Skip to main content

Data Protection & Cybersecurity

Robert Van Arnam Photo
Kevin D. Pomfret Williams Mullen Headshot

Regardless of your industry, service, product or size, you are now also a data company. Your servers, computer hard drives and mobile devices likely contain valuable intellectual property and business data that can be commercialized for profit. Conversely, they can also include sensitive commercial data and personal information on customers and employees that should not be disclosed.

We can help you optimize the value of your digital assets in a manner that complies with an ever-changing legal and regulatory framework.  Equally important, we can advise on how you should manage and protect your and your customers’ sensitive data from attacks, so they do not become a significant liability.

Our multi-disciplinary team of lawyers can handle any aspect of your data protection needs.  Please click on the links below to learn more about our services.

  • Privacy Policies and Procedures
    The proper collection, safeguarding and use of information are growing concerns that require attention to technology, business practices and the requirements of multiple jurisdictions and government agencies.  Data collection from mobile devices and social media are two highly visible areas of risk.  Whether your business involves digital advertising or financial safeguards, we can help management put effective and reasonable privacy policies and procedures in place. Our lawyers develop privacy policies for a variety of clients, applications and business models, including drafting procedures and policies for the management of consumer information (online and offline) and the protection of employment and other sensitive materials.   
  • Data Security 
    We develop compliance programs and policies that address complex state and federal privacy regulations, so you can reduce the risk of improper disclosure of confidential or sensitive information.   
  • Information Governance 
    We provide practical advice on what you can do now to decrease your liability should a data breach occur.  We help companies determine what data must be stored to comply with applicable laws, and what should be saved for business purposes.  Less data equals less exposure in the event of a cyber breach and less data to collect, review and produce during litigation.   
  • Data Breach 
    Various federal laws and the laws of 46 states govern a company’s response and notification requirements in the event of a breach.  We can help you prepare and then comprehensively and effectively respond to data breaches by partnering with consultants in the fields of software, forensics, insurance and public relations.  In addition, we work with cybersecurity professionals after a cyber breach to ascertain and advise you on the nature of potential legal claims and the exposure for damages.  Finally, our lawyers help to develop a litigation strategy with practical solutions that align with your interests.   
  • Litigation 
    We offer trial attorneys who are experienced in representing clients and their insurers in complex litigation to represent clients against claims from federal agencies and regulators, state Attorneys General and private litigants, including the defense of national class actions across the country.   
  • Software and Vendor Agreements 
    A contract with a vendor for the physical or cloud storage and maintenance of your customers’ personal information and data does not mean you are absolved of liability if that information is breached.  We conduct due diligence of prospective vendors and negotiate and enact third-party vendor programs to reduce clients’ risks from a breach.   

In addition, we are experienced in advising clients in the following industries and, therefore, are familiar with specific issues that may come into play with data protection and cybersecurity. For more information, please click on the following links. 

  • Financial Services 
    Increasingly, banking is done remotely via mobile devices or on the Internet.  While online banking has many advantages, it also comes with a significant risk for both financial institutions and their customers - unauthorized transfers from a customer’s account caused by a breach of the customer’s computer system.  We counsel clients with regard to compliance with the Gramm-Leach-Bliley Act and related privacy and safeguards rules and the Fair Credit Reporting Act (FCRA).  Our experienced litigators can develop and execute a strategy that balances a financial services company’s reputational concerns, exposure to damages and desire to retain its customers.   
  • Health Care 
    We routinely advise hospitals, health systems, physicians and vendors on privacy and security issues related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which governs the use and disclosure of Protected Health Information (PHI).  To help our health care clients avoid potentially significant monetary penalties associated with the improper disclosure of PHI, we develop comprehensive compliance programs and provide counsel on what constitutes a data breach.  If a data breach has occurred, we can guide our clients through the relevant breach notification requirements and mitigation efforts.   
  • Retail 
    We counsel clients and help enact effective privacy and online policies to ensure that their marketing, social media and promotional campaigns are compliant with regulations and laws from, and related to, the Federal Trade Commission (FTC), the Children’s Online Privacy Protection Act (COPPA), the California Online Privacy Protection Act (CalOPPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) that protect consumers.   
  • Geolocation Information 
    Any data that can be associated with a location is particularly sensitive because it can often be used to identify a person and make assumptions about his or her habits and activities.  As a result, laws and regulations are increasingly being created or amended to protect geolocation information.  This will become more of an issue for public and private sector entities since these entities have been collecting this type of information for many years without regulatory oversight.  We help various entities develop products and services that use geolocation information in a manner that is compliant with privacy regulations and applicable laws.   
  • Unmanned Systems 
    As the use of unmanned systems technology becomes more pervasive, the amount of data being collected, transmitted and stored will grow exponentially.  Because we have extensive knowledge of the field of geospatial data, including what is and what is not permissible under privacy laws, we can help public and private sector entities narrowly tailor their collection plans so that they comply with applicable federal, state and local laws.  We can also advise on best practices on how they should protect the data they collect from unapproved uses.  In addition, we are closely following laws and policies intended to protect command and control communications from cyber threats.   
  • Government Contracts 
    Cybersecurity issues confront all businesses but are especially challenging for government contractors.  In addition to being particularly savory targets for hackers, government contractors must confront an array of evolving, complex, conflicting and increasingly costly standards and requirements regarding information security.  We help companies navigate through the changing legal standards and requirements and advise on data breach responses through investigation, reporting and follow-up.  We can help government contractors safeguard company interests by strengthening agreements involving information security, advise on due diligence in M&A situations, help develop a proactive response to cybersecurity audits and enforcement actions and provide counsel on cybersecurity-related bid protests and claims.  In sum, our team of regulatory, transactional and litigation lawyers can help government contractors develop an appropriate approach to confronting this daunting challenge in a responsible manner that is commensurate with their company’s situation.   


View More View Less


Please click below to download valuable content in our resource library.