Areas of Expertise
and Recent Projects
Assist clients with HIPAA and HITECH security requirements and policies, security assessments, OCR audit preparation, and breach-notification requirements. Work with clients on new mobile and cloud computing initiatives, from contracts to security protocols.
Prepare cloud computing contracts and security requirements for telecommunications providers, counsel regarding Commerce Department export control and deemed-export issues such as development of technologies and encryption systems.
Advise contractors on security incident contracting and breach incident response, DOD and SEC security standards, general security regulatory requirements and liability exposures, industrial espionage and trade-secret theft representation, counseling with respect to DOD NISPOM 1-301 breach notification obligations. Work with clients on SCADA system vulnerabilities and the APT.
Counseling on GLB and SO security requirements, data-breach exposures, and response. Conduct compliance and incident-response training exercises.
Utilities and Power
Advise clients on generally applicable security requirements relating to the protection of PII and retail transactions, as well as on NERC security standards. Work with clients on policies to remediate and plan for SCADA vulnerabilities, using classified information provided by federal law enforcement.
Assist clients with protecting the integrity of their supply chains, including examining the security of supply sources and delivery mechanisms to ensure that component parts and services are free from malicious threats, and final products and services can be certified and trusted.
Conducting privacy and data security liability audits of company intranet and extranet, including evaluation of ramifications of new state employee privacy-protection requirements, as well as an evaluation of Commerce Department export control issues related to international intranet and protection of company trade secrets and proprietary information.
Areas of Expertise
Cook and his team possess valuable, in-depth experience in the following areas:
- Breach notification and representation before regulators
- Data transfer and representation before regulators
- eDiscovery issues relating to U.S. and European litigation
- EU data privacy compliance
- PIPEDA data privacy compliance
- Industrial espionage investigations and litigation
- Intellectual property litigation
- Trade-secret protection and litigation
- Bring your own device (BYOD)
- Cloud computing, contracts, and security
- Computer intrusion
- Crisis communications
- Defense contracting and security
- Employee data management
- Employer and employee relations and privacy
- Encryption policy deployment and export controls
- Global data transfer
- Government and criminal investigations
- HIPAA and HITECH security assessments and audits
- Identity and credential theft
- Incident response
- Mobile data privacy
- Payment credit-card industry data security standards (PCI DSS)
- Privacy consulting
- Regulatory consulting on security standards
- Safe-harbor provisions
- Technology export and import controls