Privacy & Cybersecurity

Best Best & Krieger LLP takes an inter-disciplinary approach to privacy and cybersecurity, integrating attorneys from across practice groups with backgrounds and training in relevant areas, such as health privacy and security, employee data privacy, business and customer records and government records. Serving multiple sectors, including health care, business, local government and education, BB&K attorneys work closely with clients to understand their organizations and provide timely and responsive advice on privacy policies and approaches to real-world problems that arise. We bring a depth of experience in California law, litigation and information technology to assist clients with drafting policies related to privacy and cybersecurity, public record disclosure and retention, personnel issues and technology agreements.

Online Privacy
The BB&K team works with businesses and public agencies on issues related to online privacy, including compliance with the California Consumer Privacy Act, or CCPA, and the European Union General Data Protection Regulation, known as GDPR. We develop website privacy policies and advise on data disclosure, user consent and data storage and retention in relation to personal and financial information collected through websites or applications.
 
We also help clients draft online privacy policies and disclosures to meet the requirements of the California Online Privacy Protection Act, or CalOPPA, Controlling the Assault of Non-Solicited Pornography and Marketing Act, best known as CAN-SPAM, the Children’s Online Privacy Protection Act, known as COPPA, the Telephone Consumer Protection Act, known as the TCPA, the Stored Communications Act and federal fair information practices.
 
Data Incident Preparedness & Response
BB&K attorneys counsel clients on data breach reporting responsibilities, data breach responses, responses to ransomware and other hacking incidents, and investigations by federal and/or state regulators. When an incident occurs, we assist with forensic investigations and crisis management activities, press releases, notifications to affected individuals, communications with regulators and credit card issuers and responding to federal and state regulatory inquiries and investigations.
 
Health Care Industry & Health Data
BB&K attorneys are well-versed on, and routinely advise both public sector and private sector clients on, health privacy laws, including the Health Insurance Portability and Accountability Act, known as HIPAA, the California Confidentiality of Medical Information Act, federal Substance Abuse Confidentiality regulations and California laws governing sensitive records, such as HIV test results and mental health records subject to the Lanterman-Petris-Short Act. Our attorneys also have experience with health care security standards, including National Institutes of Standards and Technology standards.  

Supply Chain Issues and Technology Contracting
BB&K attorneys work regularly with management and staff of private companies and public agencies on the drafting and negotiation of contracts for services, technology and the development and financing of critical infrastructure and capital projects, including the replacement of major software systems. This work includes taking the lead role in the drafting and negotiation of software and hardware agreements, technology licensing and other related technology contracts. Further attention is given to examining security issues in vendor agreements and protection of trade secrets in the supply chain. 

Employees & Remote Working
BB&K attorneys counsel employers on the cybersecurity risks presented by remote working and BYOD, or “bring your own device” policies. We counsel employers on creating a culture of cybersecurity within their organization through the use of administrative, technical and physical safeguards. We also counsel employers on the privacy implications of employee monitoring and obligations imposed on employers by legislation, such as the Stored Communications Act.

Public Agency Experience
With one of the largest public agency-focused practices in the U.S., BB&K attorneys are distinctly qualified to counsel public entities on privacy and cybersecurity issues that are unique to the public sector. These include the privacy of government records, in particular:

• Confidentiality of police department and criminal records
• Transportation records and smart city privacy and data sharing issues
• Customer records held by local government (e.g., related to utilities)
• Employee privacy issues, including laws regulating the collection, use and/or handling of applicant data and personnel records, privacy policies and record retention
• Data breach reporting laws, including the California Information Practices Act
• Ways that the CCPA and GDPR may impact government records

Our Services
BB&K provides privacy and security services including the following:

• Conducting and overseeing Privacy Impact Assessments, compliance audits and security risk assessments
• Providing day-to-day privacy compliance counseling
• Developing and presenting training on privacy and security compliance
• Developing and reviewing customized privacy, security and incident-response policies
• Guiding data breach response and reporting
• IT contracting, including negotiating licensing agreements and privacy and security contract provisions for vendor agreements
• Counseling on privacy of government records and providing California Public Records Act guidance and response
• Developing strategies for data sharing and information exchange and agreements care functions
• Developing website privacy policies and data retention and storage strategies
• Cyber insurance coverage issues and claims