Cybersecurity and Data Privacy

Our Cybersecurity and Data Privacy practice group brings together a multidisciplinary team of experienced attorneys to help our clients face the numerous challenges that cybersecurity, privacy, and data protection laws and risks impose. The law of cybersecurity and data privacy is constantly and rapidly evolving and developing, creating a complex network of legal frameworks within which businesses must comply and operate.

Data Breach Incident Response and Management

Our data breach response work encompasses the navigation of complex data breach and cybersecurity incidents, including:

•Data breach investigation (ex. Malware, Ransomware, Business Email Compromise; wire fraud, phishing, spoofing, Denial of Service, insider threat, supply chain, Advanced Persistent Threats, etc.)•Securities and Exchange Commission (SEC) Disclosures
•Data breach reporting•Data breach remediation and recovery
•Data breach response process management• Government inquiries
•Health Insurance Portability and Accountability (HIPAA) breach investigations• Subpoena response
•Attorney General Investigations•Misappropriation of trade secrets
•Class Action Lawsuits•Cyberstalking and harassment
•Cybersecurity and data privacy litigations•Cybersquatting
•Crisis management and communication

Cybersecurity, Privacy, and Data Protection Compliance

Our Cybersecurity and Data Privacy practice group advises clients on domestic and international cybersecurity, privacy, and data protection issues, including:

  • Review and drafting of various policies and agreements:
    • Data sharing policies and agreements (including cross-border data transfer agreements)
    • Privacy Policies
    • Terms of Use
    • Incident Response Plans
    • Business continuity plans
    • Record retention and destruction
    • Written Information Security Programs (WISP)
  • Cybersecurity and Data Privacy employee trainings
  • Privacy and Cybersecurity Compliance
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Health Information Technology for Economic and Clinical Health (HITECH)
    • California Consumer Privacy Act (CCPA)
    • California Privacy Rights Act (CPRA)
    • Virginia Consumer Data Protection Act (VCDPA)
    • Colorado Privacy Act
    • Utah Consumer Privacy Act
    • Connecticut Data Privacy Act
    • New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500)
    • N.Y. SHIELD ACT (Gen Bus. Law §899aa-bb)
    • European Union’s General Data Protection Regulation (GDPR)
    • Defense Federal Acquisition Regulation Supplement (DFARS)
    • Gramm-Leach-Bliley Act (GLBA)
    • Federal Trade Commission Act
    • Other relevant state and federal laws, existing and proposed
  • Cybersecurity insurance
      • Policy review and negotiation
      • Coverage analysis
      • Coverage litigation
  • Third-Party Risk Management
    • Vendor due diligence
    • Review and negotiation of vendor contracts
    • Creating Third-Party risk management compliance plans
  • Law firm ethics and legal compliance
  • Cybersecurity Due Diligence for M&A and other financial transactions
  • Board Advisory
  • Executive coaching


View More