Data Privacy & Cybersecurity
New and innovative technologies are fundamentally changing the way business is conducted, which in turn is creating novel legal issues in the field of data privacy and cybersecurity. Properly navigating these issues is especially critical due to ever increasing security threats, regulatory changes and enforcement.
Our Data Privacy & Cybersecurity Practice Group understands that security threats and regulatory requirements are continuously shifting, requiring clients to understand an increasingly complex landscape associated with the collection, use and disclosure of both customer and employee personal information. Our lawyers, therefore, recognize the importance of mitigating risks and ensuring compliance with various regulatory frameworks to allow our clients to successfully conduct their businesses without interruption.
We counsel clients on compliance with various statutory, regulatory and contractual requirements; best practices regarding data preservation, protection and destruction; cross-border data transfers; digital forensic examinations; data incident management; government investigations; and litigation and dispute resolution.
- Developing Privacy Policies, Information Security Programs, and Incident Response Plans.
- Providing legal analysis and advice in connection with security breaches concerning personally identifiable information (PII), protected health information (PHI) and payment card industry (PCI) data, including overseeing forensic evaluations, preparing data breach notifications and other communications, overseeing remediation, and responding to inquiries from governmental agencies and affected individuals.
- Providing legal analysis and advice in connection with the California Consumer Privacy Act of 2018 (CCPA), General Data Protection Regulation of the EU (GDPR), the New York SHIELD Act, New York Department of Financial Services Cybersecurity Regulation, the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), the Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standard (PCI-DSS).
- Drafting and negotiating contractual agreements concerning privacy and data security matters, including data sharing agreements, terms and conditions of service and non-disclosure agreements.
- Litigation and Class Action Defense/Cyber Claims, Subpoena Responses, Government Investigations and Regulatory Services relating to (among other things): cyberattacks, data breaches, inadvertent data disclosures, theft of intellectual property, misappropriation of trade secrets, computer abuse or misconduct (such as ransomware, phishing, malware and identity theft), cyber torts, record retention and spoliation issues and white collar criminal defense.
Lawyers in the Data Privacy & Cybersecurity Practice Group work closely with colleagues in the Firm's other Practice Groups, including Corporate & Securities, Governmental Relations, Insurance, Intellectual Property, Technology, & E-Commerce, and Litigation & Alternative Dispute Resolution to provide clients with comprehensive representation.