Data Security & Privacy

Gill-Ragon-Owen-Data-Security-Privacy-Image

Data Security & Privacy

An Innovative and Comprehensive Approach to Data Security
 
Gill Ragon Owen approaches data security and privacy concerns differently than most firms do.
 
We meet you where you are in the data security process so that we may share our experience in ways that best suit your needs.
 
Most business managers and executives know little more about data security than what the media reported about the latest data breach. Many small-to-medium-sized clients assume their business is too small or not “Internet-based” enough to interest cyber-criminals. Others assume their information-systems staff has adequately protected them and that good data security begins and ends with the security of their computer network. These assumptions are usually wrong.
 
Data security can feel overwhelming, but it doesn’t have to. We consult with our clients to determine their data security deficiencies; prioritize the process of correcting any deficiencies; and advise on drafting and adopting policies and practices to achieve and maintain strong operational data security.
 
Preventative Data Security Services
 
In addition to straightforward consulting services, we provide an array of preventative services, including:
 
Data security assessments—designed to give clients a snapshot of their data security profile before a breach occurs
Risk exposure-compensating mechanisms tailored to each client’s exposures, objectives, and budget—from employee-training products to advising on cyber-insurance policies
 
Our clients operate in many different regulatory environments, from highly regulated sectors such as banking and healthcare to less-information-regulated businesses such as restaurants, manufacturing, and professional services. But every business that takes credit (or debit) cards or handles sensitive information about people must comply with laws and industry standards as diverse as dozens of unique state breach notification laws, the Payment Card Industry Data Security Standards, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Electronic Communications Privacy Act, the Family Educational Rights and Privacy Act, the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, the Federal Trade Commission Act, Sarbanes-Oxley, among many other federal and state laws.
 
A principle underlying each regulatory framework is the notion that businesses that handle personal information should take reasonable steps to protect it. Gone are the days when a firewall and anti-virus software were adequate protections. To prove that they are good stewards of sensitive information, businesses must implement and maintain policies, practices, and protocols that meet current industry standards, including external assessments and periodic reviews. We advise small-to-medium-sized businesses on meeting these obligations using frameworks—such as COBIT, GAPP, and NIST—that match the nature, complexity, and ambition of a client’s business objectives and needs.
 
Companies need to protect themselves from internal threats such as employee theft or sabotage in addition to external threats such as exfiltration of proprietary secrets and intellectual property.
 
Data Breach Response Services
 
Finally, we can help in the event of a data breach. Breach responses require actions that are fast and focused, as well as careful and deliberate. Missteps can be costly, and intuition is generally a bad guide. Unplugging an infected computer, for example, can result in the permanent loss of valuable forensic clues from a computer’s random access memory. And ignoring or covering up an event is always a bad choice. We offer guidance with public relations responses, forensic investigations, regulatory disclosures, notification obligations, insurance claims, and suits against responsible third parties.
 
We welcome the opportunity to discuss your data security and privacy needs.
 
Publications