Cybersecurity, Data Protection & Privacy
LeaderMelissa K. Ventrone
DirectorLara K. Forde
For immediate assistance regarding a security incident, contact our 24/7 Breach Hotline at 877.912.9470.
Clark Hill’s Cybersecurity, Data Protection, and Privacy attorneys advise clients on emerging challenges related to today’s digital economy. Combining legal and non-legal skills, our attorneys, ethical hackers, and former military and intelligence technologists provide a holistic approach to identifying, mitigating, and responding to cyber threats.
Understanding technology and the related legal issues, our team helps clients manage data and systems to minimize risks, improve efficiency and profitability, and catapult growth. We work closely with clients to identify vulnerabilities and opportunities, build technologically secure practices, and improve data privacy habits. As an added layer of protection, we ensure clients have the right policies, processes, and procedures to combat cybersecurity threats. To further bolster resiliency, our executive training and cybersecurity simulation exercises help clients gain the confidence to respond effectively and efficiently to a data security incident. We also work with clients throughout the entire contracting process, from developing an RFP, creating a negotiation strategy, to ultimately revising contracts to mitigate vendor and supply chain risks. This preemptive planning is the first step in mitigating cyber and privacy risks.
As cyberattacks continue to increase at a rapid pace, the regulatory controls around data privacy and cybersecurity also continue to grow. Our team advises clients in a range of industries regarding corresponding regulatory regimes, including, but not limited to, the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), New York Department of Financial Services Cybersecurity Regulation (NYDFS), Health Insurance Portability and Accountability Act (HIPAA), and other consumer data protection laws.
When a security incident occurs, our 24/7 Rapid Response Team addresses legal, technical, and operational challenges that arise. Our multi-disciplinary team manages the end-to-end process from containment to recovery, minimizing operational disruption, negative repercussions, and costs. Post-incident, we help clients ensure vulnerabilities have been remediated and implement new practices, tools, or procedures to strengthen their cyber resiliency.
Our attorneys also represent companies facing data security and privacy regulatory investigations and litigation, including class actions. We have successfully represented clients in multiple industries in disputes related to privacy, invasion of privacy, contracts, consumer fraud, statutory claims, and other matters. With experience before federal and state trial and appellate courts, our attorneys have litigated cases of first impression establishing favorable law, including obtaining summary judgment in a class action case alleging damages from the theft of a hard drive, and successfully defending a hospital system against a class action arising out of a ransomware attack.
Areas of Focus:
- Cyber risk mitigation & data protection
- Data governance
- Digital transformation
- Emerging technology
- Incident preparedness & response
- Privacy & data security litigation
- Regulatory compliance
- Regulatory investigations & government response
- Technology contracting
- Supply chain & vendor management