Data Privacy & Cybersecurity

• Data security policies, plans, and assessments
• Data privacy and cybersecurity risk assessments, including Data Protection Impact Assessments (DPIA)
• Compliance advice for U.S. and international privacy laws and regulations
• Privacy notices and consents
• Data subject access requests (DSARs)
• Incident response and remediation management
• Data privacy or security litigation, investigations, and enforcement action representation
• Corporate transaction due diligence for privacy, security, records management, and litigation hold issues
• Insider risk management counseling

We help clients harmonize policies and procedures across functions (privacy, legal, compliance, records management, information technology) to address risk and compliance across enterprise systems and applications and to align with legal, regulatory, and business needs.  Our approach also encompasses proactive risk assessment, incident management, and the intricacies of cross-border data transfers. 

Ways we bring value include:

• We are trusted advisors.  We get to know our clients, and we tailor our data privacy and cybersecurity advice to their unique circumstances and the nuances of their environment rather than taking a “cookie cutter” approach.  We seek to become an extension of the team and are experienced advisors for organizations seeking dependable navigation in the digital realm.

• We are litigators.  We offer strategic and defensible advice concerning data privacy and security issues informed by courtroom experience.  Our team takes a comprehensive approach to risk assessment, breach response, strategic litigation planning, and regulatory compliance, ensuring organizations are prepared for and can effectively address data-related challenges and potential litigation, investigations, or enforcement actions.

• We are technology leaders.  Our team is versed in how the emerging technology landscape affects data privacy and security.  With the constant software developments and the rise of AI tools, including GenAI, we are acutely aware that attacks are becoming more complicated and software more vulnerable.  Our team helps organizations adapt approaches that consider and address the evolving technology landscape so that risk is minimized and mitigated and information remains secure.

• We take a holistic approach.  We integrate legal knowledge with efficient strategies that consider best practices for data management, including implementing important practices like defensible disposition and data minimization for organizations looking to minimize data privacy and cybersecurity risk.  Our comprehensive solutions provide a blueprint for consistent and defensible decisions for organizations looking to turn potential business risks into practical business opportunities.  

• We have seen it all and anticipate what’s next.  Our professionals have invested significant time tracking the evolving scale of U.S. and international laws addressing data privacy and security considerations.  Through working with leading subject-matter and thought leadership organizations, such as the International Association of Privacy Professionals (IAPP), The Sedona Conference®, the Electronic Discovery Reference Model (EDRM), and Lawyers for Civil Justice (LCJ), we are at the forefront of defining best practices and leading-edge guidance.
• We ask “the right” questions.  Our professionals are very familiar with the complexities of data privacy and cybersecurity and leverage this knowledge to ask key questions that uncover vulnerabilities, identify opportunities, and optimize compliance strategies.  We prioritize a thorough and investigative approach to ensure clients stay ahead of the curve.