THE BOURNE FIRM
Experienced on-demand general counsel for small to mid-sized companies not yet ready for full-time general counsel.
Contact : jon@thebournefirm.com ( 303.765.2436
© 2022-2024 THE BOURNE FIRM LLC. All rights reserved.
The following are examples of THE BOURNE FIRM's experience with respect to privacy and security and how that experience could benefit you:
- Counseled concerning a plethora of privacy requirements, including under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Gramm-Leach-Bliley Act, the Federal Information Security Management Act and numerous state privacy laws.
- Advised regarding a full range of security issues, including penetration testing, physical security such as alarm systems, security provisions in services agreements and HIPAA business associate addenda.
- Chaired corporate governance committees responsible for evaluating and managing risks, delivering strategic and tactical direction for governance programs and overseeing common-sense implementation of governance initiatives, including with respect to privacy and security.
- Reviewed and advised regarding security policy and procedures and policy for responsible use of information.
- Reviewed and revised draft section of employee handbook pertaining to privacy and security.
- Extensively analyzed people, process and strategy with respect to the company’s privacy and security compliance, critical and material risks and action plan for addressing those risks.
- Executed all functions of privacy officer with overall responsibility for every aspect of privacy compliance.
- Drafted, refined and finalized privacy policy with respect to privacy of healthcare and other information in accordance with requirements of federal law and other applicable law.
- Developed and implemented refined approach to initiating, conducting and managing privacy and security investigations, directing outside counsel when necessary and developing investigation strategy based on business process improvement, solutions-focused fees and clear accountability, including litigation hold notices for non-destruction of potentially relevant information and corporate governance.
- Advised extensively regarding privacy and security incidents, including counseling with respect to security breach notification laws and contractual requirements pertinent to incidents.
- Was instrumental in completion of internal investigations relating to security incidents.
- Drafted and delivered notices of security breach in accordance with applicable law.
- Collaborated with U.S. Secret Service and Federal Bureau of Investigations in investigation of criminal theft of personally identifiable information, including assisting with evidence necessary for conviction and sentencing.
- Reviewed, analyzed and advised regarding letter resulting from investigation that summarized the action a company would take to prevent future accidental releases of protected health information.
- Reviewed, analyzed and advised with respect to insurance for security breach incidents.
- Advised concerning key issues relating to proposed transmittal of protected health information by electronic mail.
- Reviewed and advised concerning requirements for recording of calls.
- Advised regarding use of electronic recording devices to control loss of products.
- Reviewed and advised regarding policies relating to payment card industry security standards compliance.
- Analyzed and advised regarding privacy requirements for use of customer data.
- Drafted consent and release for use of photographs of employees in national publications.
- Advised regarding release of tax identification numbers of vendors to service provider in connection with implementation of vendor management system.