Cybersecurity And Data Privacy
Andrew Levchuk, Counsellor at Law, LLC, advises businesses, professionals and individuals on protecting their sensitive data and complying with privacy and security laws. He has assisted organizations in formulating or revising data protection and privacy policies to comply with federal and state statutes and regulations. This includes – but is not limited to – bringing clients into compliance with the Massachusetts Standards for the Protection of Personal Information, as well as the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other state and federal legislation. He also counsels businesses and professionals on compliance with the EU General Data Protection Regulation, the California Consumer Privacy Act, the Connecticut Data Privacy Act, and other data privacy statutes and regulations. He assists in responding to inquiries from federal and state regulators, including the Center for Medicare and Medicaid Services, the Federal Trade Commission, and state attorneys general.
Mr. Levchuk works with technical colleagues to protect clients both before and after a data breach. This includes helping companies prevent a breach by conducting risk assessments and helping clients design and implement a cybersecurity program or modify an existing program to meet new conditions. He will also develop incident response plans to put clients in the best position to respond if a breach occurs. In the event of a breach, Mr. Levchuk assists with rapid and comprehensive incident response, including handling communications with cyber insurance carriers and performing after-action analysis.
Mr. Levchuk also performs contract reviews for clients to ensure that vendors protect clients’ data, and maintain the confidentiality, integrity, and availability of data stored offsite with vendors or in the cloud. Mr. Levchuk will assist in reviewing cyber insurance policies to ensure that clients receive the best coverage at the lowest cost.
Representative Matters
- Counseled a public company after a data breach involving a recently-purchase subsidiary.
- Represented a mid-sized company in responding to a suspected breach of customer credit card information due to Russian hackers. Handled reporting to state regulators and negotiating with the client’s vendors and liability insurer.
- Counseled a major New England medical center on suspected network intrusions.
- Assisted a large medical facility in revising existing data privacy and security policies and in adopting new policies to keep current with changing regulatory requirements.
- Obtained favorable settlement for client, victim of a security breach resulting in hackers stealing a real estate down payment of approximately $340,000.
- Assisted Professor Orin Kerr with amicus curiae brief submitted to Supreme Judicial Court in Commonwealth v. Jones, SJC-12564.
- Chaired the U.S. delegation to the G8 Sub-Group on High-Tech Crime in Moscow (2006) and Berlin (2007).