As our clients collect and generate more data, we help make sure that data is an asset, not a liability, by developing policies and practices that keep clients in line with evolving cybersecurity and privacy obligations. Our lawyers counsel clients through the entire life cycle of privacy and data security concerns—from advising on global data privacy compliance, product development, and data-related transactions, to crafting privacy and data security programs and policies, managing incident response, and conducting internal investigations, litigation, and regulatory proceedings.

Our team has helped leading companies face today’s biggest privacy and data security challenges. Whether you’re dealing with the repercussions of a ransomware attack; facing the growing web of international, federal, and state privacy laws governing everything from biometrics to financial data; or responding to inquiries from regulators and attorneys general, we’ve got you covered.

We represent companies across industries, including hospitality, transportation, energy, health care, financial services, pharmaceuticals, gaming, consumer products, crypto and blockchain technology, and emerging Web3 and AI technologies. Senior business executives, company boards, technology leaders, and corporate legal departments look to our team to anticipate challenges, shape strategies, and address the business, legal, and policy issues surrounding privacy and cybersecurity.

Our capabilities include:

• Global Data Privacy Compliance – advising companies on implementing policies and practices to comply with a wide range of data privacy laws, including state laws such as the the California Consumer Privacy Act and California Privacy Rights Act, and international laws such as the EU General Data Protection Regulation.
• Advertising and Marketing Practices – advising companies on data privacy and security compliance for the advertising and marketing campaigns.
• Product counseling – working with companies to ensure they design new products with privacy requirements in mind.
• Privacy Diligence in M&A Transactions – conducting diligence on target companies to identify and mitigate privacy risks.
• Data Protection and Data Transfer Agreements – drafting and negotiating agreements for data transfers between parties.
• Cross-Border Transfers and Transfer Impact Assessments – advising companies on the requirements for cross-border data transfers, including preparation of transfer impact assessments.
• Health Information Privacy – advising healthcare providers, pharmaceutical companies, and insurers on compliance with HIPAA and state laws governing medical privacy and genetic data.
• Financial Information Privacy – advising companies on compliance with state and federal financial-privacy laws, including Gramm Leach Bliley.
• Children’s Privacy – advising companies on compliance with the Children’s Online Privacy Protection Act.
• Data Minimization and Record Retention – developing record-retention and data governance policies that ensure compliance legal requirements.