Many organizations retain vast amounts of personal information. Advancements in the ability to compile and share such information, as well as an increasing business necessity to disclose such information to third parties, has prompted lawmakers to place significant privacy and security obligations on any organization that retains custody of personal information. The cost to organizations experiencing a data breach can be substantial. These costs reflect the combined effect of explosive increases in the volume of data generated by businesses, the tenacity and sophistication of cybercriminals, and state legislation concerning data security and security breach notification.

We provide the strategic counsel necessary to understand and navigate these laws and minimize the risk of costly security breaches. We work with our clients to conduct comprehensive reviews of existing data management systems and develop best practices for data security and compliance programs that minimize the risk of a security breach.

In the event of a security breach, we assist in securing recovery of insurance proceeds, developing a comprehensive response plan and coordination of response efforts with the state attorney general offices and the major credit reporting agencies.

We also provide counsel on a number of other matters within the realm of privacy and security, including workplace privacy policies, civil and criminal liability for companies, cybercrime prevention, internet service provider liability and shut down of illegal email phishing and pretexting operations, as well as copycat sites.

We regularly advise on compliance with and prosecution of claims from a variety of state and federal statues, including the Computer Fraud & Abuse Act, Gramm-Leach-Bliley Act, USA Patriot Act CAN-SPAM Act, Health Insurance Portability and Accountability Act, Children’s Online Privacy Protection Act, Electronic Communications Privacy Act and Section 5 of the Federal Trade Commission Act. We also provide counsel on compliance with the European Union Data Privacy Directive and the United Kingdom Data Protection Act, as well as meeting international data protection standards.

Privacy & Data Security

Experience Highlights

Acquisition work for Diageo PLC
Assisted Diageo PLC with various aspects of an acquisition of portions of Seagram Spirits division, including transfer of domain names, performance more

Contact Us