Our Data Privacy & Cybersecurity team offers significant experience in the dynamic and ever-evolving area of data privacy and cybersecurity.
Our team is structured to advise clients with a full spectrum of legal support from proactive cybersecurity and privacy, breach response, regulatory investigation and litigation management. Our team includes individuals with experience in digital forensics, cyber-incident response, ethical hacking, website security and software programming.
We counsel clients on information security best practices, including the implementation of Written Information Security Programs, Incident Response Plans and ancillary policies and procedures relating to areas like mobile device security and secure remote access.
Recent industry headlines have repeatedly shown that a data breach must be considered a “when” not “if” scenario.
Our team counsels clients on properly mitigating the risks involved with these breaches, including reviewing and negotiating cyber liability insurance policies, vendor risk management, data loss prevention, proper self-governance and instilling security awareness from the board room down.
When the inevitable data breach occurs, we quarterback the response plan by interfacing with trusted outside digital forensic consultants, providing proper notice across the United States and internationally, and remediating vulnerabilities that gave rise to the breach.
We're proud to be a Breach Coach® by NetDiligence®, a certification that recognizes law firms that have demonstrated excellence in data security and privacy. Breach Coach law firms must handle at least 50 breach incidents per year and serve as thought leaders for the entire cyber industry.
Our team has comprehensive knowledge of statutory and regulatory schemes regarding data privacy, cybersecurity, digital marketing and computer crimes, as well as industry self-regulatory schemes like the Payment Card Industry Data Security Standards (PCI-DSS) and the Digital Advertising Alliance Self-Regulatory Principles.
Our team has assisted clients with international compliance concerns, including compliance with the General Data Protection Regulation, self-certification under the Privacy Shield program of the U.S. Department of Commerce, compliance with Canadian data security and privacy laws like the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as compliance with many other international statutes governing data privacy and cybersecurity.
We provide subject matter support on mergers and acquisitions, including data privacy and cybersecurity due diligence of data stores, software, hardware and the internal practices of clients and targets alike, from pre-deal through post-closing.
Our team can offer both legal and practical advice on how clients can properly manage the burgeoning risks related to the acquisition and use of technology, and the ever increasing amounts of data that arise from that technology in an interconnected world.
Representative Experience
Assisted merchants, including an operator of resorts, on-line retailer, and travel agency in investigations to determine the source and scope of data security breaches involving the theft of customers’ personal information, completing statutory notice requirements, and interfacing with law enforcement agencies investigating the breaches.
Represented financial institution in litigation initiated by loan modification company where financial institution froze merchant’s accounts after determining that merchant was engaged in pattern and practice of fraudulently charging its customers’ credit cards for services it did not provide.
Provided counsel to a specialty insurer to determine its obligations in a number of states when its auditor lost a non-encrypted thumb drive containing policyholder personal information.
Worked with insurer to assess notification requirements when UPS lost a box containing a significant amount of confidential policyholder information.
Represented a group of Wisconsin residents in an action filed in the U.S. District Court for the Eastern District of Wisconsin challenging the state legislative districts adopted by the Wisconsin legislature. We engaged in significant post-judgment ESI discovery, including forensic analysis of computer hard drives, networks, and servers.
Provide counsel to clients on compliance with HIPAA’s privacy requirements and, when necessary, defend clients sued for alleged violations of HIPAA or invasion of privacy.
Telephone Consumer Protection Act (TCPA) class-action litigation. Served as counsel to defendants and third-parties involved in individual and class-action Telephone Consumer Protection Act lawsuits filed in federal courts.
Lead counsel for the world’s largest online marketplace for finding and managing family care in a wrongful death lawsuit that involves significant computer and network forensic examination and analysis and legal issues relating to protection of personally identifiable information.
Defended clients in HIPAA enforcement actions brought by the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”).