Data Protection & Cyber Risk Mitigation
Understanding technology and the related legal issues, our team helps clients manage data and systems to minimize risks, improve efficiency and profitability, and catapult growth. We work closely with clients to identify vulnerabilities and opportunities, build technologically secure practices, and improve data privacy habits. As an added layer of protection, we ensure clients have the right policies, processes, and procedures to combat cybersecurity threats. To further bolster resiliency, our executive training and cybersecurity simulation exercises help clients gain the confidence to respond effectively and efficiently to a data security incident. We also work with clients throughout the entire contracting process, from developing an RFP, creating a negotiation strategy, to ultimately revising contracts to mitigate vendor and supply chain risks. This preemptive planning is the first step in mitigating cyber and privacy risks.
Regulatory Compliance
As cyberattacks continue to increase at a rapid pace, the regulatory controls around data privacy and cybersecurity also continue to grow. Our team advises clients in a range of industries regarding corresponding regulatory regimes, including, but not limited to, the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), New York Department of Financial Services Cybersecurity Regulation (NYDFS), Health Insurance Portability and Accountability Act (HIPAA), Video Rental Protection Act to Video Privacy Protection Act (VPPA), California Invasion of Privacy Act (CIPA), and other consumer data protection and data privacy laws.
Breach Response and Recovery
When a security breach occurs, our 24/7 Rapid Response Team addresses legal, technical, and operational challenges that arise. Our multi-disciplinary team manages the end-to-end process from containment to recovery, minimizing operational disruption, negative repercussions, and costs. Post-incident, we help clients ensure vulnerabilities have been remediated and implement new practices, tools, or procedures to strengthen their cyber resiliency.
Data Privacy Regulatory Investigations and Litigation
Our data privacy attorneys also represent companies facing data security and privacy regulatory investigations and litigation, including class actions. We have successfully represented clients in multiple industries in disputes related to data privacy, invasion of privacy, contracts, consumer fraud, statutory claims, and other matters. With experience before federal and state trial and appellate courts, our attorneys have litigated cases of first impression establishing favorable law, including obtaining summary judgment in a class action case alleging damages from the theft of a hard drive, and successfully defending a hospital system against a class action arising out of a ransomware attack.
Areas of Focus:
- Cyber risk mitigation & data protection
- Data governance
- Data privacy
- Digital transformation
- Emerging technology
- Incident preparedness & response
- Privacy & data security litigation
- Regulatory compliance
- Regulatory investigations & government response
- Technology contracting
- Supply chain & vendor management
