Privacy & Data Security
Helping clients comply as they innovate.
Our team of business, intellectual property and litigation attorneys advises on all aspects of privacy compliance, information handling, data security, breach preparation and response, enforcement and other related litigation. We guide clients in taking practical steps to meet their legal obligations and mitigate operational and reputational risks.
Several of our privacy professionals have achieved their International Association of Privacy Professionals privacy credential. Our ranks also include former technology professionals, engineers, and software developers. While each attorney on our team brings a distinct skillset, the one common denominator is that we are fluent in the technology and sophisticated data management systems used by businesses competing in today’s economy.
We recognize that an effective compliance program must be tailored to each client’s operations, data practices, and risk profile. We draw upon our collective experience and deep regulatory knowledge to help clients enhance their cybersecurity architecture and navigate their legal and regulatory requirements in the U.S., Europe and globally.
Cyber Incident Response Planning
Our Privacy & Data Security Team not only understands the cyber-threat landscape, but we know where to prioritize. We help clients identify system vulnerabilities, incorporate security-by-design principles where necessary, and develop proactive incident response plans to minimize the legal and reputational impact of cybersecurity threats. In the event of a data breach or ransomware attack, we work with clients to contain the threat, recoup losses, draft and issue disclosure statements, and take appropriate steps to limit their legal and regulatory exposure.
To help prevent the unthinkable, we provide training to industry groups as well as company or non-profit boards of directors, executives, and employees, to ensure that your team understands the threat landscape. We also provide experienced counsel for your organization’s overall data privacy and cybersecurity policies, procedures, and insurance protection. We integrate your IT and compliance teams to ensure a concerted approach to the growing ransomware threat, or we can bridge the gap if your organization does not have an internal team.
Representative Incident Experience
- Assisted a national restaurant chain from with a credit card data breach in dozens of states with over one million card exposures. Responsibilities included emergency response coaching, breach evaluation, breach notification, breach vendor management, liability assessments, negotiations with processors, acquiring banks, issuing banks and card brands, and litigation support.
- Assisted a large multinational corporation with its evaluation of and response to a ransomware attack that crippled all corporate servers, including human resources and payroll.
- Assisted a company with response and notification arising from infiltration of the company’s system that altered payroll files processed by a third-party payroll processor. Responsibilities included working with a forensics investigation firm, coordination of notification to employees, and negotiation with the cyber liability insurance provider.
- Consulted with an international manufacturing business regarding a “phishing” incident directed at employees’ personal data. Responsibilities included identification of the scope of attempted intrusion, analysis of potentially applicable law of multiple jurisdictions, and assessment of technological safeguards in place to prevent an actual security breach of information systems in question.
- Advised a midsized consumer retail services business on response to employee theft of personal information from company systems. Worked with the client’s IT department to identify access and attempted misappropriation of information and coordinated with law enforcement for potential prosecution and assessment of any breach notification.
Service Area Contacts
Data Privacy Detective Podcast – Episode 68: Catching Cyber-Criminals With Digital Forensics
July 8, 2021 | Blogs
Ransomware attacks, data breaches, digital theft – on the rise. Who are the cyber-criminals? Can t...
Data Privacy Detective Podcast – Episode 67: Data Flows After Brexit… For Now
July 1, 2021 | Blogs
On June 28, 2021, the Europe Union granted two adequacy decisions to the United Kingdom for personal...
Data Privacy Detective Podcast – Episode 66: Phone Scams and You, A True Story
May 10, 2021 | Blogs
This is a true story of a phone scam of May 2021. The Data Privacy Detective got a call on the home ...
Data Privacy Detective Podcast – Episode 65: Ransomware Basics
May 3, 2021 | Blogs
This podcast episode explores ransomware from preventive, legal, and communications angles. While th...
Data Privacy Detective Podcast – Episode 64: The Two Faces of Browsers and Our Privacy Options
April 2, 2021 | Blogs
Janus was the Roman god of doors, gates, and transitions. He needed two faces to look in both direct...
Data Privacy Detective Podcast – Episode 63: Your Face, Time to Scrub?
March 25, 2021 | Blogs
Facial recognition. It’s a hot topic. Targeting, misidentification, and doxing – the dangers...