Whether arising out of trade secrets, personal data, or other sensitive confidential information, privacy and cybersecurity issues affect every business and require the expertise of seasoned attorneys. And with the proliferation of information technologies and the growth of the Internet, they touch every part of an organization, including operations, customer service, finance, marketing/sales, HR and IT.
Led by Practice Group Chair Peter Guffin, author of the blog Privacy Law Perspectives, Pierce Atwood has assembled a cross-disciplinary team with both legal and industry expertise, combining their knowledge of intellectual property, technology, financial services, healthcare, energy, employment, and litigation with relevant expertise in privacy and data security issues to help clients solve problems and get deals done. Together, they provide clients with practical advice on complex issues such as record retention, breach notification, privacy policies, information safeguarding, e-discovery, regulatory compliance and other privacy and cybersecurity issues.
Areas of Expertise
Cybersecurity & Data Breach Response
In today’s world, information is both a valuable asset and a source of risk. Now more than ever before, sensitive data can escape from nearly every corner of your organization, and the costs to your business can be enormous. Pierce Atwood’s privacy and data security team regularly advises companies on how to handle and secure sensitive data. Whether you are a technology company with valuable trade secrets, a start-up with an innovative approach to using information, or a heavily regulated company responsible for the protection of large amounts of personal information, Pierce Atwood can help you develop the right policies and practices to protect your sensitive data and avoid litigation and regulatory action against your company, and guide you through the consequences of a breach.
Individual privacy is protected by an increasing number of laws and regulations in the U.S. and abroad. Companies seeking to navigate these regimes must contend with complexity and a rapidly changing environment. Pierce Atwood can help you with every step of the data life cycle, including collecting, securing, using, and disclosing your customers' and employees' personal information.
Cyberterrorism is on the rise, with criminals becoming increasingly adept at stealing sensitive commercial or personal information. Businesses that manage critical infrastructure – including health care services organizations, financial services entities, energy utilities, and manufacturers of sensitive equipment and technologies – are particularly at risk. Sensing this, the federal government has increasingly focused its scrutiny on these industries, including recently-issued cybersecurity regulation and proposed legislation.
By combining longstanding expertise in these areas, a deep understanding of the cybersecurity landscape, and connections to the cybersecurity community and Capitol Hill, Pierce Atwood can help you navigate today's landscape, while preparing for the threats and regulations to come.
Incident Response and Breach Notification
Despite a company’s best efforts and planning, sometimes data breaches do occur. When they do, our legal team stands ready to see our clients through the fallout. Whether the situation involves a rogue employee dealing with a single record, a large-scale loss of electronic media while in transit, cross-border unauthorized vendor access, or criminal intrusions by sophisticated hackers, we help our clients navigate the post-breach landscape, from determining whether notice is required to remediation and response, including handling regulatory enforcement and class action litigation.
We have helped clients in a wide variety of industries including retail, hospitality, information management, financial services, and public utilities. Our team of seasoned litigators, working in concert with our expert privacy professionals, provides the right combination of talent to respond swiftly and effectively when a crisis hits.
The cost of a data breach is frequently in the millions of dollars. As the risks of security breaches and other cyber-incidents continue to grow, responsible companies need to manage these risks through insurance and other contractual strategies. However, unlike other types of standardized commercial insurance policies, cyber insurance is a new and developing product, and the scope of coverage and exclusions varies widely from one company’s policy to another’s, frequently unrelated to price. Our experienced attorneys can help you determine whether your company needs cyber insurance and then help you select the best provider and policy for your particular situation. In addition, our team regularly leverages this expertise to help clients secure the right insurance and other protections for your company in technology and licensing transactions. Finally, when crisis strikes, we are ready to step in should disputes over coverage arise.
Data Security in Licensing & Transactional Matters
Transactions that involve the exchange of sensitive business, technological, or personal information raise important privacy and data security issues. Pierce Atwood’s privacy and data security team is closely integrated with our licensing and technology transactions practice to ensure that privacy and cybersecurity considerations are addressed at every stage of a transaction. Importantly, our clients include buyers of technology solutions as well as software licensors and software-as-a-service vendors. With a 360-degree perspective, we know how to find pragmatic solutions to privacy and data security challenges.
Our attorneys combine a practical and business-centric understanding of information technology with a deep knowledge of the complex and multi-layered regulatory landscape. In the early stages of procurement, we assist clients with pre-contract due diligence and review of the counter-party's information security practices. Based on the nature of the transaction and the sensitivity of the information involved, we negotiate appropriate contract terms designed to manage and mitigate information-related risks, including audit rights, information security requirements, data breach response and mitigation obligations, regulatory compliance warranties, indemnification, insurance requirements, and appropriate liability limits and risk allocation provisions.
Clients in the financial services, healthcare, and utility industries rely upon Pierce Atwood’s expertise to stay apprised of and manage regulatory compliance obligations. For example, we regularly help banks and other financial services companies ensure that vendor contracts meet the requirements of applicable laws, regulations and industry standards, including the Gramm-Leach-Bliley Act; state laws; FFIEC, OCC, and Fed guidances; and the PCI Data Security Standard. For companies that do not face such regulatory oversight, we apply industry standards (e.g., ISO 2700 Series, NIST and OMB standards and guidelines) to hold technology vendors to a measurable standard of care with respect to information security practices.
Privacy & Data Security Counseling & Compliance
Privacy and data security compliance is a minefield, requiring businesses to navigate a rapidly changing, overlapping, and sometimes conflicting array of obligations. We regularly help clients navigate this landscape, providing guidance on regulatory compliance and risk management. We have helped clients in a wide variety of industries, including health care, financial services, retail, and manufacturing. The advice we offer is practical, efficient and provides well-rounded and cost-effective solutions.
We work closely with clients on the front end to help prevent data breaches. We have extensive experience helping clients structure contracts with vendors and customers to help prevent compromise of data and systems and ensure third-party compliance with privacy and data security requirements. In the event of a data incident, we work closely with clients to develop the best strategy going forward and counsel and assist clients with breach notification compliance, managing litigation risks and responding to litigation if it arises.
At Pierce Atwood, we take the time to listen to our clients and understand the underlying relevant technologies. We routinely develop end user license agreements, privacy policies and terms and conditions specifically tailored for technologies with nuanced privacy and data security considerations such as mobile apps and websites.
Privacy and data security regulations are complex and often apply to specific types of activities and industries. We have experience counseling clients in the highly-regulated healthcare and financial industries, as well as with regard to specific activities such as marketing and behavioral advertising. We understand the pressures businesses are currently facing and are committed to providing sound legal advice that is both comprehensive and practical.
We also routinely counsel clients on privacy and data issues that arise in the employment context. Maintaining the privacy and security of sensitive information in the workplace has never been more difficult. With the proliferation of smartphones, most employees have the ability to bring cameras and video recordings into the workplace, and disclosure of confidential information is now a click away. We regularly work with clients to develop employee agreements, policies and procedures to help prevent the disclosure or misuse of proprietary and personal information. We also assist employers with a myriad of other employment related privacy issues, including HIPAA privacy and security policies, employee background checks, drug testing, medical examinations, and workplace monitoring. We understand the pressures businesses are currently facing and are committed to providing sound legal advice that is both comprehensive and practical.
Privacy & Data Security Litigation & Regulatory Enforcement
Privacy and data security litigation is a rapidly growing problem for companies that handle personally identifiable information. Consumer protection regulators continue to bring enforcement actions, and the plaintiffs’ bar is constantly innovating in search of large-dollar awards.
Pierce Atwood’s privacy and data security team has the skills and experience necessary to advise businesses on how best to defend claims arising from a data security incident, including alleged data breaches. We routinely help our clients fend off private class action claims, successfully respond to regulatory investigations without formal enforcement action, and pursue indemnification from responsible parties.
Our experience ranges from serving as counsel to two major retailers in a multi-district consumer class action following a hack of the retailers’ electronic payment system to helping a major public utility respond to an FTC investigation concerning a data security incident affecting several million customers. We also represent healthcare, education, and other business clients in investigations initiated by the Office for Civil Rights concerning alleged HIPAA violations. No matter the type of privacy or data security litigation your company faces, Pierce Atwood can help you mitigate your liability, and achieve the best result possible.
More information about Pierce Atwood’s nationally-recognized class action practice.