Our Cybersecurity, Privacy, and Data Governance team understands our clients’ challenges assessing and pinpointing cybersecurity risks for new and evolving technologies – as well as the strategies needed to protect their interests when they are victimized.
Heightened regulations and an uptick in high-profile cyber-attacks and security breaches continue to increase the importance of addressing and mitigating risks before an attack occurs. We are adept in advising clients on the changes in privacy related legislation and the ever-changing privacy landscape. We help clients assess cyber-related risks, data protection and privacy protection – whether they are launching a new product or making an acquisition – and we offer practical solutions to protect their most important assets.
Our team advises on legal issues related to privacy protection, the prevention and mitigation of data breaches, and general enterprise security throughout a variety of industries, including financial services, higher education, technology, and manufacturing. The members of our Washington, D.C.-based office are well-positioned to help organizations understand and influence legislative and regulatory developments in this emerging area.
While prevention is important, we also are prepared to help respond rapidly on your behalf when a breach occurs. Our team assists with internal investigations, legal notification obligations and other immediate response needs, and we will be on hand to defend your interests if lawsuits arise post-incident. This includes litigation brought by government regulators, consumer class actions, or contractual disputes with business partners, in relation to HIPAA, the FTC Act, state-specific privacy laws, and numerous other national and international privacy and data breach laws. We work to get you back to regular business as soon as possible.
ensuring compliance and implementing policy
Navigating the patchwork of privacy and cybersecurity legislation across the U.S. to ensure compliance with the latest legislative or regulatory requirement is a foremost concern of our group. As AI and other new technologies raise new issues, our team will remain vigilant to provide practical and relevant legal advice. We work closely with clients to ensure they remain compliant with federal, state and foreign privacy and data use and security requirements. This includes preparation and revision of internet, user, and customer privacy policies; counseling on industry-specific privacy requirements; and addressing customer and other privacy complaints or data breaches. We frequently are brought in to review data privacy and cyber risk in the context of corporate mergers and acquisitions.
We advise on company policies and procedures for compliance with state data breach and notice laws, as well as draft terms-of-use agreements and other warnings and contracts to protect and limit the use of data made available to customers and users. Our team also prepares data licensing agreements and other licenses and contracts relating to data use, and our insurance group provides mitigation strategies through cyber liability insurance policy review and recommendation.
litigation
Incidents happen. When they do, our litigation team aggressively defends our clients who are accused of any privacy-related violation or data breach.
Our litigation team has successfully resolved data breach claims, including class action claims, brought against health care companies, non-profits, and for-profit corporations. We have counseled clients on claims involving intercepted wire transfers and losses due to cyber-related events.
biometric privacy and privacy statutes
Privacy laws related to biometric and genetic information like fingerprints, facial scans, and family medical history can impact businesses in unexpected ways, with judicial interpretations changing frequently.
The best response is a defensive strategy that includes monitoring of legislative enactments and court decisions at all levels. Illinois’ Biometric Information Privacy Act (BIPA) is a case in point. BIPA has significantly impacted businesses by requiring consent for the collection, storage, and use of biometric data. Since BIPA’s enactment, hundreds of companies operating or based in Illinois have faced claims seeking to enforce the statute’s liquidated damages provision. Our firm has defended and successfully resolved BIPA claims arising from the use of biometric identifiers in consumer-based transactions and employment relationships.
And it’s not just BIPA – there are laws in other jurisdictions and states related to biometrics, including New York, Texas, and Washington. There are also laws prohibiting private entities’ use, collection, or handling of genetic information including Illinois’ Genetic Information Privacy Act (GIPA) and the Genetic Information Nondiscrimination Act (GINA). Our team brings a multidisciplinary background to defending novel statutory claims, with experience covering cybersecurity, complex commercial litigation matters, e-discovery, mass torts, and class actions.
Our team recognizes the need to be abreast of the legal developments in the privacy and cyber space. Today the focus is AI, tomorrow the focus will be different. TC has a total commitment to keeping your business secure and prepared.
We understand our clients’ businesses and how to provide practical solutions to privacy and cybersecurity issues that fit into their overall structure.
When privacy and cyber issues arise, we assemble a crisis response team that works with you to perform forensic work, prepare required notifications, manage your insurers, and prepare for any litigation.
If you are sued, we assemble a team that has successfully litigated breach claims, statutory violations, and other manner of cyber and privacy claims.
