Data Privacy and Cybersecurity
Our firm has the capabilities necessary to respond to the ever-changing landscape of information security and privacy law compliance, working on such issues as:
- Data Breach Prevention, Response and Litigation
- Mergers & Acquisitions
- Critical Infrastructure Protection
- Government Investigations & National Security
The lawyers in the Data Protection and Cybersecurity team have the necessary experience and technical and legal backgrounds to address the problems presented from data loss or privacy breaches and to give practical advice as to steps to be taken to prevent losses in the future.
We advise various companies across a broad range of industries on data protection and privacy laws, including numerous federal statutes and state laws which are often at variance with one another. Likewise, companies engaged in international trade are faced with foreign laws which create additional burdensome requirements. A company’s privacy policies are an important defense to a charge of violation of privacy rights or misuse of information. We are current in the relevant laws and obligations and will assist you in keeping those policies up to date.
Our experience includes:
- Guided the development of malware detection systems and devices while advising on privacy laws and IP infringement issues, conducting patent clearances and developing any necessary third party licenses necessary for infringement avoidance.
- Chaired a corporate legal/HR committee charged with developing and writing policies for handling Personally Identifiable Information taking into consideration the then current privacy laws.
- Regularly counsel clients on data collection, privacy, security and transfer issues as they arise in the ordinary course of business.
The protection of proprietary data and personal information is at the forefront of every organization’s planning process. Our attorneys have the capabilities necessary to protect companies before and after a data breach. Our team conducts data security and privacy risk assessments, and assists in developing and improving incident response plans to thwart potential breaches. Should a breach occur, we will immediately provide a response team having the relevant qualifications to address a response under attorney-client privilege, and the firm’s experienced litigation team is available to provide the appropriate defense or offense as needed.
Our experience includes:
- Advised supplier companies on data security and privacy issues, and in many cases working with counsel for those companies to properly respond to data breaches.
Our team includes lawyers with the knowledge and understanding of the emerging threats to the security of IT systems. Our attorneys understand the government regulations aimed at improving the security of such systems in business and in government. We assist clients in a broad range of industries, including energy, telecommunications, technology, internet services and government contracting to institute security systems and procedures to comply with US and international laws and regulations, minimize the chances of a cybersecurity incident, assist with incident response after a data breach, resolve disputes and adopt strategic solutions to solve business problems posed by cyber threats.
Our experience extends to data encryption technology, an essential tool for safe e-commerce. We help client users of encryption technology comply with US and international requirements governing the import, export, sale and use of encryption, including:
- Counsel boards of directors of public companies as to fiduciary duty and disclosure mandates implicated by cybersecurity and data protection/privacy issues.
- Draft privacy policies and advise on data privacy and security.
- Transfer matters, as needed.
We work with private companies in their purchases, sales and investments in companies and assets spanning multiple industries. Our team members assist in due diligence on both sides of the table, including assessments of each party’s ability to withstand a cyber-threat and the costs associated with the necessary steps to avoid security threats.
The United States Government has created a process and regulations to protect the country’s critical infrastructure—specifically companies in the communications, energy, financial, medical industries and defense contractors—from destructive cyber and physical attacks. This is primarily to ensure the security of its own supply chain. Our team advises companies included in the infrastructure and those seeking government contracts on compliance with the current critical supply chain legal and regulatory requirements.
We have counseled our clients regarding these matters by:
- Reviewing and negotiating data services agreements, which includes compliance with FCRA.
- Providing vulnerability assessment counseling, including the use of unsecured third-party components (e.g., “back doors” to permit easier access for service), insufficient security built into software, failure to ensure that employees and third-party employees are protecting proprietary information.
- Reviewing inbound and outbound telematics services agreements and advising clienta on data collection, use and transfer issues, as well as data security obligations.
Government investigations often require sensitive businesses—particularly those in the critical infrastructure—to provide information about their customers and subscribers. The business is, thus, forced to navigate conflicting legal obligations arising out of multiple privacy and cybersecurity laws worldwide. Businesses that are victims of cyber-attacks (e.g., thefts of money or property, denials of service, espionage or other malicious acts) must determine when and how to cooperate with any government investigation of the act and how best to do so. We advise clients regarding law enforcement and intelligence access under the variety of applicable laws, for example:
- Created a data breach protocol for dealing with all of the third party data it was required to maintain for various government and commercial programs.
- Provided advice concerning the import, export, sale and use of encryption taking national security issues into consideration.
- Provided legal support on security operations for corporations, including advising on appropriate responses to attempted intrusions, taking into consideration the possible ramifications of the intrusions to personnel rights and company information and providing counsel on the effects of the Communications Act, Foreign Intelligence Surveillance Act, FCRA and the Patriot Act.
- Alternative Energy
- Art, Museum and Cultural Property
- Chemicals, Petrochemicals and Refining
- Clean Technology
- Energy Technology
- Health Care
- Hospitality and Hotels
- Legislative Advocacy
- Life Sciences
- Liquefied Natural Gas (LNG)
- Manufacturing and Sales
- Maritime and Offshore Drilling
- Oil and Gas
- Real Estate
- Solar Energy
- Technology and Emerging Companies
- Venture Capital
- Wind Energy
- Copyright Litigation
- Intellectual Property and Technology
- IP Counseling and Licensing
- Patent Litigation
- Patent Prosecution
- Patent Trial and Appeal Board Proceedings
- Securing and Maintaining Trademarks and Brand Names
- Trade Secret/Trade Dress Litigation
- Trade Secrets/Trade Dress
- Trademark Proceedings and Litigation
- White Collar and Regulatory Enforcement
- 2/9/2017Andrews Kurth Kenyon Intellectual Property Partner James Rosini Recognized in 2017 Client Choice Awards
- Yahoo! Gives Snapshot of Privacy Law for 2017February 3, 2017
- Cybersecurity Trends: New Standards, Tolerating Ransoms Law360November 22, 2016
- Cybersecurity Due Diligence Is Crucial in All M&A—Including Energy M&A TransactionsNovember 14, 2016
- New York Proposes First State Cybersecurity Regulations for Financial Services Companies; Federal Agencies Push for Enhanced Standards to Prevent “Cyber Contagion”November 4, 2016