Industries & Practices
Privacy & Data Protection
We are experienced and responsive privacy and data professionals, helping clients ensure compliance, mitigate risks and protect their data.
Our multidisciplinary privacy and data protection team has a defined and proactive approach to helping clients stay up-to-date on constantly evolving state and federal laws and regulations, establishing compliance and minimizing the risk of data compromise or cyber incidents. In the event of a breach, our reliable team will protect and defend those that have experienced a cyberattack.
Our attorneys have a wide range of experience in state, federal, and international regulations, as well as industry best practices related to privacy and data security, including:
- Healthcare privacy: Health Insurance Portability and Accountability Act (HIPAA), Electronic Health Records (EHR), Health Information Technology for Economic and Clinical Health (HITECH)
- Financial privacy: Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA)
- International privacy: General Data Privacy Regulation (GDPR)
- Technology privacy: Children’s Online Privacy Protection Act (COPPA)
- Information security privacy: Payment Card Industry (PCI), Family Educational Rights & Privacy Act (FERPA)
- Communications privacy: Telephone Consumer Protection Act (TCPA), Telemarketing Sales Rule (TSR)
Our team also serves clients in the following areas:
- Data risk and privacy impact assessments
- Data incident investigation, data breach response and ransom response
- Record retention policies and procedures
- California Consumer Privacy Act (CCPA) counseling
- Agreements for technologies and services
- Cyber insurance review, negotiation and claims recovery
- Complex litigation and financial class action defense
- Vendor due diligence
- Employment information confidentiality and handbook provisions
- Restrictive covenants and enforcement of restraints of trade
Areas of Focus
We monitor legislation, regulations and court decisions to ensure that our clients abide by the latest rules. We also identify areas of need by analyzing the strength of existing compliance systems, technical controls and procedures. We create policies and procedures, implement them and conduct training to prevent a breach.
If private information becomes unexpectedly compromised, we respond effectively and rapidly to retain resources and recover lost information. We stand with our clients, walking them through a checklist of actions and considerations to lessen the impact and increase resiliency. Should the media get involved, we facilitate the proper partnerships and assist in crafting a sound public relations strategy.
In the event of data security-related litigation, we seek to gain control from the start. We are committed to delivering results while conserving our clients’ resources and protecting their most important relationships. In particular, our class action team devises timely and effective defense strategies with the goal of early dismissal.More
Privacy & Data Risk Assessments
Our team has broad experience in assisting clients with assessing their data risks and developing legally compliant mitigation policies and procedures. Keeping our clients' resources in mind, we analyze the strength of existing compliance systems, technical controls and procedures to identify compliance requirements and best practices.
Health system GDPR compliance
Analyzed the applicability of the European Union’s General Data Protection Regulation (GDPR) to a health system’s research operations. Developed a GDPR-compliant standard operating proc...More
Cybersecurity risk mitigation programs
Created and developed intensive cybersecurity risk mitigation programs for financial institutions to prevent and reduce the growing risks associated with business engagement in the digital age.... More