Breach Prevention & Risk Mitigation

Fox partners with clients in the never-ending battle against data thieves. We work with clients’ IT departments to understand and address their ongoing challenges and help track federal and state enforcement initiatives that regulate the gathering, use, retention and disposal of private information.

Fox attorneys, often serving as clients’ outside privacy counsel, help prevent data theft by:

  • Conducting 360-degree privacy and data security audits
  • Overseeing privacy and data governance
  • Implementing Privacy by Design projects
  • Drafting, redesigning and implementing comprehensive data security and privacy policies
  • Assessing the privacy and security implications of acquisitions, mergers and divestitures
  • Preparing incident response plans for dealing with data breaches
  • Delivering employee privacy and data security training
  • Negotiating third-party contracts
  • Helping clients comply with a wide range of U.S. and global data security laws and regulations:
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Gramm-Leach-Bliley Act
    • Fair Credit Reporting Act (FCRA)
    • European Union’s General Data Protection Regulation (GDPR)

Breach Prevention & Risk Mitigation Work:

  • Served as General Data Protection Regulation (GDPR) counsel to a U.S.-based provider of title insurance and settlement and brokerage services.
  • Serve as outside privacy counsel for a Fortune 500 technology company and device manufacturer, with a special focus on international and health care compliance.
  • Completed a Privacy by Design project for global hospitality company implementing AI technology.
  • Oversaw a privacy and data governance project for a new business model in the auto rental sector.
  • Represent a clinical laboratory with respect to its website and consumer apps and privacy and security policies.
  • Provided guidance to a national title insurance company regarding the divestiture of a joint venture and appropriate safeguarding of PII.
  • Provide HIPAA compliance advice related to the activities of self-funded health plans, including a government health plan in New Jersey, ERISA plans and a Taft-Hartley trust fund.
  • Advised a Pennsylvania school district with self-funded health plans on HIPAA compliance. Drafted privacy and security policies and procedures.
  • Serve as outside technology counsel for a leading UK-based retail data analytics company serving Fortune 500 retailers and branded companies.
  • Prepared and drafted internal and external privacy policies, as well as incident response plans, for a nationwide title insurer; a global food, beverage and supplies distributor; an educational systems provider; an international luxury automobile manufacturer; and a gaming and hospitality company.
  • Serve as privacy and data security counsel to a major nationwide retailer and two global hospitality and resort companies. Work closely with their senior management and in-house counsel to investigate data security incidents: determining necessary state notification obligations; preparing notifications to consumers, state attorneys general and/or law enforcement; working directly with state attorneys general and/or law enforcement; and preparing press releases and responses to FAQs.
  • Regularly advise school districts on the Family Educational Rights and Privacy Act (FERPA) privacy standards.