Data Privacy, Protection, and Security
When sensitive information such as PHI and customer data is not adequately protected, regulatory investigations, and even litigation, may follow.
Data privacy refers to an individual’s ability to self-determine what data or information can be shared by a third party, and with whom. Data protection or data security refers first to a company’s responsibility to protect individuals’ data from unauthorized use, and second to actual safeguards adopted pursuant to that responsibility. Data privacy and security statutes typically require businesses to protect certain sensitive information such as Protected Health Information (PHI), Personally Identifiable Information (PII), customer data, employee records, and proprietary corporate information. When such information is not adequately protected, regulatory investigations, and even litigation, may follow.
How We Can Help
DisputeSoft offers services appropriate to contexts including pre-litigation investigations and assessments, regulatory investigations, and litigation. Our experts assess system vulnerability, evaluate client policies and practices against specific regulatory frameworks, and opine on the root cause and impact of privacy and security events.
DisputeSoft assists clients in assessing system vulnerability in pre-litigation investigations. Our experts work with a client’s IT department and make specific recommendations for remediating system vulnerabilities. Such recommendations may include updating virus protection software, properly configuring firewall protections, ensuring consistent implementation of group network policies, and configuring endpoint security and DNS protection. In one such investigation, DisputeSoft conducted an on-site audit of a financial management firm’s endpoint and DNS protection software to determine whether existing protective measures were sufficient to prevent internal security policy infractions.
DisputeSoft experts assess system vulnerability, evaluate client policies and practices against specific regulatory frameworks, and opine on the root cause and impact of privacy and security events.
DisputeSoft also provides services related to a client’s defense of its policies and practices in regulatory investigations or civil litigation resulting from a data privacy or data security incident. DisputeSoft evaluates whether a client’s policies and practices:
- Observe a specific regulatory framework, such as the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR);
- Adhere to the client’s written policies and procedures; and/or
- Adhere to court-mandated standards for data privacy and data security as the result of a judgment.
In the context of litigation, our experts preserve relevant electronic information, identify the root cause of a privacy or security event, assess the impact of the event, and present findings and opinions to a client or trier of fact in the form of an expert report or expert testimony. DisputeSoft also assists clients in remediating system vulnerabilities to adhere to court-mandated standards for data privacy and data security.
Experts on Data Privacy, Protection, and Security
Jeff Parmet is a widely respected IT dispute resolution specialist who has served as a…
Josh Siegel has substantial experience analyzing copyright, patent, and trade secret cl…
Anne Ackerman has extensive experience in investigating software failure matter, includ…
Since joining DisputeSoft in 2016, T.J. Wolf has consulted for clients on a variety of…
At DisputeSoft, Evan is an IT analyst responsible for analyzing source code in IP and s…
At DisputeSoft, Aparna assists in drafting expert, rebuttal, and investigative reports…