As the patchwork state-by-state approach to privacy laws continue to expand in the U.S., it is important for your business to stay on top of changing data privacy requirements. Our team tracks the latest developments in privacy law and has comprehensive knowledge of statutory and regulatory schemes in the U.S. regarding data privacy, digital marketing, and connected devices and vehicles, including the Gramm-Leach-Bliley Act, FERPA, TCPA, the CAN-SPAM Act, COPPA and state privacy laws in California, Virginia, Colorado, Utah, Connecticut, among others both recently passed and under considerations, as well as industry self-regulatory schemes like the Payment Card Industry Data Security Standards (PCI-DSS) and the Digital Advertising Alliance Self-Regulatory Principles.

We also assist clients with international data privacy compliance concerns, including compliance with the General Data Protection Regulation (GDPR), international data transfer requirements, compliance with Canadian data security and privacy laws like the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as compliance with many other international statutes governing data privacy and cybersecurity. We help build global privacy programs that work for your business.

Not only can our team assist with compliance, but the team can help your business implement data privacy best practices and develop a privacy program that can efficiently evolve with the changing regulatory landscape.

Some of what we counsel clients on:

• Privacy policies and cookie policies
• Negotiating data processing agreements 
• Employee privacy and data access policies
• Global privacy programs
• Internal privacy compliance programs
• Data subject requests
• Advising on how to create compliant Internet of Things (IoT) products
• Vendor management programs
• Compliance training

For most businesses, a data breach is the nightmare scenario.

Industry headlines show that a data breach must be considered a when, not if scenario. Furthermore, the average breach response costs millions of dollars… before the regulatory investigations and litigation that often follow.

No matter where your business finds itself in the data-breach lifecycle—preparing to avoid or reduce the impact of a breach, seeking to comply with a growing thicket of governing laws and regulations, or responding to an ongoing breach—our team can help.

We are Wisconsin’s first and only Authorized Breach Coach® credentialed by NetDiligence, the industry leader in cyber risk readiness and response services. Our team members are highly credentialed, nationwide thought leaders on cybersecurity who routinely publish and present with other industry experts. We’re people of action, experienced in digital forensics, cyber-incident response, ethical hacking, website security, software programming, and the knock-down-drag-out world of litigation that often follows a breach.

Some of what we counsel clients on includes:

• Infosec best practices, including the implementation of Written Information Security Programs, Incident Response Plans, and ancillary policies relating to areas like mobile device security and secure remote access.
• Tabletop exercises, or “dress-rehearsal” practices, that simulate real cybersecurity incidents to see how your business, its leaders, and its employees respond.
• Active breach response, sometimes called “breach coaching,” in which we lead your business, often with a team of other experts, through all aspects of the response, from negotiating ransom payments to forensic examination to regulatory and individual notifications.
• Cybersecurity compliance in highly regulated industries, such as financial services, insurance, and healthcare.

Your business can even retain us ahead of time—at no up-front charge—to be your breach coach. That way, if your business is ever attacked, you know who to call right away, saving critical time.

We navigate the mess of applicable regulations, mitigate the damage and potential for litigation, and more critically, get your business back up and running.
 

Godfrey & Kahn is proud to serve as technology transactions counsel to some of North America’s most respected companies. Unique in our real-world experience, we combine legal acumen with diverse industry credentials. Our team members have served in information security roles and as IT consultants, and have counseled Fortune 100 companies and cryptocurrency and blockchain developers. Other members of our team possess technical degrees in engineering and industrial technology.

Our work is contemporary but has matured with decades of experience supporting banking, insurance, financial service, healthcare, manufacturing, and IT sectors. We support our clients by delivering practical solutions that blend legal and technology insights across many areas, such as:

• Tech Procurement & Outsourcing arrangements exceeding well over $1 billion in aggregate value. These transactions include ITO and BPO deals in nearshoring and offshoring arrangements with global vendors such as WIPRO, Infosys, HCL, Cognizant, IBM, AWS, and Microsoft in locations around the world. We are well-versed in all varieties of software licensing, as well as the applicable implementation, maintenance, and service options that accompany them.
   
• E-commerce and Digital Platform advice, leveraging our knowledge of new media, regulatory standards, and the ever-evolving legal developments that matter to our clients who do business online. We know the rules, risks, and rewards of online commercial activities—from email marketing and digital advertising to tagging and targeting to data scraping.
   
• Technology Alliances of all types. Our experience encompasses tasks unique to the technology industry, such as strategic alliance deals, joint development arrangements, technology joint ventures, data sharing agreements, reseller arrangements, and the purchase of third-party technology assets.
   
• Cloud and XaaS transactions from software as a service (Saas), to platform as a service and infrastructure as a service deals. If the arrangement involves the cloud, we’ve likely negotiated that type of deal for multiple clients and bring that experience to bear in helping you to close your transaction.
   
• Telecommunications and Broadband service and infrastructure agreements. We create, negotiate, and close arrangements that form the networks for the movement and storage of data communications. From fiber capacity to indefeasible rights of use and all manner of wireless and wireline services agreements, we understand what’s market in telecommunications.
   
• Merger and Acquisition support, from pre-deal through post-closing, including data transactional, privacy and cybersecurity due diligence of data stores, software, hardware, and the internal practices of clients and targets alike.

It goes by many names: AI, artificial intelligence, machine learning, algorithmic decision-making… but whatever name it goes by, there’s no question AI is a new reality for businesses to consider and address.

Our team is at the forefront of the development, use, and licensing of AI in a wide range of sectors and in its many applications. We assist clients in developing internal AI governance for the use and development of AI. This includes addressing concerns about employee use of publicly-available AI systems like ChatGPT, the ethical use of AI, risks related to IP ownership, bias and discrimination, and compliance with existing and emerging AI laws and regulations.

In combination with our vast experience in data privacy, we counsel clients and work with their data scientists to ensure their use of data meets with data privacy laws and other applicable requirements.

We partner with our clients as they evaluate AI-based products to ensure a proper understanding of product risks and how best to address them in licensing. We collaborate with our labor and employment practice to ensure bias- and discrimination-avoidance, and together with our corporate practice, we advise buyers and sellers on AI assets in mergers and acquisitions, both pre- and post-closing.

Some of what we counsel clients on includes:

• Creating, implementing, and assessing AI governance processes
• Drafting policies related to the use and development of AI
• Assessing potential risks and liabilities from the use of AI
• Evaluating AI for compliance with applicable regulations 
• Confirming the use of data to create and train AI is compliant with privacy laws and any related contractual obligations
• Negotiating licensing and development terms for use of AI-based products
• Communicating with internal data scientists and IT team members to align the business on governance, risks, and compliance

Disputes over data and technology—over their use (or misuse) as well as the agreements and laws that govern them—are growing rapidly in scope and complexity. To best position your business to prevail, you need a team that understands both the sophisticated technologies at issue and the context-specific procedural issues that arise during litigation and investigation.

Our cross-disciplinary team meets that need, with attorneys who straddle the line, offering subject-matter knowledge and deep litigation experience. 

We’re equipped to handle all types of technology- and data-related disputes and litigation, such as:

• Consumer class actions on issues like text and email marketing, biometric privacy, pixels and cookies, wiretapping, and data breaches.
• Wire transfer fraud disputes between businesses seeking to determine who should be held liable after a criminal successfully misdirects a payment between them.
• Data loss and theft disputes, whether they stem from intentional attempts to steal trade secrets or from a contracting party’s inadvertent loss of data in a breach.
• Technology contracting issues, which often require understanding multiple interlocking agreements (such as master services agreements and various service-level agreements) and technical issues.
• Government enforcement actions, related to privacy or cybersecurity matters, such as investigations from state Attorneys General or the Federal Trade Commission.