Or Call 646-504-3138

Security & Compliance

The landscape of laws and regulations governing the collection, use, disclosure and security of personal information is rapidly expanding and changing.  The complex and sometimes conflicting obligations imposed by these laws can be challenging for companies seeking to comply with their privacy and data security obligations. And compliance with the law and protecting individual’s privacy is not just a legal issue.  Failure to ensure security of data can severely damage a company’s brand, and influence consumer buying decisions.  We are able to offer practical advice that helps our clients balance compliance with running a business in a cost-effective manner.

We advise on a wide range of privacy and data protection matters, including: risk mitigation; information handling; security policies and procedures; regulatory compliance; data transfers; training programs; compliance audits; privacy policies; and more.  We advise not only on the law but also on best practices and industry norms.


We create a personalized security program to meet the specific needs of your business.  Individualized programs can include a full set of security policies and procedures, controls appropriate to the size and scope of the business as well as the risk level and type of data processed/stored, an employee training program, etc.

Data Security

    • Needs analyzed based on industry, risk, and applicable regulations.
    • Recommendations regarding data loss prevention (DLP) and other security software and programs.
    • Advice on compliant monitoring and recording of communications to, from and within your business.
    • Recommendations on how to deal with and respond to a data security breach.

Physical Security

    • Review of access to physical space (including office, LAN Room, parking areas, etc.) and how best to protect it.
    • Advice and help with implementation of cameras, alarms, monitoring systems.

Disaster Recovery

    • Determination of business continuity needs/requirements through coordination with information technology, human resources and executive management departments.
    • Source disaster recovery vendors and choose one appropriate for needs, size and pricing.  Set up of disaster recovery site.
    • Draft and creation of Business Continuity Plan.  Set up and training of Business Continuity Management Team.


We will review or draft and implement company policies and procedures for compliance with applicable and appropriate email rules, employment rules, privacy laws, data security rules and regulations, etc.

These include but are not limited to issues involving:

    • Privacy requirements – The Health Insurance Portability and Accountability Act (HIPAA), EU Safe Harbor framework, Gramm-Leach-Bliley Act (GLBA), FCC regulations.
    • Data security and controls – International Organization for Standardization (ISO) 27001/27002 Information Security Management System, Payment Card Industry Data Security Standards (PCI), Statement on Auditing Standards (SAS-70) audits, individual state laws including Massachusetts 201 CMR 17.
    • Email – CAN-SPAM Act