Cybersecurity and Privacy Legal Services

In today’s internet age of technology, no company is immune to the danger of a cyber-attack. Our attorneys are well-equipped to handle the aftermath should one occur, but we are also well-versed in guiding companies on taking the proper precautions to prevent cyber intrusions by assessing risks and providing solutions.

Our cybersecurity and privacy legal services team offers:

  • Preparing incident response plans (IRPs) to streamline the investigation and remediation process if a breach does occur, as well as assisting the client with testing and evaluating these plans through simulated data breach exercises;
  • Ensuring compliance, where appropriate, with foreign privacy laws, such as the EU 1995 Data Directive and the 2018 General Data Protection Regulation and any required certification thereunder, as well as with US-EU joint privacy initiatives, such as Privacy Shield;
  • Conducting privacy audits to help clients understand what data they have, how it is vulnerable and how it can be protected;
  • Conducting privacy impact assessments for new products, such as apps, or services that a client is looking to introduce into the marketplace or the workplace;
  • Employee, executive and board member training on cybersecurity (breach response, spear phishing, password protocols);
  • Drafting third-party agreements governing the allocation of privacy risks between parties to a transaction involving the disclosure or use of personal information (agreements with cloud service providers, HIPAA business associate agreements, etc.);
  • Preparing privacy policies and notices that allow clients to use customer information while complying with any relevant sector or industry-based privacy regulations (HIPAA, Gramm-Leach-Bliley, FERPA, COPPA, PCI-DSS);
  • Preparing internal policies dealing with privacy issues at work (BYOD, social media use, workplace surveillance, monitoring internet activity, etc.);
  • Preparing data retention or destruction plans;
  • Privacy due diligence for mergers or acquisitions involving the transfer or sale of personal information;
  • Serving as a company’s outside data protection officer for those that are too small to have a separate employee tasked with that function; and
  • Advising clients on obtaining coverage under cyber insurance policies, including assistance with the application process, which can serve as its own privacy and cybersecurity audit.

Bottom line: cyber intrusion threats are real, but we are here to help by cultivating awareness, implementing best practices and arming our corporate clients with the appropriate tools for protection.

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.


AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.

back to top