experts keep abreast of the evolving data privacy landscape in the U.S. and internationally, and understand how to assist counsel with the many distinct causes of action which may give rise to a lawsuit or government investigation. Data privacy in the U.S. is governed by separate and sometimes overlapping federal and state statutes, such as the recently enacted California Consumer Privacy Act (CCPA), and American businesses handling data concerning residents of the European Union (EU) may need to comply with certain provisions of the General Data Protection Regulation (GDPR). DisputeSoft experts keep up-to-date with the legal landscape of data privacy, and are well-equipped to assist clients and their counsel in disputes or investigations arising over compliance with domestic and international regulations.

    Experts on Data Privacy, Protection, and Security

    Anne Ackerman

    Manager

    Anne Ackerman has extensive experience in investigating software failure matters, inclu…

    Need assistance with Data Privacy, Protection, and Security?

    If you are an attorney in need of a data privacy and data security expert, we invite you to contact DisputeSoft for a private consultation.