
Does your organization struggle to keep up with HIPAA regulations? Or maybe you’re never quite sure if your privacy policy will hold up in court? Meet Sameer Ponkshe, an incident response and data privacy attorney on the Octillo team who actually loves this stuff.
With a deep understanding of the challenges businesses face when it comes to compliance and privacy issues, Sameer thrives on building solutions that protect and prepare you and your business. He also possesses the right skills and experience to counsel your team when a strategic response is necessary to recover from a data breach or other cybersecurity incident.
Sparked interest in cybersecurity
After earning his J.D. from Pace University School of Law, Sameer spent his first few years in private practice gaining experience in real estate and land use law, and his first experiences in litigation, allowing him to elevate these valuable skills early in his career.
After much reflection, he stepped away from private practice for a few years, hoping to find a new and engaging opportunity. He accepted a role at AIG Insurance in New York City, handling environmental claims for the large insurance carrier. The work required research, analysis, and fast response, and representing the insurance carrier is a valuable perspective that he relies on today.
Sameer was living just outside of the city, which meant he had lots of time to read as he rode the train on his long commute. He started spending these hours reading everything he could find about data privacy and cybersecurity, and his interest was sparked.
“I was drawn to the parallels between cybersecurity and environmental incidents, which was the focus of my work at AIG,” said Sameer. “Both types of incidents require immediate action from a team of experts representing the needs of the client and the carrier – while also meeting legal requirements. It’s truly all hands on deck.”
Two years later, he was back in private practice, joining a large firm and working on complex commercial litigation. Some of this work included incident response and data privacy, and he truly enjoyed the meaningful work of helping clients navigate these difficult situations.
The cybersecurity work was managed by a small team tucked inside a large firm that mostly focused on litigation, so it was soon evident to Sameer that expanding his experience in cybersecurity would require going to a firm where that was the main focus. He had found his passion, and it was time to find a place to further develop in this area of law.
Finding the right fit
Sameer wanted to find a firm solely focused on privacy law and data security, which offered experience in both incident response and privacy/security compliance. Octillo was a great fit, and he was immediately drawn to the firm after learning more about the skilled and diverse team which truly believed in a ‘proportional response’ to any matter – giving clients exactly what they need based on the size of their organization and the scope of the situation.
Even more, the firm’s approach to how they counseled their clients aligned to his work style.
“The team goes deeper than just presenting appropriate legal requirements and regulations,” said Sameer. “We outline pros, risks, and rewards of each scenario, allowing a client to make fast, well-informed decisions in evolving and critical situations.”
Navigating the complexities of HIPAA regulations
Much of Sameer’s work at Octillo centers around the healthcare industry, and his expertise is invaluable to any entity covered by HIPAA regulations. He is drawn to the complex compliance and privacy regulations that often change each year. This keeps the work interesting and challenging, which fuels him.
“The U.S. Department of Health & Human Services (HHS) is one of the most active regulatory agencies in the country, and they leave no stone unturned,” says Sameer. “They take enforcement very seriously and will impose fines on organizations of all sizes.”
In his role as breach coach, Sameer leads clients through a suspected or actual cybersecurity incident. His expert analysis will ensure any notification requirements are met and the business can restore safe operations as quickly as possible.
His previous role at the insurance carrier also provides great efficiency as all sides work together toward resolution. He understands what information the carriers need to properly evaluate an incident.
Protecting the future
Organizations have a legal responsibility to have processes and policies in place to protect personal information and hopefully avoid costly cyber incidents.
Sameer works with clients to build appropriate privacy policies, and describes a good policy as an interesting blend of legal requirements and clear, concise language which he confidently drafts after many years of experience.
“Using a template found on the internet might not provide the legal protection that entities need to avoid costly litigation,” he says.
Once built, these policies need to be consistently reviewed, tested, and revised. Sameer’s clients understand the importance of this testing, and he coaches them through cybersecurity training and tabletop exercises – better preparing company personnel and leadership.
“There is great value in thinking about ‘what did we avoid’ by conducting this work, but we also try to demonstrate to clients all the benefits that come with having appropriate privacy and security controls in place” said Sameer. “It’s important to realize that it’s not a matter of ‘if’ but ‘when will’ a cyber threat occur.”