The Hintze Law PLLC award-winning Cybersecurity Group provides first-class, strategic counseling on pragmatic solutions to cybersecurity legal requirements, in the trenches guidance on data incidents and breaches, and efficient and effective representation in regulatory investigations.
Our Approach
While breaches happen every day, we know that when they happen to your company, they can be incredibly stressful. When your company is a Hintze Law client, we partner with you as a trusted advisor navigating you through breach response activities. Investigating the incident, containing and remediating it, understanding the legal and contractual obligations, developing strategies and arranging logistics to notify and support impacted customers and individuals, and responding to press and government inquiries may all be happening simultaneously. How skillfully each of these workstreams are managed will determine how your employees and customers, regulators, and the media perceive the breach and your brand. We pride ourselves on a response strategy that focuses not only on compliance but on minimizing publicity and preparing clients to be in the best position to respond to legal or regulatory investigations.
What Distinguishes Us
Our firm focuses exclusively on privacy and data security. That means the team members partnering with you on the response activities will have deep knowledge and experience on privacy, data security, cybersecurity laws, breach notification requirements, and the regulatory and litigation environment.
Our clients consistently praise us for our technical acumen. While we don’t handle the technical side of forensics work and mitigation, we work side by side with engineers and forensics vendors to help understand the underlying problems and potential solutions which helps us help you better understand the legal implications of priorities and decisions.
While we can help in the event of a regulatory inquiry or investigation, our goal is to help you avoid or survive such scrutiny. We also do not litigate at Hintze Law, which means we will never upsell or cross-sell you on litigation services.
Our Experience
· Assisting clients in a variety of industries including mobile, cloud, telecom, health and financial, from startups to Fortune 50 technology companies in establishing, maintaining, and maturing cybersecurity and data breach response programs.
· Strategically guiding clients in all industries in response to data breaches ranging in size from a single record of highly sensitive classified information to tens of millions of records resulting from domestic and foreign cyberattacks, malicious hacking, phishing, advanced persistent threats, ransomware, email compromise, malware, lost and stolen laptops and other data devices, and bad actors within the company such as employee theft of customer lists and sensitive data.
· Navigating client responses to global data breaches, including regulatory notifications and notifications to individuals in every state and in countries around the world.
· Regularly representing clients in privacy and security investigations and inquiries from the Federal Trade Commission, state attorneys general, international data protection authorities, and members of Congress.
· Developing strategies for responding to investigations and reports by media, privacy organizations, and researchers, including on data breaches, security vulnerabilities, and privacy and cybersecurity practices.
· Supporting clients on FBI and government investigations of security threats.
· Counseling on HIPAA and HITECH Act security assessments and health data breaches.
· Guidance on PCI-DSS, GLBA, and other laws applicable to financial and credit card data.
· Advising on SEC and government inquiries including disclosures and mitigation responses regarding compromised software (e.g., SolarWinds).
· Drafting, enhancing, and testing privacy and cybersecurity incident response policies, plans, and protocols.
· Negotiating difficult cybersecurity and breach terms in security addendums, EU and UK SCCs, and other forms of data protection agreements.