Data Protection, Privacy, and Cybersecurity Lawyers Columbus, Ohio

Our Columbus based data, privacy, and cybersecurity attorney has experience working with domestic and international companies in assessing data and privacy compliance, formulating proactive information technology (IT) and cybersecurity policies, and responding to data breaches and advising on notification disclosures.

Our Columbus data and privacy attorneys advise on a range of jurisdictions and regulatory frameworks, including the U.S., Canada, the European Union, China, and Russia. This includes assisting clients in navigating issues like opt-in and opt-out requirements, address harvesting, direct e-mail marketing, spam, and malware under the CAN-SPAM Act, Canada’s Anti-Spam Law, and the EU Opt-In Directive.

Columbus Data Privacy Attorney

There is no one “cybersecurity law” in the U.S. Rather, the U.S. features a patchwork of federal and state security and privacy laws.

When it comes to data security, we assist clients with numerous facets of formulating and analyzing data security standards. This includes assessing current security practices and advising on standards for data control, authentication, data storage, network segmentation, remote access, hardware and employee devices security, and the data practices of service providers.

State Data Breach Notification Laws

Breach notifications can be time consuming and confusing, given that each state has its own breach notifications laws. If nothing else, businesses need to be aware that it does not matter if you do not have employees or offices in a particular state. Generally, if you have customers in a particular state that are affected by a data breach, then the requirements and laws of the state(s) in which your customers reside effect your business.

The differences in state laws can only compound confusion regarding how to respond to a data breach. Different states have different definitions of protected information. Some definitions of protected personal information include medical information, passport information, and dates of birth.

Our Columbus cybersecurity attorney offers expertise on data breach requirements of all 50 states in the U.S. We assist businesses with customer notifications including content and timing, advising on protected information scope and risk of harm

State Data Security Laws

Not to be lumped in with data breach requirements, some states have their own separate state data security laws. These laws apply when your business uses or processes the information of a customer residing in a state that has data security laws. We assist businesses in understanding the administrative safeguards, technical safeguards, and physical safeguards that are required under state data security laws.

Industry Specific Cybersecurity Requirements

Our Columbus cybersecurity lawyer assists businesses with specific industry requirements. This includes the Payment Card Industry Data Security Standard (PCI DSS), the Gramm-Leach-Bliley Act, the Red Flags Rule, the Health Information Portability and Accountability Act, and the Federal Energy Regulatory Agency guidelines.

GLBA and the Safeguards Rule

Our Columbus privacy attorney advises companies on the data security standards of the Safeguards Rule. This includes counseling on Interagency Guidelines, nonpublic personal information, security of customer records, protection from security threats and hazards, and protection from unauthorized access.

Red Flags Rule

Our business law firm works with financial institutions on developing and implementing a Red Flags Rule program. Our privacy attorney help executives and boards of directors understand covered accounts, alert requirements, suspicious personal identity information, and suspicious activity.

HIPAA and the Security Rule

The definitions, scope of, and practical applications of protected health information, business associates, and covered entities can create confusion for even the most seasoned business executives. Our Columbus data privacy attorney advises on numerous areas of the Security Rule, including administrative safeguards, technical safeguards, physical safeguards, and organizational safeguards.

FERC Standards

For electric utility companies, we offer expertise on all facets of the Federal Energy Regulatory Commission standards, including security management controls, personnel and training, systems physical securities, systems security management, recovery plans, configuration change and vulnerability assessments, and information protection.

Other Areas of Expertise Include:

  • EU-US Privacy Shield
  • Swiss-US Privacy Shield
  • Children’s Online Privacy Protection Act (COPPA)
  • Fair Credit Reporting Act
  • China cybersecurity and data localization laws
  • Russia data localization laws
  • Incident response plans
  • Cyber enforcement and responding to hackers, phishers, and data scrappers
  • Notifications and mandatory disclosures
  • Data aggregation and scrapping
  • eCommerce and mCommerce advertising and cookies
  • General Data Protection Regulation (GDPR)

latest thinking at stevens law firm

See All News >>