An increasing number of companies use and maintain data assets, which have both strategic and present value. Accordingly, growing areas of the law apply to data safeguarding and management. Adams and Reese’s Privacy, Cybersecurity and Data Management team’s experience touches multiple areas in the application of privacy laws and data management to help companies comply with these laws as well as ensure their data assets remain secure.
Our team guides clients in matters involving the use of technology for data collection and transfer, information technology outsourcing, financial technology, education technology, privacy and data security corporate due diligence for mergers and acquisitions, compliance and risk assessments and evaluations, information management, consumer protection, international data protection laws, intellectual property, healthcare and healthcare technology, cyber liability insurance, breach response and crisis communications and regulatory and consumer class action litigation defense.
With a strategic business-minded approach, we provide practical advice on all aspects of privacy, data management, cyber risk and liability, incident response and data breach and information management. Our services include:
Risk Management and Compliance
- Evaluating compliance with all U.S. federal and state privacy and information management requirements, including GLBA, HIPAA, HITECH, COPPA, FCRA, FACTA, DPPA, CCPA, state laws regulating the collection of Biometric Data, CAN-SPAM, state and federal security breach notification laws and other requirements, PCI DSS, global requirements under the EU’s GDPR and Privacy Shield Framework.
- Designing privacy programs, including advising on organizational structure, policies and practices to help manage data in accordance with U.S. and global privacy laws and educating boards of directors and senior management on legal and compliance issues and providing employee privacy awareness training.
Commercial and Corporate Transactions
- Evaluating, drafting and negotiating third-party vendor software, infrastructure support, managed services, technology licensing agreements, information use agreements and data sharing agreements to mitigate risk in contracting and vendor management.
- Evaluating, drafting and negotiating privacy and cybersecurity provisions and draft consumer-facing privacy policies and terms of service for web-based or mobile applications.
- Performing privacy- and security-based due diligence to assess risks in mergers and acquisitions. We negotiate representation and warranties specific to technology and data management and advise on data integration/deletion post-closing.
- Providing go-to-market advice and risk analysis related to data security, plus advising on data management in the formation of new service offerings and technology platforms.
Investigations and Dispute Resolution
- Providing advocacy in response to allegations of misuse of data and representing clients in state and federal investigations, including actions and requests for information from state attorneys general and the Federal Trade Commission.
- Counseling clients in online defamation and violation of social media terms of service issues and litigation.
Cyber Advisory and Risk Services
- Advising on appropriate cyber insurance coverage solutions based upon a client’s exposure, from reviewing existing policy language and referrals to brokers and carriers with specialty coverage, to handling post-breach cyber coverage analysis, recovery under policies and related coverage litigation.
- Advising on cybersecurity consultant retention under the attorney-client privilege and ensuring litigation readiness for clients, including conducting risk assessments and data security audits, as well as counseling clients on practices to help mitigate data, business and litigation risks.
Integrated Incident Response Preparedness
- Developing incident response plans and conducting tabletop cyber-attack simulation exercises.
- Counseling on time-sensitive incident response measures including breach containment, incident investigations and disclosures, consumer notifications, law enforcement and government relations communications, data and evidence preservation, regulatory reporting and litigation and discovery readiness.
- Providing advice and managing the response in connection with a ransomware attack on the City of Atlanta and its computer system.
- Advising a financial institution and payment processing vendor through all stages of a data breach incident involving the loss of sensitive customer data, including incident analysis and breach containment, incident disclosure (i.e., notification in compliance with all regulatory requirements), loss mitigation and remediation customized to meet each client’s specific business and industry requirements.
- Counseling governments on incident response, ransomware attacks and recovery efforts.
- Advising public, private and charter schools on contracts with third-party vendors who have access to student data or information, including provisions protecting the district, and ensuring compliance with insurance requirements.
- Counseling multiple franchise systems through incident analysis, breach response and a state consumer protection regulatory inquiry and payment card brand investigation.
- Counseling an international construction company and hotel portfolio management company through a breach investigation, response and notification involving the theft of employee W-2 tax information obtained as a result of phishing scheme.
- Advising school districts on matters involving employee use of social media.
- Counseling multiple clients regarding emerging and new digital offerings, e.g., cloud, software, interactive, analytics and mobility.
- Advising numerous companies in public and private mergers and acquisitions in the assessment of global privacy and data security risks and deal structuring.
- Drafting and revising vendor contracts for a national retailer, with particular attention to vendor contract due diligence, ongoing assessments, audits and testing, insurance requirements, security requirements and procedures and indemnification.
- Representing bank and credit union trade groups in legal actions following a breach of the personal information of several million South Carolina taxpayers by the South Carolina Department of Revenue.