Regulatory Compliance

Our attorneys practice in highly regulated industries, including electric, financial services, health care, public education and telecommunications. For clients who operate in these spaces, our services include deep regulatory experience and knowledge in the ever-changing areas of cybersecurity and privacy.

In the electric industry, we advise our clients on the evolving cyber and physical security requirements that apply to virtually all users, owners and operators of the bulk electric system. Our team includes an attorney who was a former Director of Enforcement of the North American Electric Reliability Corporation (NERC), as well as an in-house counsel to a major gas and electric utility company. We provide comprehensive representation, including commenting on NERC standards as they are being developed, advising on the development of compliance programs and internal controls to increase cyber and physical security (including policies, procedures and design strategies for information and operational technologies used in electric control systems), representing responsible entities in cyber- and physical security audits and investigations and responding to cyber and physical security threats and incidents. We have also been involved with transactional matters involving cybersecurity and the electric industry, including agreements to share critical energy infrastructure information and to coordinate security programs of neighboring utilities. [learn more about the attorneys in our Public Utilities group]

Financial Services
We represent banks and financial institutions on privacy and cybersecurity regulatory requirements, ranging from advising on compliance to assisting with compromises and data breaches. Our attorneys are well-versed in the Gramm-Leach-Bliley Act (GLBA) and FFIEC (FRB, FDIC, NCUA, OCC and CFPB) rules. [learn more about the attorneys in our Financial Services Regulatory and Enforcement group]

Health Care
We advise health care providers and other entities in the health care space on all aspects of the Health Insurance Portability and Accountability Act (HIPAA), including comprehensive compliance strategies and responding to data breaches involving protected health information (PHI) and ePHI.[learn more about the attorneys in our Health Care group]

Public Education
We represent clients in and around the public education industry on compliance with cybersecurity and privacy requirements, including those imposed pursuant to the Family Educational Rights and Privacy Act (FERPA) and state student data privacy laws.

In the telecommunications industry, we advise wireline and wireless telephone providers and Internet service providers on a wide variety of cybersecurity and privacy issues, and we keep our clients up-to-date on the changing expectations of the Federal Communications Commission (FCC). Our work in this space includes advising on complying with Customer Proprietary Network Information (CPNI) rules, drafting internal compliance policies, responding to CPNI breaches, and advising on the status of Net Neutrality/Open Internet requirements.