McCormick & O'Brien, LLP
Solutions to Problems

Cybersecurity & Data Privacy

Cyber-security & Data Privacy


In today’s digital economy, companies are faced with unprecedented challenges of managing privacy and cyber-security risks associated with the collection, use and disclosure of various types of data.     These complexities makes it imperative that modern businesses have a sophisticated understanding of their cyber-risks in order to effectively compete in today's marketplace. We work with clients to assess their preparedness and help clients put themselves in the best possible position to prevent a breach, and to effectively respond to, and minimize the damage from, any breach when it occurs. 


McCormick & O’Brien offers clients a complete a Cyber-Sessment® — a holistic cybersecurity audit which identifies an organization’s vulnerabilities, determines its overall cyber resiliency, and creates a security baseline to measure against.  In addition to focusing on technical aspects with our vendor partners through penetration testing and security checklists, we guide our clients understanding of their organizations human and physical resources by assessing the strengths and weaknesses of an organization’s security culture.   This includes analyzing client’s leadership, HR policies and practices, IT governance, physical defenses and the cybersecurity awareness and accountability of its staff, its partners and vendors.

Breach Preparedness & Training.

Once we have identified the client’s vulnerabilities, we work to develop or improve a holistic approach to data privacy management to minimize the risk of a data breach and to put the company in the best position to respond if a breach occurs.   We help our clients develop privacy and data security strategies by working collaboratively to develop custom-made privacy and security programs that address business, financial, legal and reputational risks while meeting each client’s individual needs and budgets.   Once programs are adopted, we provide thorough training to our clients’ employees and management on the tactics and techniques used by hackers, why clients could be targets themselves, and how clients can protect against data collection and attacks.  Because humans are the “Achilles heel” of most network security programs and most security safeguards are undermined by human error, we offer thorough cyber-security training that creates awareness and hardens personnel to an attack. Our comprehensive services include: 

  • Privacy and Cyber Policies. Development and implementation of privacy and data use policies and procedures that comply with applicable laws and generate consumer and business partner confidence, revenue and flexibility
  • Incident Response Plans.  Preparation of company specific incident responses plans and implementation including table exercises and drills. 
  • Vendor Management. Analysis, negotiation and drafting vendor agreements relating to privacy and information management. 
  • Records Management. Preparing comprehensive records management programs, including policies, procedures, guidelines and training modules that can enable companies to save millions of dollars by eliminating the unnecessary storage of physical records and reducing the unnecessary retention of email or other electronic records. 
  • Cyber-insurance.  Guiding clients through the application process and procurement of cyber-insurance coverage ensuring a complete understanding of the policies terms and coverages. 
  • Training and Cyber-security Awareness.  Customized training at all organizational levels from C-level to administrative staff in order to minimize risks of manipulation and exploitation of human error through spear-phishing and social engineering aimed at stealing client data.

Breach Coaching and Response.

In the event of a breach, we provide rapid and comprehensive incident response under the protection of the attorney-client privilege.  We can assist clients in determining the source and scope of the breach, assessing regulatory compliance requirements, managing notifications and call centers, and conducting after-action review. We work as part of a multi-disciplinary team that is frequently involved immediately after a data breach or hacking incident to help a client evaluate and manage all aspects of the event, often with our lawyers leading the investigation, coordinating notification to affected individuals and other aspects of public notification and coordinating the incident response.  Because   cybersecurity breaches implicate multiple risks and response issues, we represent our clients with an interdisciplinary and coordinated team that includes not only members of our Cybersecurity practice, but also, as appropriate, insurance claims adjuster, and technology and security consultants.