Cybersecurity, Data Protection & Privacy

Protection of the security and privacy of information and data presents an ongoing and growing challenge to individuals, businesses, and enterprises of all sizes.

A comprehensive and interdisciplinary approach to data management is critical in today’s climate, in which all operations across all private and public sector verticals are becoming digitized, each with its unique data flows and information management opportunities and challenges.  On the one hand, controlling data and exploiting its value can be a key ingredient to maintenance and increase in enterprise value.  On the other hand, increased dependencies on digital devices and networks have been  associated with increased vulnerability of data to breach due to systems deficiencies, human error, and malicious attack.  These exposures have correlated with an intensification of regulatory oversight, enforcement, and civil actions. 

In this dynamic environment, the full array of corporate activities are increasingly being driven by the opportunities and risks associated with the collection, maintenance and dissemination of data.  Compliance initiatives,  mergers and acquisitions, cloud and other vendor contracts, consumer-facing e-commerce offerings, product development, software development, insurance and corporate reputation generally (just to name a few) are increasingly being driven by the opportunities and risks associated with data.

Clark Hill’s team approach to data protection brings together security and privacy attorneys with colleagues from our core practice groups and sector and service teams to tailor our services to each client’s unique data, privacy and security needs. Our team understands technology and the related legal issues and challenges and are accustomed to working with our clients’ own technical, business, marketing, compliance and other stakeholders. 

Our counseling, transactional, compliance and remediation work covers a range of industries and corresponding regulatory regimes, including:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley (GLB)
  • The Federal Trade Commission Act
  • Federal Fair Credit Reporting Act
  • Industry-specific requirements for financial services, health care, utilities, transportation, education, and government contractors
  • State consumer data protection laws
  • State data breach notice laws
  • Safeguarding consumer credit information
  • Identity theft “red flags”
  • Secure disposal

Areas of  Cybersecurity, Data Protection & Privacy Legal Services

Security Incidents: Preparation, Response and Remediation

  • Response planning
  • Analyze and evaluate cyber insurance coverage options
  • Legal considerations in responding to security incidents and breaches
  • Preparation of notice to affected individuals
  • Dealing with law enforcement, insurers, public relations, and stakeholders
  • Addressing claim and litigation issues

Technology Planning and Policies

  • Inventories of systems, devices and data
  • Risk assessments
  • Consumer facing privacy and security policies
  • Internal policies, including privacy and security policies, technology acceptable use policies, communications policies, BYOD (bring your own device) policies, retention and destruction policies, crisis management and breach policies, and facilities management policies.
  • Training
  • Compliance audits

Business and Consumer Transactions

  • Optimizing ownership, rights and monetization of data
  • Securing data rights in licenses and other transactions
  • Due diligence on data management/compliance in M&A and other key transactions
  • Negotiating risk allocation, warranties and other key provisions relative to data protection and disaster recovery in cloud services, software as service, hosting and other contracts.
  • Negotiating contracts for security products and services
  • Counseling on cross border data transfer and other international risks
  • Drafting consumer facing privacy policies, terms of use and end user license agreements for websites and mobile apps
  • Negotiating website and app development agreements with reference to data protection design components and obligations

Our Cybersecurity, Data Protection & Privacy attorneys work closely with the professionals in Clark Hill's Information Governance and Discovery Services to provide multidisciplinary solutions for our clients. 

Clark Hill Attorneys David G. Ries, Kevin Williams and Mark R. Ludwikowski will be speaking at the Michigan Manufacturer’s Association on February 22, 2018Sixty-Seven Clark Hill Attorneys Named 2018 Leading LawyersClark Hill Attorney Chris M. Brubaker to Present at PBI 2017 Annual Business Law Institute on November 15, 2017 in Philadelphia, PA Clark Hill Attorney David G. Ries to Present on Cybersecurity at the Institute for Energy Law’s 16th Annual Energy Litigation Conference in Houston – November 9, 2017Clark Hill PLC Receives National and Regional Tier 1 Rankings in the 2018 Edition of Best Lawyers, “Best Law Firms”Clark Hill Attorney David G. Ries to Present on Cybersecurity at the 43rd Annual Notre Dame Tax and Estate Planning Institute – October 26, 2017Clark Hill Attorneys Jonathan D. Klein, Scott B. Galla and Thomas Kennedy from Versa Capital Management LLC to present Privacy Regulation in a Digital Age on October 4th at The Union League of Philadelphia Clark Hill Attorney David G. Ries to Present at DRI’s Cybersecurity and Privacy Law Seminar in Chicago – September 8, 2017Clark Hill Attorneys Joann Needleman and Jonathan Klein to Speak at First Party Summit – June 5-7, 2017Clark Hill Attorney David Ries to Speak on Encryption at the University of Richmond School of Law's 2017 Symposium on Cyber Security - February 24, 2017Clark Hill Attorney David Ries to Present at the Institute for Law and Technology’s Cybersecurity and Privacy Law Conference - January 26, 2017Clark Hill Attorney David Ries to Present on Encryption at PBI Business Law Institute and Employment Law Institute WestClark Hill Attorney Christopher Brubaker to Present at PBI Business Law InstituteClark Hill PLC Receives National Rankings in the 2017 Edition of U.S. News-Best Lawyers, “Best Law Firms”Clark Hill Attorney John L. Hines Jr. will co-present “Digital Transactions: The Global Legal Framework for E-Signatures and Records” Sponsored by the American Bar AssociationClark Hill Attorneys Christopher Day and Christopher Brubaker to Present at PBI Business Insurance CLE - August 30, 2016Clark Hill Attorneys David Ries and Christopher Brubaker to Present at PBI Business Insurance CLE - August 24, 2016Clark Hill Attorneys Ted Planzos and Thomas Brooks To Present At FEI – June 20, 2016 Clark Hill Attorney David Ries to Speak on Cyber Incident Response at ILTA’s LegalSEC Summit in Baltimore on June 10, 2016Clark Hill Attorney Thomas A. Brooks to present at the Michigan Bankers Association Group Meeting in Troy, Michigan on May 12, 2016Clark Hill Attorney Christopher Brubaker to Present at PBI Identity Theft CLE – March 14, 2016Clark Hill Attorney Christopher Day to Present at Identity Theft CLE - March 9, 2016Clark Hill Attorney David Ries Quoted in Tribune Review Article on Cybersecurity Information Sharing Act David Ries and Jennifer Woods to present "Recovery from Identity Theft: Legal and Practical Considerations" Clark Hill Attorney David Ries to Speak on Emerging Standards for Technological Competence in eDiscoveryClark Hill Attorneys Jonathan Hugg, Ted Planzos and James Tyrrell to Present at The Legal Intelligencer’s In-House Counsel CLE – October 22, 2015Clark Hill Attorney Christopher Brubaker to Present at PBI Business Lawyers’ Institute - November 4, 2015Clark Hill Attorney David Ries to Be Inducted as a Fellow of the College of Law Practice Management Clark Hill Attorney David Ries Comments on DOD Recommitment to CMU Software Engineering Institute Clark Hill Attorney David Ries to Speak on Encryption at ABA’s Annual Meeting in Chicago – July 31, 2015Clark Hill Attorney David Ries To Speak at the Energy & Mineral Law Foundation’s 36th Annual Institute - June 17, 2015Clark Hill Attorney Alex Hershey to Speak at the Pennsylvania Bar Institute’s "eDiscovery Symposium – Data Breaches – Privacy and Liability" - April 17, 2015Clark Hill Attorney David Ries to Present at ABA’s TECHSHOW 2015 - April 16-18, 2015Clark Hill Attorney David Ries to Present at ABA’s 16th Annual Conference on Emerging Issues in Healthcare Law – Lake Buena Vista, FL - March 6, 2015Clark Hill Attorney Jennifer Woods Has Earned the Certified Information Privacy Professional/United States Credential - February 11, 2015 Clark Hill Attorney David Ries Comments on President’s Proposed Cybersecurity Rules for Consumers, Businesses - January 13, 2015Clark Hill Attorneys David Ries and Elizabeth Collura to Present on "Social Media in the Courts – Privacy, Discovery, Admissibility and the Role of Digital Forensics" - January 6, 2015 Clark Hill Attorneys Christopher Day, Christopher Brubaker and Elizabeth Gocke to Present at Legal Intelligencer’s In-House Counsel CLE in Philadelphia - October 15, 2014Clark Hill Attorneys David G. Ries and Jerri A. Ryan Author Chapters in PBI’s New eDiscovery Book, 3rd Edition, Released May 5, 2014Clark Hill Attorney David Ries Interviewed on Legal Talk Network - March 25, 2014Clark Hill Attorney Alex Hershey to Speak on "The Role of Computer Forensics in Data Breach Response" for the Cyril Wecht Institute of Forensic Science and Law - March 19, 2014Clark Hill Attorney John L. Hines, Jr. to Present at CloudCast ’14 – January 30, 2014Clark Hill Attorney John L. Hines, Jr. Presented at the Cloud Security Alliance Congress 2013 on Purchasing Cloud Services: Anatomy of a Cloud Transaction - December 12, 2013Clark Hill Attorneys John L. Hines, Jr. and Patricia M. Sulzbach Presented to Association of Corporate Counsel Western Pennsylvania Chapter on Protecting Your Online Reputation - December 6, 2013Clark Hill Attorneys John L. Hines, Jr. and Jennifer Woods Published an Article in Westlaw Journal - March 28, 2013
NAIC Adopts Model Law on Cybersecurity: Will the States Adopt? Do You Suffer From Cyberfatigue? Stay Vigilant2017: The Year of Big Shifts in Cybersecurity, The Legal Intelligencer, May 30, 2017The True Measure of an Associate: Helping Others in Need, The Legal Intelligencer, February 2017Getting Your First Client: You're Already There, The Legal Intelligencer, January 2017Commentary: New Jersey Does the Waive[r]: Implications and Effect of Adoption of Admission to the New Jersey Bar by Motion – New Jersey State Bar Association Federal Practice and Procedure Section Newsletter, January 2017Cyberrisk: A Peek Back at 2016 and a Look Ahead at 2017 - The Legal Intelligencer In-House Counsel Column, December 2016Mastering Time Management as a Junior Associate, The Legal Intelligencer, October 2016Some Tips to Mastering the Art of Small Talk, The Legal Intelligencer, August 2016“Cyber Threats: The Foremost Risk Facing Banks and Their Directors Today,” Illinois Banker, May-June 2016People: The Cyber Wild Card in Terms of Security, Attacks - The Legal Intelligencer In-House Counsel Column, June 2016Jud DeLoss Quoted in Alcoholism & Drug Abuse Weekly: Illinois residents with good insurance targeted by Florida provider – June 13, 2016Reputation Is the Key to Success for a Young Lawyer, The Legal Intelligencer, June 2016Taking Advantage of Privacy Shield Protections: Part I - March 2016"Ethics and Use of Social Media", The Abstract: American College of Mortgage Attorneys, Spring 2016Predictions on What Is Ahead for Cyberrisk in 2016Cybersecurity Lessons From the Third Circuit's 'Wyndham' RulingDavid Ries Quoted in Pittsburgh Tribune Review: DOD Recommits to CMU Software Security Center with $732M Award - July 2015Why Cyberrisk is Not Just an IT Issue, But a Legal One TooBetter Risk Management Results in Cheaper Cyber Insurance
WEBINAR: "Cybersecurity and HR Records"Privacy Regulation In A Digital Age Webinar: CSS Cyber Solutions - June 22, 2017WEBINAR: Cybersecurity For In-House Counsel: Achieving Compliance (and Beyond) in a Breach-A-Day WorldData Security 101: A Lawyer’s Guide to Ethical Issues in the Digital AgePolitics, Professional Responsibility & Prison: How Lawyers Can Counsel Their Corporate Clients To Influence Government Officials And Participate Safely In The Political Process - Legal Intelligencer In-House Counsel CLE, October 22, 2015An Introduction to Cyber Risk