As privacy laws and cybersecurity regulations rapidly evolve, businesses must proactively protect sensitive data and comply with complex legal requirements. Duckor Metzger & Wynne, APLC, advises companies on privacy compliance, cybersecurity risk management and data protection obligations under state and federal law and regulations, including the Health Insurance Portability & Accountability Act (HIPAA), California Consumer Privacy Rights Act (CPRA), California Invasion of Privacy Act (CIPA), the Cybersecurity Maturity Model Certification (CMMC) and workplace privacy for employers.
DMW provides counseling support for clients in assessing their compliance obligations when handling personally identifiable information (PII), protected health information (PHI) and other confidential or sensitive information accessed, used or maintained in the course of business. Our litigation team is experienced in individual and class actions involving employee, patient and consumer data.
Our team of legal professionals is one of few on the West Coast that assists federal contractors and subcontractors in complying with regulatory cybersecurity requirements imposed by the Department of Defense (Department of War) and in implementing CMMC-compliant standard operating procedures (SOPs). Our attorneys review current business practices and policies to create actionable SOPs that follow NIST SP 800-171 controls, the FAR Controlled Unclassified Information (CUI) Rule and associated DFARS and agency-specific cyber clauses, which can serve as evidence of compliance during third-party security control audits.