Data Security & Privacy

We have extensive experience advising on the full range of data privacy and protection laws, industry standards and issues. Our lawyers regularly counsel clients on data-use issues, data transfers, and privacy compliance under U.S. and foreign laws. We conduct comprehensive privacy/cybersecurity risk assessments, often in the context of mergers, acquisitions and other transactions. In the event of a data breach or alleged improper use of data, we provide swift, effective cybersecurity incident response and represent clients in related litigation and government investigations. Our services include working with clients on:

  • The privacy and safeguarding of various types of customer data and employee information (including personal financial and health information)
  • Identifying and implementing data security best practices and developing security procedures, including multi-jurisdictional website privacy, and acceptable use policies (including GDPR compliance)
  • Fraud assessment and controls
  • Incident response and mitigation, including crisis management and media relations
  • Regulatory compliance (e.g., HIPAA-HITECH, GLB)
  • Data protection and privacy issues in mergers & acquisitions, technology transfer, and other transactions
  • Vendor management and oversight
  • Best practices for information retention and destruction requirements
  • Cross-border data flow practices and requirements