Data Privacy & Cybersecurity

Our experienced Data Privacy & Cybersecurity lawyers have a rich background in the field of information technology, giving them a fundamental understanding of data management and how data flows within an organization’s IT infrastructure. We appreciate the importance of knowing the law and applying it to relevant circumstances, allowing our clients to effectively develop and deploy their business strategies.

Our lawyers have experience in the following areas:

Compliance Counseling

• Addressing company obligations under applicable privacy laws
  • California Consumer Privacy Act (CCPA)
  • European Union General Data Protection Regulation (GDPR)
• Guidance on regulatory actions and security concerns in a variety of regulated industries including, but not limited to:
• • Healthcare: Health Insurance Portability and Accountability Act (HIPAA)
  • Financial services: Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA)
• Telecommunications
• National security
• Higher education: Family Educational Rights and Privacy Act (FERPA)

Audits & Risk Assessment

• Counseling to address critical security and IP vulnerabilities
• Policy review and data process procedure evaluation to verify compliance and recommend mitigation strategies
• Development of privacy/cybersecurity programs to avoid the risk of breach
• Review of contracts and insurance policies for data breach protection to address additional policy coverage needs with existing vendors and explore options with vendors who are more focused on data privacy and breach awareness

Privacy Program & Policy Development

• Assessment, development, and implementation of achievable and defensible privacy policies
• Development of policy enforcement processes
• Assistance with building a privacy compliance infrastructure that meets or exceeds industry-standard regulatory, compliance, and cybersecurity obligations

Awareness & Training

• Develop awareness and employee training programs to ensure legal compliance and address employee handling/ use of data, permissible usage of IT assets and services and guidance on identity theft issues
• Employer training regarding employers’ rights to monitor/ intercept employee communications

Transactional, Contracts and Third-Party Agreements

• Review and analysis of contractual privacy and data protection assessment
• Due diligence and support during M&A and related transactions
• Review, drafting and updating of contracts with third parties to ensure compliance with data privacy laws and third-party adherence to data privacy laws

Incident Response Planning

• Creation of data breach mitigation plan to communicate effectively and appropriately with agencies, regulators, customers and the public while protecting business integrity and continuity

Litigation

• Evaluation of potential claims
• Assessment of liability risks
• Preparation and implementation of subpoena response policies
• Evaluation of contract disputes
• Client counseling on appropriate responses to regulatory activities
• Providing litigation services in the event of a data breach, lawsuit and/or privacy enforcement agency action
• Prosecuting and defending against civil suits and enforcement actions due to privacy issues