Data Privacy & Security

Data Privacy And Security Lawyer

The statistics are in. No matter the size of your operation, data security can be a big problem. To demonstrate the scope and severity of data breach issues, here are a few statistics: Being familiar with large-scale hacks like those suffered by Target and Experian, you might seek solace in the fact that your business is a small operation. You’re too small to register to hackers, right? Not quite. Here’s the scariest stat of all: 28% of data breach victims are small businesses. Given the way business is done in the modern world, you simply cannot afford to be without a plan when it comes to data security and privacy. A data privacy and security lawyer can help your business manage the risks of data breaches, formulate your response strategy in the event a breach does occur, and help you comply with applicable privacy laws. Jay Hermele has helped small businesses like yours develop privacy policies, and provided advice and counsel on how to best secure sensitive data and manage the risks associated with storing such data. Jay is recognized by the International Association of Privacy Professionals as a Certified Information Privacy Professional in the United States (CIPP/US). This credential is given to those who can demonstrate strong understanding of United States privacy laws and regulations. In addition to this credential, Jay Hermele has had to solve complex data security and privacy issues in his own software startup. This gives him not only a legal understanding of the issues that your business might be facing, but a better practical understanding of those issues and how to solve them in an efficient manner.

The following is presented for general informational purposes only, and should not be construed as legal advice. Your best source for information about your case is to contact an attorney. Increasingly in the world of data privacy, knowledge truly is power. The more you know about the types of attacks that businesses face, the better you can make sure your own business avoids becoming a cautionary tale. The more you can educate yourself, your stakeholders, and your employees about how hackers can breach your company, the more protected you are. To help arm you with some basic knowledge about data breaches, we have summarized a few of the more common types that businesses face.
  • Ransomware. In a ransomware attack, the attacker will encrypt the victim’s files, making them unrecoverable to anyone who does not have the encryption key. The attacker then demands ransom in order to decrypt the files. Ransomware attacks can cause devastating business interruptions.
  • Phishing. Phishing is a variety of “social engineering.” In a phishing attack, the attacker sends a fraudulent message to the victim, in hopes that the victim will reveal confidential information, or perhaps click a link that allows the attacker to place malware on the victim’s server or hardware. You’ve probably seen phishing attacks, but the attackers get more creative and disguise their attacks better every day.
  • Brute Force. This is where an attacker attempts multiple passphrases in an attempt to guess the correct one. Generally, this consists of the attacker running a script to rapidly test passwords. It is important that your organization has requirements around password strength and frequency of password changes.
  • Distributed Denial of Service (DDoS). In a DDoS attack, attackers flood the capacity of a targeted system, making a web service unavailable to its users. This is done by bombarding the target machine or resource with requests, overloading systems and preventing genuine requests from being addressed.
  • Keylogging. In a keylogging attack, the attacker will put malware on the victim’s machine which logs keystrokes. This leads to the attacker obtaining passwords as well as other sensitive information.

Security Policies

A security policy implements controls and procedures within your business to ensure that your employees are properly educated about security risks and taking the correct measures to avoid them. A good security policy gives organization the ability to implement organization-wide controls where appropriate, and disseminate easily understandable and applicable protocols to those employees at touchpoints which have more vulnerability. The Hermele Law Firm can help your business develop a security policy tailored to the specific data security risks faced by your business. Furthermore, we can help develop your company’s incident response plan in the event that a breach should occur.

Privacy Policies

Equally important to data security is ensuring that your business adheres to applicable data privacy laws when handling sensitive information, and also when engaging customers and potential customers online. If your business relies on a digital presence, you should consider implementing or updating your website privacy policy. Your privacy policy should be transparent about what information is being collected from your visitors, and you must also ensure your business adequately adheres to the representations made by your privacy policy. While the United States does not have a federal-level privacy law for everything, such as the European Union, the U.S. does have a patchwork system of privacy laws for certain types of information. Health information is the most well-known information which is regulated for privacy at a federal level—you’ve almost certainly heard of the Health Insurance Portability and Accountability Act (HIPAA). Adding to this, each state has its own data privacy laws. These different laws can make data privacy in the United States difficult to navigate. If you’re looking for guidance, you should talk to a data privacy lawyer.

Data Breach Response Protocols

In the event your business is breached, your state likely has certain laws for data breach notification. You don’t want to wait until the breach happens to formulate a plan. Have a plan in place first to make sure that you avoid liability from individuals affected by the breach and avoid regulatory penalties for failing to satisfy data breach notification. The Hermele Law Firm can assist in the development of your business’s data breach response protocol.

Let Us Help

Ready to talk? We offer free consultations to all potential clients.
Set yours up today.
SET UP A FREE CONSULTATION

Reviews And Testimonials

Client satisfaction is our highest priority; just ask our clients.

Jay was calm, encouraging, and developed a brilliant and simple strategy on how to get my money back. His strategy was successful. I got a 100% refund, and additional negotiations yielded additional benefits.

Bradley C.

Jay Hermele and his team fought for me and recouped my money that I lost to a corrupt business partner. Thank you so much Jay and folk for your consistency.

Tom M.

Jay went up against one of the toughest law firms in Denver for me. He owned it while still being conscientious about my risks and expenses. He’s very sharp, tough and ethical. I’d recommend him highly!

Kurt B.

Contact Us

Tell us about your issue, and we will respond promptly.

69 W Floyd Ave, Suite 306, Englewood,
CO 80110