Privacy, Cybersecurity and Data Innovation

Shipman’s Privacy, Cybersecurity and Data Innovation team offers practical advice that allows our clients to strike the right balance between compliance and business objectives while remaining competitive in a constantly evolving marketplace. Data and personal information are increasingly valuable and increasingly risky business assets. With skills valued by companies that maintain an online presence nationally, and globally, our attorneys have hands-on business experience that enables Shipman to provide strategic business consulting on all aspects of information policy including privacy, cybersecurity, data incident response and records management.  Our Privacy, Cybersecurity and Data Innovation team serves complex, highly regulated sectors such as life sciences, healthcare, education, finance, banking, manufacturing, information technology, government and insurance. Shipman lawyers understand the currency and value of data within each of these market sectors and the innovation needed to stay ahead of competitors while remaining compliant with multi-national regulations.

• Privacy: With lawyers holding privacy certifications from the International Association of Privacy Professionals, Shipman’s Privacy, Cybersecurity and Data Innovation practice group draws on in-depth experience in the privacy issues facing specific sectors and provides clients a special combination of depth, national experience and accessibility. Our dynamic and diverse team of lawyers and professionals guides clients across sectors and jurisdictions through each step of the data privacy and protection lifecycle — from initial information collection, management, protection, disposal and regulatory compliance to post-breach responses, notifications and litigation.
  
  Our lawyers advise on compliance with all federal and state privacy and information responsibility requirements, including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI DSS), as well as international standards such as the EU General Data Protection Regulation (GDPR).
• Big Data Management: Shipman’s Privacy, Cybersecurity and Data Innovation lawyers counsel clients regarding data governance, data security risk assessments, development of incident response policies and procedures, table-top and other simulation exercises. Our team helps clients ensure their data is high quality and accessible for business intelligence, big data analytics applications and technologies while verifying that their business activities comply with applicable law.
• Emerging Data Technologies: Shipman’s Privacy, Cybersecurity and Data Innovation lawyers counsel clients on the adoption and investment in, and development of emerging technologies. Our team helps clients to implement best practices for compliant data use, and to monetize the value of their own digital assets in the context of partnerships, data licensing, and other transactions with emerging technology companies. Our lawyers advise clients on bringing data-centric products and services to market by developing strategies to proactively address privacy and security, and to establish confidence and credibility with customers while maximizing data value. In addition to a breadth of experience with health-related emerging data technologies, we have experience with artificial intelligence (AI), cloud services, augmented reality/virtual reality systems and automated machine learning.
• Healthcare: Shipman lawyers counsel healthcare clients on complex, industry-specific state and federal privacy and data security regulations including HIPAA and the Health Information Technology for Economic and Clinical Health Act (HITECH). They advise healthcare clients on HIPAA and state law compliance regarding privacy policies and procedures, release of medical information, and access to medical records. Our team defends healthcare clients in investigations brought by the Office of Civil Rights (OCR), and clients across industries in investigations brought by state attorneys general following privacy and security incidents. Within our Privacy, Cybersecurity and Data Innovation practice group we counsel healthcare, digital health, and health information technology clients on a variety of data issues including the implementation and use of electronic health records, health data and health information exchanges, privacy and security best practices in healthcare environments, and compliance with the information blocking provisions of the 21st Century Cures Act.