Services
Data Privacy & Cybersecurity
Organizations that fail to manage their data privacy and cybersecurity risks face significant exposure, from regulatory penalties to reputational harm. Fey LLC helps clients understand and address those risks through practical, cost-effective solutions.
Comprehensive Privacy & Security Support
Fey LLC provides end-to-end data privacy and cybersecurity advisory services for multinational and U.S. corporations across technology, healthcare, financial services, retail, manufacturing, and more.
- Global data privacy and cybersecurity risk assessments
- Phased remediation recommendations
- Data protection impact assessments
- Privacy policy and notice drafting
- Data subject rights procedures
- Cross-border data transfer guidance
- Security incident and breach response assistance
- Vendor selection and monitoring procedures
- Cyber insurance policy review
- M&A due diligence support
- Privacy expert witness services
Why Fey LLC?
Principal Laura Clark Fey is one of only 27 U.S. lawyers recognized as an IAPP Privacy Law Specialist and holds the CIPP/US, CIPP/E, CIPM, FIP, and AIGP certifications. She has been recognized as a Super Lawyer® in Missouri and Kansas for 12+ years.
Global expertise
Fey LLC has deep experience with EU-U.S. data transfer frameworks, GDPR compliance, CCPA/CPRA, state comprehensive privacy laws, HIPAA, and the full spectrum of U.S. federal and state privacy regulations.
Frequently asked questions
How can our company guard against business email compromise and fraudulent wire transfers?
Business email compromise typically begins with a phishing or account-takeover attack that lets criminals impersonate an executive or vendor and redirect payments. Fey LLC helps organizations implement layered defenses, out-of-band payment verification procedures, multi-factor authentication, dual-approval controls for wire changes, and employee awareness training. We also advise on rapid response steps, including notifying your bank and the FBI, when a fraudulent transfer is suspected so funds can potentially be recovered.
What should we do when we discover a data breach, and what are our notification obligations?
On discovery of a suspected breach, the priority is to contain the incident, preserve evidence, and launch a privileged investigation to determine what data and individuals were affected. Notification obligations vary by jurisdiction and data type, all 50 U.S. states, plus laws like HIPAA and the GDPR, impose differing deadlines and content requirements. Fey LLC guides clients through incident response and the analysis of which regulators, individuals, and business partners must be notified, and within what timeframes.
How do we select and oversee a forensics or incident response service provider?
Choosing the right forensic firm before an incident, and engaging it through counsel, helps preserve privilege and ensures a defensible investigation. Fey LLC assists clients in vetting providers, structuring engagement letters, and overseeing the forensic work so that findings support both regulatory response and any subsequent litigation. We help confirm the provider has appropriate expertise, capacity, and chain-of-custody practices for your environment.
Can phishing training and penetration testing actually reduce our cyber risk?
Yes. People remain the most common entry point for attackers, so simulated phishing campaigns and social engineering training measurably reduce click rates and reporting delays over time. Penetration testing complements training by identifying technical vulnerabilities before adversaries exploit them. Fey LLC helps clients design these programs, oversee the vendors that conduct them, and document the results to demonstrate reasonable security to regulators and insurers.
How can we reduce litigation risk from website tracking technologies under TCPA, CIPA, and VPPA?
A wave of class action litigation now targets website pixels, session replay tools, chat features, and video tracking under statutes like CIPA, the VPPA, and the TCPA. Fey LLC helps clients inventory the tracking technologies on their sites and apps, evaluate consent and disclosure practices, and remediate high-risk configurations. Proactive assessment and updated privacy notices can substantially reduce exposure to these increasingly common claims.