Skip to Content
Main Content

Cybersecurity

Times Change, Stay Ahead of the Game

Can you name a single part of your business that hasn’t gone digital? Most can’t.

You probably store your files—from employment records to client information to your trade secrets—on your own servers or in the Cloud. You probably send and receive money electronically. Perhaps you want to use artificial intelligence (AI) to streamline your operations, or maybe you contract with others who do the digital heavy lifting for you: to build your website, host your data, or insure you against digital risk.

Like it or not, your business is entering a new and growing environment, in which Innovation, Technology, Privacy, Data Strategy, and Security are key. This ecosystem presents unique challenges given the regulations and risks associated with the digital space.

We know this environment; we’re credentialed in every aspect of it, from being a certified NetDiligence Breach Coach to being a proud IAPP member firm. We live in it every day and are proud to serve as technology counsel to some of North America’s most respected companies. We’re here to help your business navigate this evolving environment offering legal services including: 

  • Designing and helping implement a robust and compliant cybersecurity program and written information security policies.
  • Preparing you for a data breach by creating incident response plans and conducting dress-rehearsal “tabletop” exercises.
  • Serving as your “breach coach” on the front lines when a digital crisis strikes and you need a trusted ally to lead the breach response team. 
  • Developing comprehensive data privacy programs to ensure compliance with the complex and rapidly changing regulatory scheme in the U.S., EU, and beyond.
  • Drafting various privacy compliance documents, such as data processing agreements, privacy notices and policies, cookie notices, and intra-company transfer agreements.
  • Advising on data strategies that maximize the data’s value while ensuring compliance and minimizing the risk of data theft, loss, and misuse. 
  • Evaluating and developing compliance, governance, and ethical-use plans to implement AI technologies in a wide range of business sectors and applications.
  • Supporting your merger or acquisition by providing devoted subject-matter expertise during the pre-deal, due diligence, and post-closing phases.
  • Understanding and implementing your technology-contracting needs, including negotiating software development, licensing, vendor service, e-commerce, procurement, and outsourcing agreements.
  • Protecting your rights in the many types of data and technology disputes that arise, from pre-litigation disagreements that can be settled with creativity and a willingness to work collaboratively to law-enforcement inquiries and investigations to civil litigation.
Open AllClose All
Data Privacy: Compliance, Strategy & Governance

As the patchwork state-by-state approach to privacy laws continue to expand in the U.S., it is important for your business to stay on top of changing data privacy requirements. Our team tracks the latest developments in privacy law and has comprehensive knowledge of statutory and regulatory schemes in the U.S. regarding data privacy, digital marketing, and connected devices and vehicles, including the Gramm-Leach-Bliley Act, FERPA, TCPA, the CAN-SPAM Act, COPPA and state privacy laws in California, Virginia, Colorado, Utah, Connecticut, among others both recently passed and under considerations, as well as industry self-regulatory schemes like the Payment Card Industry Data Security Standards (PCI-DSS) and the Digital Advertising Alliance Self-Regulatory Principles.

We also assist clients with international data privacy compliance concerns, including compliance with the General Data Protection Regulation (GDPR), international data transfer requirements, compliance with Canadian data security and privacy laws like the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as compliance with many other international statutes governing data privacy and cybersecurity. We help build global privacy programs that work for your business.

Not only can our team assist with compliance, but the team can help your business implement data privacy best practices and develop a privacy program that can efficiently evolve with the changing regulatory landscape.

Some of what we counsel clients on:

  • Privacy policies and cookie policies
  • Negotiating data processing agreements 
  • Employee privacy and data access policies
  • Global privacy programs
  • Internal privacy compliance programs
  • Data subject requests
  • Advising on how to create compliant Internet of Things (IoT) products
  • Vendor management programs
  • Compliance training
Cybersecurity: Digital Crisis Planning and Data Breach Response

For most businesses, a data breach is the nightmare scenario.

Industry headlines show that a data breach must be considered a when, not if scenario. Furthermore, the average breach response costs millions of dollars… before the regulatory investigations and litigation that often follow.

No matter where your business finds itself in the data-breach lifecycle—preparing to avoid or reduce the impact of a breach, seeking to comply with a growing thicket of governing laws and regulations, or responding to an ongoing breach—our team can help.

We are Wisconsin’s first and only Authorized Breach Coach® credentialed by NetDiligence, the industry leader in cyber risk readiness and response services. Our team members are highly credentialed, nationwide thought leaders on cybersecurity who routinely publish and present with other industry experts. We’re people of action, experienced in digital forensics, cyber-incident response, ethical hacking, website security, software programming, and the knock-down-drag-out world of litigation that often follows a breach.

Some of what we counsel clients on includes:

  • Infosec best practices, including the implementation of Written Information Security Programs, Incident Response Plans, and ancillary policies relating to areas like mobile device security and secure remote access.
  • Tabletop exercises, or “dress-rehearsal” practices, that simulate real cybersecurity incidents to see how your business, its leaders, and its employees respond.
  • Active breach response, sometimes called “breach coaching,” in which we lead your business, often with a team of other experts, through all aspects of the response, from negotiating ransom payments to forensic examination to regulatory and individual notifications.
  • Cybersecurity compliance in highly regulated industries, such as financial services, insurance, and healthcare.

Your business can even retain us ahead of time—at no up-front charge—to be your breach coach. That way, if your business is ever attacked, you know who to call right away, saving critical time.

We navigate the mess of applicable regulations, mitigate the damage and potential for litigation, and more critically, get your business back up and running.
 

Experiencing a Cybersecurity Incident?

Our team is also ready to help at a moment’s notice. If you’re experiencing a cybersecurity incident and need support, call or email us 24/7:

(833) DATA-LOSS or incidentresponse@gklaw.com.

LEGAL DISCLAIMERS. (1) Please do not send us confidential information until you have spoken with one of our attorneys and we have agreed in writing to represent you. Before we can represent you, we must determine that no conflict of interest or other situation would prevent us from representing you. Our representation begins only after we complete our evaluation and send you an engagement letter with the terms and conditions of our representation of you. (2) Our team does its best to monitor our incident reporting hotline and email address continuously. However, it may take several hours or longer for us to respond, especially during overnight hours and on weekends. If you need immediate assistance, please state so in your message to us and follow up by contacting one of our attorneys directly, so that we can make arrangements to contact you as quickly as possible.
Tech Transactions

Godfrey & Kahn is proud to serve as technology transactions counsel to some of North America’s most respected companies. Unique in our real-world experience, we combine legal acumen with diverse industry credentials having served in capacities such as IT consultant at Accenture, technology counsel for a Fortune 100 company, and counsel to cryptocurrency and blockchain developers. Other members of our team possess technical degrees in engineering and industrial technology.

Our work is contemporary but has matured with decades of experience supporting banking, insurance, financial service, healthcare, manufacturing, and IT sectors. We support our clients by delivering practical solutions that blend legal and technology insights across many areas, such as:

  • Tech Procurement & Outsourcing arrangements exceeding well over $1 billion in aggregate value. These transactions include ITO and BPO deals in nearshoring and offshoring arrangements with global vendors such as WIPRO, Infosys, HCL, Cognizant, IBM, AWS, and Microsoft in locations around the world. We are well-versed in all varieties of software licensing, as well as the applicable implementation, maintenance, and service options that accompany them.
     
  • E-commerce and Digital Platform advice, leveraging our knowledge of new media, regulatory standards, and the ever-evolving legal developments that matter to our clients who do business online. We know the rules, risks, and rewards of online commercial activities—from email marketing and digital advertising to tagging and targeting to data scraping.
     
  • Technology Alliances of all types. Our experience encompasses tasks unique to the technology industry, such as strategic alliance deals, joint development arrangements, technology joint ventures, data sharing agreements, reseller arrangements, and the purchase of third-party technology assets.
     
  • Cloud and XaaS transactions from software as a service (Saas), to platform as a service and infrastructure as a service deals. If the arrangement involves the cloud, we’ve likely negotiated that type of deal for multiple clients and bring that experience to bear in helping you to close your transaction.
     
  • Telecommunications and Broadband service and infrastructure agreements. We create, negotiate, and close arrangements that form the networks for the movement and storage of data communications. From fiber capacity to indefeasible rights of use and all manner of wireless and wireline services agreements, we understand what’s market in telecommunications.
     
  • Merger and Acquisition support, from pre-deal through post-closing, including data transactional, privacy and cybersecurity due diligence of data stores, software, hardware, and the internal practices of clients and targets alike.
Artificial Intelligence (AI): Compliance, Strategy & Governance

It goes by many names: AI, artificial intelligence, machine learning, algorithmic decision-making… but whatever name it goes by, there’s no question AI is a new reality for businesses to consider and address.

Our team is at the forefront of the development, use, and licensing of AI in a wide range of sectors and in its many applications. We assist clients in developing internal AI governance for the use and development of AI. This includes addressing concerns about employee use of publicly-available AI systems like ChatGPT, the ethical use of AI, risks related to IP ownership, bias and discrimination, and compliance with existing and emerging AI laws and regulations.

In combination with our vast experience in data privacy, we counsel clients and work with their data scientists to ensure their use of data meets with data privacy laws and other applicable requirements.

We partner with our clients as they evaluate AI-based products to ensure a proper understanding of product risks and how best to address them in licensing. We collaborate with our labor and employment practice to ensure bias- and discrimination-avoidance, and together with our corporate practice, we advise buyers and sellers on AI assets in mergers and acquisitions, both pre- and post-closing.

Some of what we counsel clients on includes:

  • Creating, implementing, and assessing AI governance processes
  • Drafting policies related to the use and development of AI
  • Assessing potential risks and liabilities from the use of AI
  • Evaluating AI for compliance with applicable regulations 
  • Confirming the use of data to create and train AI is compliant with privacy laws and any related contractual obligations
  • Negotiating licensing and development terms for use of AI-based products
  • Communicating with internal data scientists and IT team members to align the business on governance, risks, and compliance
Data Disputes & Litigation

Disputes over data and technology—over their use (or misuse) as well as the agreements and laws that govern them—are growing rapidly in scope and complexity. To best position your business to prevail, you need a team that understands both the sophisticated technologies at issue and the context-specific procedural issues that arise during litigation and investigation.

Our cross-disciplinary team meets that need, with attorneys who straddle the line, offering subject-matter knowledge and deep litigation experience. 

We’re equipped to handle all types of technology- and data-related disputes and litigation, such as:

  • Consumer class actions on issues like text and email marketing, biometric privacy, pixels and cookies, wiretapping, and data breaches.
  • Wire transfer fraud disputes between businesses seeking to determine who should be held liable after a criminal successfully misdirects a payment between them.
  • Data loss and theft disputes, whether they stem from intentional attempts to steal trade secrets or from a contracting party’s inadvertent loss of data in a breach.
  • Technology contracting issues, which often require understanding multiple interlocking agreements (such as master services agreements and various service-level agreements) and technical issues.
  • Government enforcement actions, related to privacy or cybersecurity matters, such as investigations from state Attorneys General or the Federal Trade Commission.

Get in Touch

 

Please wait while we gather your results.

Join us at a seminar

Looking For More?

Our attorneys write on a variety of topics and provide engaging educational opportunities through free webinars and seminars enabling you to stay up-to-date with the most current developments, trends, and legal issues affecting your business.

Explore Insights

 

The Most Credentialed Team Around

Our team’s credentials speak for themselves, outpacing the competition. We are Wisconsin’s first and only Authorized Breach Coach®, credentialed by NetDiligence. Our team members have also earned key privacy and cybersecurity certifications, including with:

  • International Association of Privacy Professionals (IAPP) 
    • CIPP/US: Certified Information Privacy Professional – United States
    • CIPP/E: Certified Information Privacy Professional – Europe
    • CIPM: Certified Information Privacy Manager
    • FIP: Fellow of Information Privacy
  • (ISC)2 CC (Certified in Cybersecurity)
  • CompTIA Security+ 
  • Higher education institutions, including The London School of Economics and UCLA
Please wait while we gather your results.

You might also be interested in

Please wait while we gather your results.