Privacy & Cybersecurity

Counsel on data stewardship in a time of explosive information technology growth.

Meet the team
WHY LOCKE LORD

Locke Lord's Privacy & Cybersecurity Practice Group guides our clients in meeting legal, regulatory and contractual obligations concerning the collection, use, transmission, storage and destruction of data, and in mitigating cybersecurity risks. With a range of backgrounds in insurance, finance, retail, health care, energy, IP and litigation (among others), our lawyers provide advice that takes into account the standards and practices of the industries and legal frameworks in which our clients operate as well as laws and regulations of countries worldwide.

Our lawyers regularly develop:

  • Privacy policies
  • Information security programs
  • Incident response plans
  • Document retention policies

In the event of a security incident, we:

  • Provide the requisite legal analysis and advice
  • Guide forensic evaluations
  • If necessary, prepare data breach notifications and other communications, oversee remediation, and work with clients to prepare for and respond to inquiries from governmental agencies and affected individuals

Incident Preparedness and Risk Management

We frequently counsel clients in connection with identifying, prioritizing and addressing potential threats and vulnerabilities as well as in corporate governance issues. We also provide preparedness assistance, including:

  • Refining incident response plans
  • Conducting tabletop exercises
  • Working with an organization’s data custodians
  • Helping to improve vendor and business partner agreements and oversight
  • Advising on the identification and engagement of forensic and other technical consultants to assist the client where appropriate

Compliance and Enforcement

Our team has experience with various compliance regimes, including those applicable to financial services, insurance, health care, education, retail, telecommunications, energy, defense and other industries, and their service providers.

We assist in responding to information requests by government agencies, regulatory inquiries and enforcement actions.

We have dedicated groups to track developments and educate the marketplace generally through articles, conferences and webinars in connection with new and developing areas, such as:

  • California Consumer Privacy Act of 2018 (CCPA)
  • General Data Protection Regulation of the EU (GDPR)
  • New York Department of Financial Services (NYDFS) Cybersecurity Regulation
  • Cybersecurity Litigation and Enforcement

We provide targeted, practical advice on compliance with privacy and information security requirements, including:

  • CCPA
  • GDPR
  • PCI-DSS
  • CAN-SPAM
  • COPPA
  • ECPA
  • FCRA
  • GLBA
  • HIPAA and HITECH
  • NY DFS Cybersecurity Regulation and NAIC Insurance Data Security Model Law
  • TCPA

Incident Response

When a cybersecurity incident or data breach is suspected, our professionals handle the legal and regulatory aspects of investigation, analysis and response. We are familiar with the security and breach response requirements associated with special data types, such as personally identifiable information (PII), protected health information (PHI), payment card industry (PCI) data, and information maintained by defense contractors and others in industries with specialized industry guidelines. We are staffed to respond quickly, efficiently and effectively to both large, complex breaches and more limited, routine compromises of data security.

Litigation and Class Action Defense/Cyber Claims

We have experience defending against class action and other lawsuits in both consumer and employee class scenarios, and our experience extends to data breach and other security and privacy-related litigation matters in various jurisdictions.

In addition, we advise insurance clients on cyber insurance issues and claims, and with clients in a number of other industry sectors on the development and implementation of national litigation strategies related to exposures arising from the collection, handling, use and disclosure of personal information.

Transactions

Our lawyers are often called upon to provide subject matter knowledge in a variety of transactional contexts. For example, we:

  • Assist M&A counsel with due diligence related to target company privacy and cybersecurity compliance and risk profile
  • Draft and negotiate representations, warranties and indemnities concerning privacy and data security matters
  • Support clients developing emerging products and technology as they consider myriad issues related to collection and use of data
  • Draft and negotiate appropriate contractual obligations related to privacy and information security in a wide variety of vendor, supply, service and customer contracts
  • Assist with electronic signatures and electronic payments and associated disclosures and requirements

International

We advise companies with multinational operations on EU and other data protection laws as well as on cross-border data flows and transfers, including in:

  • Cloud computing and other information services arrangements
  • EU General Data Protection Regulation (GDPR) compliance
  • Internal investigations concerning potential fraud, corruption and the Foreign Corrupt Practices Act (FCPA)

We provide counsel and coordination on data protection policies and regulatory compliance issues in the UK and abroad. In addition, our Firm is a member of World Law Group (WLG), a global independent law firm network with more than 18,000 lawyers worldwide. WLG allows us to access the resources required to meet a client’s needs almost anywhere in the world — swiftly, efficiently and cost effectively.

RELATED EXPERIENCE
RELATED EXPERIENCE
AWARDS AND RECOGNITION
IAPP

Many Practice Group Members Certified Information Privacy Professionals