Data Privacy & Cybersecurity
Capabilities

Leech Tishman’s Data Privacy & Cybersecurity Group is positioned to counsel clients on preparing for and responding to data, privacy, and cybersecurity challenges. We offer clients a full spectrum of counseling and litigation capabilities, with a focus on privacy, data protection, information security, Internet and computer/cyber law, e-commerce, and consumer protection.
The field of data privacy and cybersecurity is complex and oftentimes multidimensional. Our attorneys are skilled in assisting clients with the implementation of preventative measures to reduce data breaches, protect their data assets and limit operational disruptions. We regularly counsel businesses on protecting data and personal consumer information in compliance with applicable data privacy laws including the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR) and help them navigate these highly technical regulations to avoid significant liability.
Our experienced Data Privacy & Cybersecurity lawyers have a rich background in the field of information technology, giving them a fundamental understanding of data management and how data flows within an organization’s IT infrastructure. We appreciate the importance of knowing the law and applying it to relevant circumstances, allowing our clients to effectively develop and deploy their business strategies.
Our lawyers have experience in the following areas:
Compliance Counseling
- Addressing company obligations under applicable privacy laws
- California Consumer Privacy Act (CCPA)
- European Union General Data Protection Regulation (GDPR)
- Guidance on regulatory actions and security concerns in a variety of regulated industries including, but not limited to:
-
- Healthcare: Health Insurance Portability and Accountability Act (HIPAA)
- Financial services: Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA)
- Telecommunications
- National security
- Higher education: Family Educational Rights and Privacy Act (FERPA)
Audits & Risk Assessment
- Counseling to address critical security and IP vulnerabilities
- Policy review and data process procedure evaluation to verify compliance and recommend mitigation strategies
- Development of privacy/cybersecurity programs to avoid the risk of breach
- Review of contracts and insurance policies for data breach protection to address additional policy coverage needs with existing vendors and explore options with vendors who are more focused on data privacy and breach awareness
Privacy Program & Policy Development
- Assessment, development, and implementation of achievable and defensible privacy policies
- Development of policy enforcement processes
- Assistance with building a privacy compliance infrastructure that meets or exceeds industry-standard regulatory, compliance, and cybersecurity obligations
Awareness & Training
- Develop awareness and employee training programs to ensure legal compliance and address employee handling/ use of data, permissible usage of IT assets and services and guidance on identity theft issues
- Employer training regarding employers’ rights to monitor/ intercept employee communications
Transactional, Contracts and Third-Party Agreements
- Review and analysis of contractual privacy and data protection assessment
- Due diligence and support during M&A and related transactions
- Review, drafting and updating of contracts with third parties to ensure compliance with data privacy laws and third-party adherence to data privacy laws
Incident Response Planning
- Creation of data breach mitigation plan to communicate effectively and appropriately with agencies, regulators, customers and the public while protecting business integrity and continuity
Litigation
- Evaluation of potential claims
- Assessment of liability risks
- Preparation and implementation of subpoena response policies
- Evaluation of contract disputes
- Client counseling on appropriate responses to regulatory activities
- Providing litigation services in the event of a data breach, lawsuit and/or privacy enforcement agency action
- Prosecuting and defending against civil suits and enforcement actions due to privacy issues