Data Protection, Breach & Privacy

BRG experts and consultants analyze class certification issues and assess damages related to allegations of data breach, unauthorized access to private information, and misuse of personally identifiable (PI) data and protected health information (PHI). As part of that analysis, BRG experts and staff assess issues of economic value of data, causality between the allegation and purported harm, and assessment of common evidence to quantify this purported harm on a class-wide basis.

BRG also leverages its credentialed experts (e.g., MIST, CISSP, CISA, CDPSE, QSA, PCIP) to analyze, opine on, and testify on technical incident response issues in these matters. Specifically, these experts (1) evaluate the implementation of cybersecurity controls to protect the confidentiality, integrity, and availability of information and compare against industry standards; (2) assess compliance with international privacy regulations; (3) address issues related to methods of attack, data exfiltration, and vulnerability exploitation; and (4) discuss topics related to online marketplaces for stolen data (i.e., Dark Web), misuse of stolen data, and methods of mitigations. These experts can also conduct a privileged parallel review of the response to the attack by the company and its forensic vendors.

Select past engagements include:

Class action against a health insurance provider regarding a data breach exposing healthcare and other personally identifying data
Class actions against financial institutions regarding data breach incidents
Class action against a technology company regarding its collection and use of personal information, including users’ geolocation data
Government action against a healthcare provider regarding a security vulnerability in its electronic health record (EHR) software

See All Professionals

Consumer Protection, Product Liability & Environment

Data Protection, Breach & Privacy

Related Services