Cybersecurity, Data Protection & Privacy

Protection of the security and privacy of information and data presents an ongoing and growing challenge to individuals, businesses, and enterprises of all sizes.

A comprehensive and interdisciplinary approach to data management is critical in today’s climate, in which all operations across all private and public sector verticals are becoming digitized, each with its unique data flows and information management opportunities and challenges. On the one hand, controlling data and exploiting its value can be a key ingredient to maintenance and increase in enterprise value. On the other hand, increased dependencies on digital devices and networks have been associated with increased vulnerability of data to breach due to systems deficiencies, human error, and malicious attack. These exposures have correlated with an intensification of regulatory oversight, enforcement, and civil actions.

Clark Hill offers our Cybersecurity clients a "24/7" data breach hotline at 877.912.9470. In the event of a suspected breach our team will assess the data security incident, its impact on personally identifiable information, and whether it triggers breach notification obligations.

In this dynamic environment, the full array of corporate activities is increasingly being driven by the opportunities and risks associated with the collection, maintenance and dissemination of data. Compliance initiatives, mergers and acquisitions, cloud and other vendor contracts, consumer-facing e-commerce offerings, product development, software development, insurance and corporate reputation generally (just to name a few) are increasingly being driven by the opportunities and risks associated with data.

Clark Hill’s team approach to data protection brings together security and privacy attorneys with colleagues from our core practice groups and sector and service teams to tailor our services to each client’s unique data, privacy and security needs. Our team understands technology and the related legal issues and challenges and is accustomed to working with our clients’ own technical, business, marketing, compliance and other stakeholders.

We provide practical, forward-looking solutions that empower our clients to maximize and protect the value of their data in many industries, including financial services, technology energy, food and beverage, manufacturing, retail, services, healthcare, and pharmaceuticals. The Clark Hill team is familiar with a broad array of financial technology (fintech), including blockchain, distributed ledgers, robo advice, and smart contracts, to name a few.

Our counseling, transactional, compliance and remediation work covers a range of industries and corresponding regulatory regimes, including:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley (GLB)
  • The Federal Trade Commission Act
  • Federal Fair Credit Reporting Act
  • The Electronic Communications Privacy Act (ECPA)
  • Industry-specific requirements for financial services, health care, utilities, transportation, education, and government contractors
  • The Health Insurance Portability and Accountability Act (HIPAA)
  • State consumer data protection laws
  • State data breach notice laws
  • Safeguarding consumer credit information
  • Identity theft “red flags”
  • Secure disposal
  • The European General Data Protection Regulation (GDPR)
  • The Child Online Privacy and Protection Act (COPPA)
  • The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM-Act)

Areas of Cybersecurity, Data Protection & Privacy Legal Services

Security Incidents: Preparation, Response and Remediation

  • Response planning
  • Analyze and evaluate cyber insurance coverage options
  • Breach investigations
  • Incident response
  • Preparation of notice to affected individuals
  • Dealing with law enforcement, insurers, public relations, and stakeholders
  • Addressing claim and litigation issues (including class action defense, “cyber torts,” and fraud)

Technology Planning and Policies

  • Inventories of systems, devices and data
  • Risk assessments
  • Consumer facing privacy and security policies
  • Internal policies, including privacy and security policies, technology acceptable use policies, communications policies, BYOD (bring your own device) policies, retention and destruction policies, crisis management and breach policies, and facilities management policies.
  • Training
  • Compliance audits
  • Cross-border data transfer
  • Outsourcing, development, and licensing
  • Governance, risk, and compliance

Business and Consumer Transactions

  • Optimizing ownership, rights and monetization of data
  • Securing data rights in licenses and other transactions
  • Due diligence on data management/compliance in M&A and other key transactions
  • Negotiating risk allocation, warranties and other key provisions relative to data protection and disaster recovery in cloud services, software as service, hosting and other contracts.
  • Negotiating contracts for security products and services
  • Counseling on cross border data transfer and other international risks
  • Drafting consumer facing privacy policies, terms of use and end user license agreements for websites and mobile apps
  • Negotiating website and app development agreements with reference to data protection design components and obligations

Our Cybersecurity, Data Protection & Privacy attorneys work closely with the professionals in Clark Hill's Information Governance and Discovery Services to provide multidisciplinary solutions for our clients.

Newsletter Alerts
October is Cybersecurity Awareness Month – It’s a Good Time for a Security CheckupEU Strikes Down EU-US Privacy Shield; Validates Standard Contractual Clauses for Data TransfersCalifornia Attorney General Greenlights CPRA for Appearance on November BallotCalifornia Privacy Rights Act Poised to Push Past CCPA ProtectionsWork-At-Home and Remote Access – It’s Time for a Security ReviewDepartment of Defense Acquisition Delays Should Not Be Interpreted as CMMC DelayMonetizing Your Digital Fingerprint: Ninth Circuit Revives Privacy Lawsuit Against Facebook Over User TrackingBusiness Implications of Latest Proposed CCPA Regulations Ready or Not, CMMC to be enforced July 1st, 2020Misinformation CampaignsWhy Paper Should Be Part of Your COVID-19 Remote Work Cybersecurity PlanningCybercriminals are Taking Advantage of COVID-19: Tips to Reduce RiskRecent Developments to the California Consumer Privacy Act: How They Impact Your Organization’s Compliance Efforts California Consumer Privacy Act: Action Required by New Privacy LawSEC Updates Guidance on Cybersecurity DisclosuresThe European Commission Has Released a New Website With Extensive Guidance on Implementation of GDPRGeneral Data Protection Regulation Brief Website Operators Need to Re-register Copyright Agents Under DMCA by December 31, 2017Countdown to the EU General Data Protection Regulation: Are You Ready?HHS Cybersecurity Guidance - You Still Have Work to DoSafeguarding Your Company from Cyber Tax Crimes - Take Action Now!Receiving Data from Europe: The EU-US Privacy ShieldDHS Provides Guidance on Cyber Incident ReportingPokémon Go Presents Confidentiality, Trade Secret and Privilege Concerns for Users Who Also Use Google Accounts for Business Purposes
Clark Hill Attorneys Selected for Inclusion in the 2021 Edition of Best Lawyers in AmericaClark Hill Attorneys Named to 2020 Michigan Super Lawyers & Rising Stars List Clark Hill’s Jeffrey Wells and Jason Schwent published in Cyber Security MagazineClark Hill Cybersecurity Attorney Rob Stern Quoted in Fiduciary NewsClark Hill attorney Charles Russman featured in Dbusiness Tech and Mobility 5QClark Hill’s Melissa Ventrone interviewed by ABC7 News for Cybersecurity SegmentClark Hill attorney Melissa Ventrone discusses cyber threats during COVID-19 on WPHMClark Hill attorney Melissa Ventrone Discusses Cyber Scams during COVID-19 PandemicClark Hill Adds Senior Cybersecurity Attorney to TeamClark Hill Lawyers Named 2020 Leading LawyersClark Hill Attorney, David G. Ries, to Present at The Three Rivers Information Security Symposium on October 11th Courtney Jones Kieffer Serves on the Drafting Team for the Second Edition of The Sedona Conference Commentary on Information GovernanceMelissa Ventrone to Participate in ABA Webinar Panel “The New Era of Privacy and Cybersecurity for Law Firms”Clark Hill Attorney, David G. Ries, to Present at the 2019 ABA TECHSHOW, “Anatomy of a Data Breach: Analyzing Past Breaches to Minimize Risk” and "Security Practices That Won’t Bust Your Budget" Clark Hill Attorney David G. Ries to Speak on Data Breach Response at the College of Law Practice Management’s Futures Conference in Boston, MA on October 25 Clark Hill Attorney, David G. Ries, Appointed to the American Bar Association’s Cybersecurity Legal Task ForceSixty-Six Clark Hill Attorneys Named 2018 Michigan Super Lawyers & Rising Stars143 Clark Hill Attorneys Selected for Inclusion in the 2019 Edition of Best Lawyers in AmericaClark Hill Strasburger Members Hosch, Morris Earn Privacy Professional Certifications Clark Hill Attorney, Jonathan D. Klein, Published in PA Law Weekly, “Cybersecurity: What Does It Mean to Be Completely Prepared?” March 1, 2016. Clark Hill attorney, David G. Ries, to present annual Information Security Law Update at Pittsburgh Chapter of Information Systems Security Association on March 6, 2018Clark Hill’s Charles Russman Quoted in Crain’s Detroit Business, “Deadline looms for broad new EU data privacy rules: Is your business ready?” Clark Hill Attorneys David G. Ries, Kevin Williams and Mark R. Ludwikowski will be speaking at the Michigan Manufacturer’s Association on February 22, 2018Sixty-Seven Clark Hill Attorneys Named 2018 Leading LawyersClark Hill Attorney David G. Ries to Present on Cybersecurity at the Institute for Energy Law’s 16th Annual Energy Litigation Conference in Houston – November 9, 2017Clark Hill PLC Receives National and Regional Tier 1 Rankings in the 2018 Edition of Best Lawyers, “Best Law Firms”Clark Hill Attorney David G. Ries to Present on Cybersecurity at the 43rd Annual Notre Dame Tax and Estate Planning Institute – October 26, 2017Clark Hill Attorneys Jonathan D. Klein, Scott B. Galla and Thomas Kennedy from Versa Capital Management LLC to present Privacy Regulation in a Digital Age on October 4th at The Union League of Philadelphia Clark Hill Attorney David G. Ries to Present at DRI’s Cybersecurity and Privacy Law Seminar in Chicago – September 8, 2017Clark Hill Attorneys Joann Needleman and Jonathan Klein to Speak at First Party Summit – June 5-7, 2017Clark Hill Attorney David Ries to Speak on Encryption at the University of Richmond School of Law's 2017 Symposium on Cyber Security - February 24, 2017Clark Hill Attorney David Ries to Present at the Institute for Law and Technology’s Cybersecurity and Privacy Law Conference - January 26, 2017Clark Hill Attorney David Ries to Present on Encryption at PBI Business Law Institute and Employment Law Institute WestClark Hill PLC Receives National Rankings in the 2017 Edition of U.S. News-Best Lawyers, “Best Law Firms”Clark Hill Attorney John L. Hines Jr. will co-present “Digital Transactions: The Global Legal Framework for E-Signatures and Records” Sponsored by the American Bar AssociationClark Hill Attorneys David Ries and Christopher Brubaker to Present at PBI Business Insurance CLE - August 24, 2016Clark Hill Attorney David Ries to Speak on Cyber Incident Response at ILTA’s LegalSEC Summit in Baltimore on June 10, 2016
Corinne Smith quoted in Health IT Security - "Biggest Challenges, Lessons Learned from Health Cybersecurity in 2018" Clark Hill Attorney, Jonathan D. Klein, Published in PA Law Weekly, “Cybersecurity: What Does It Mean to Be Completely Prepared?” March 1, 2018. Do You Suffer From Cyberfatigue? Stay Vigilant2017: The Year of Big Shifts in Cybersecurity, The Legal Intelligencer, May 30, 2017The True Measure of an Associate: Helping Others in Need, The Legal Intelligencer, February 2017Getting Your First Client: You're Already There, The Legal Intelligencer, January 2017Commentary: New Jersey Does the Waive[r]: Implications and Effect of Adoption of Admission to the New Jersey Bar by Motion – New Jersey State Bar Association Federal Practice and Procedure Section Newsletter, January 2017Cyberrisk: A Peek Back at 2016 and a Look Ahead at 2017 - The Legal Intelligencer In-House Counsel Column, December 2016Mastering Time Management as a Junior Associate, The Legal Intelligencer, October 2016Some Tips to Mastering the Art of Small Talk, The Legal Intelligencer, August 2016“Cyber Threats: The Foremost Risk Facing Banks and Their Directors Today,” Illinois Banker, May-June 2016Jud DeLoss Quoted in Alcoholism & Drug Abuse Weekly: Illinois residents with good insurance targeted by Florida provider – June 13, 2016Reputation Is the Key to Success for a Young Lawyer, The Legal Intelligencer, June 2016Taking Advantage of Privacy Shield Protections: Part I - March 2016"Ethics and Use of Social Media", The Abstract: American College of Mortgage Attorneys, Spring 2016David Ries Quoted in Pittsburgh Tribune Review: DOD Recommits to CMU Software Security Center with $732M Award - July 2015
"You've Been Hacked, Now What? An Interactive Guide for Responding to a Cyberattack," Webinar, Melissa Ventrone and Jeffrey Wells, January 2021WEBINAR: "Cybersecurity and HR Records"WEBINAR: "Business Email Compromise – Best Practices for Prevention and Response"Privacy Regulation In A Digital Age Webinar: CSS Cyber Solutions - June 22, 2017WEBINAR: Cybersecurity For In-House Counsel: Achieving Compliance (and Beyond) in a Breach-A-Day WorldData Security 101: A Lawyer’s Guide to Ethical Issues in the Digital AgePolitics, Professional Responsibility & Prison: How Lawyers Can Counsel Their Corporate Clients To Influence Government Officials And Participate Safely In The Political Process - Legal Intelligencer In-House Counsel CLE, October 22, 2015An Introduction to Cyber Risk
Software Development and SecurityCalifornia Consumer Privacy Act [CCPA] 2.0: California Privacy Rights Act (“CPRA”) HighlightsA Snack that Tracks? How Cookies are Defined under the California Consumer Privacy ActWire/ACH Fraud from Business Email CompromisesIncrease Resilience and Best Position Your Organization to Respond to a Ransomware Attack – A General Counsel’s GuideRelaxed HIPAA Restrictions For Providers Using TelehealthReturning to Work with Secure SystemsBusiness Email CompromisePhone Hijacking: How Hackers Target The Source Of Your Linked AccountsStimulus Checks and Fraud: Keeping an Eye Out for ScamsWhat is Two-Factor Authentication and Why Should You Use It?Who’s at Fault for Default Settings