Privacy laws are complex. We can help.
Our privacy and cybersecurity practice offers full-service solutions from evaluating ongoing compliance requirements, to preparing privacy policies and contracts, to litigating high-stakes data privacy and security cases.
Our team stays updated on emerging and evolving privacy and cybersecurity laws to efficiently and expertly counsel clients on a range of issues from routine regulatory compliance to complex and novel situations, and we help businesses minimize legal risks while meeting commercial objectives.
We have years of experience navigating the ever-growing patchwork of state, federal, and international privacy and data security laws that are applicable to internet and technology businesses.
We help counsel clients on a wide variety of privacy and cyber laws, including the California Consumer Privacy Act (CCPA) and the newly-passed California Privacy Rights Act (CPRA). We also assist clients navigating the European Union’s General Data Protection Regulation (GDPR), state data breach and other data security laws, the Telephone Consumer Protection Act (TCPA) and Telemarketing Sales Rule (TSR), the Restore Online Shoppers’ Confidence Act (ROSCA), the Electronic Funds Transfer Act (EFTA), California’s Automatic Renewal Law (ARL), the Fair Credit Reporting Act (FCRA), the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and federal and state anti-SPAM laws.
Our firm has represented defendants in high-stakes litigation involving data privacy and data breach issues, including investigative and enforcement actions by the Federal Trade Commission (FTC) and state Attorney Generals, as well as in private litigation. We also advocate for victims of unauthorized hacking and security breaches.
Our attorneys have a depth of knowledge on preparing tailored and informative privacy policies and other privacy agreements for a wide range of business models, including for social media companies and platforms, high-risk e-commerce and other online merchants, affiliate and other internet advertising companies, lead generation businesses, communications providers, and technology companies. We understand the growing and complex realm of internet and technology laws, including regarding the Internet of Things and artificial intelligence.
We also advise clients on measures to strengthen compliance with data security regulations, and we represent clients involved in data breaches, including where companies and victims need to take action quickly to remediate security vulnerabilities and determine what sort of notification, if any, needs to be provided to consumers and state Attorneys General.
+ Represented a financial services client in a swift settlement with the FTC, which alleged privacy and security violations, and advised client in ongoing privacy and security compliance.
+Represented restaurant and hospitality conglomerate regarding a data breach and extortion matter.
+Advised a major digital media company concerning how the theft of its encrypted database of users may have triggered state data breach laws.
+Advised a client on the investigation of the theft of a Fortune 500 company's database containing customer information and credit card numbers.
+Represented the U.S. Chess Federation in a lawsuit involving unknown parties hacking into the email account of a member of the board of directors of our client and stealing information regarding the internal investigation of two other directors of the organization.
+Advised tax consulting business involved in a data breach on how to mitigate the harm and provide legal notices to consumers and law enforcement.
+Represented a top retailer of ink and toner products in lawsuit against former employee who gained unauthorized access to client’s server, took trade secrets and disclosed them to ex-employee’s new employer, which was a direct competitor of our client.
+Represented a medical records imaging technology company in a lawsuit against an unknown person who hacked into the client’s network.