Data Privacy, Protection, and Security
When sensitive information such as PHI and customer data is not adequately protected, regulatory investigations, and even litigation, may follow.
Data privacy refers to an individual’s ability to self-determine what data or information can be shared by a third party, and with whom. Data protection or data security refers first to a company’s responsibility to protect individuals’ data from unauthorized use, and second to actual safeguards adopted pursuant to that responsibility. Data privacy and security statutes typically require businesses to protect certain sensitive information such as Protected Health Information (PHI), Personally Identifiable Information (PII), customer data, employee records, and proprietary corporate information. When such information is not adequately protected, regulatory investigations, and even litigation, may follow.
Technical Analysis to Assist Attorney’s Compliance Services
DisputeSoft understands that attorneys are best equipped to provide legal guidance and counseling with respect to an organization’s compliance obligations and internal data privacy standards. Our experts complement the services offered by counsel by providing the technical expertise required to assess software and systems to understand an organization’s current data usage practices and whether they adhere to U.S., international, or self-mandated requirements. Our core analyses provide insight into an organization’s data collection, retention, and use practices. DisputeSoft experts have hands on experience investigating data privacy and data security-related issues, and possess relevant credentials including the Certified Information Privacy Professional (CIPP) certification through the International Association of Privacy Professionals (IAPP).
How We Can Help
DisputeSoft experts assess system vulnerability, evaluate client policies and practices against specific regulatory frameworks, and opine on the root cause and impact of privacy and security events through a combination of core analyses, including:
1. Data Forensics and Mapping
- Investigate and assess how data is collected, stored, used, encrypted, transmitted, and discarded.
- Provide counsel and client a birds-eye view of an organization’s data usage practices to demonstrate compliance and identify potential vulnerabilities.
DisputeSoft experts assess system vulnerability, evaluate client policies and practices against specific regulatory frameworks, and opine on the root cause and impact of privacy and security events.
2. Code Review and Analysis
- Perform a comprehensive review of a portion of a system or an entire system, including:
- Review and analyze a system’s back-end source code as a means of demonstrating compliance;
- Identify exploitable security vulnerabilities that enable unauthorized access to protected data; and/or
- Identify instances where data transmissions between disparate components or systems can be, or were, compromised.
3. Network Forensics
- Monitor and analyze computer network traffic to identify intrusions and other anomalous network activity that may be indicative of a breach, and examine metadata to identify the source of a security breach.
- Determine exploitable weaknesses or vulnerabilities in a network, how data was accessed via the network, and the source of intrusion, to allow attorneys to give a client the appropriate advice.
Application of Our Services
DisputeSoft applies our core data privacy and data security analyses in contexts including pre-litigation investigations and assessments, regulatory investigations, and litigation.
In pre-litigation investigations, DisputeSoft assists counsel and client to identify risks associated with an organization’s data practices and system vulnerabilities so that attorneys can advise clients on how to mitigate risks and achieve compliance. Our experts work with a client’s IT department and make specific recommendations for remediating system vulnerabilities. Such recommendations may include updating virus protection software, properly configuring firewall protections, ensuring consistent implementation of group network policies, and configuring endpoint security and DNS protection. In one such investigation, DisputeSoft conducted an on-site audit of a financial management firm’s endpoint and DNS protection software to determine whether existing protective measures were sufficient to prevent internal security policy infractions.
Data Breach & Class Action Litigation
DisputeSoft also provides services related to a client’s defense of its policies and practices in regulatory investigations or civil litigation resulting from a data privacy or data security incident. DisputeSoft evaluates whether a client’s policies and practices:
- Observe a specific regulatory framework, such as the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR);
- Adhere to the client’s written policies and procedures; and/or
- Adhere to court-mandated standards for data privacy and data security.
In the context of litigation, our experts identify security vulnerabilities that were exploited to gain access to confidential information. DisputeSoft preserves relevant electronic information, identifies the root cause of a privacy or security event, assesses the impact of the event, and presents findings and opinions to a client or trier of fact in the form of an expert report or expert testimony. DisputeSoft also assists clients in remediating system vulnerabilities to adhere to court-mandated standards for data privacy and data security.
Breach of Contract Litigation
As data privacy legislation continues to evolve across all industries, organizations may include data security related provisions in service level agreements (SLAs) for software and system implementations. Where an organization alleges that a software implementation vendor did not adhere to contractually mandated standards for data protection, encryption, and security, civil litigation may result. DisputeSoft experts investigate whether software functions in accordance with data protection and encryption specifications set out in a software implementation agreement, and we opine on our findings in the form of expert reports and testimony.
Experts on Data Privacy, Protection, and Security
Jeff Parmet is a widely respected IT dispute resolution specialist who has served as a…
Josh Siegel has substantial experience analyzing copyright, patent, and trade secret cl…
Anne Ackerman has extensive experience in investigating software failure matters, inclu…
Since joining DisputeSoft in 2016, T.J. Wolf has consulted for clients on a variety of…
At DisputeSoft, Evan is a Senior Consultant responsible for analyzing source code in IP…
At DisputeSoft, Aparna assists in drafting expert, rebuttal, and investigative reports…