Skip to Main Content
Services Talent Knowledge
Site Search
Menu

Data Security & Technology

Our Data Security & Technology Practice Area helps clients navigate the complex legal and business risks associated with data privacy, security, and information technology. Our clients rely on our team to anticipate evolving industry challenges, shape their strategies, and protect them in technology disputes.

Overview

With technology’s omnipresence, companies increasingly confront complex information technology (IT) contracting and data-privacy issues. They also face the increased risk of data breaches, ransomware attacks, insider theft, extortion, and other cyber incidents. That’s why our Data Security & Technology Practice Area offers complete support—contract counseling, drafting and negotiation for IT transactions, legal compliance, due diligence for corporate transactions, incident response, defense to regulatory investigations, and representation in data-security and IT litigation. 

Information Technology Transactions

Helping our clients meet the challenges of the ever-changing fields of technology and commerce, our team handles a wide range of technology contracts and transactions involving products and services related to IT—including software, cloud-based applications, platform services, software-as-a-service (SaaS), data-as-a-service (DaaS), bank and credit union core processing contracts, websites, and mobile apps. We provide strategic counseling; technology-vendor due diligence; and counseling, drafting, and negotiation for agreements tailored to our clients’ objectives. For routine transactions, we use our toolbox of contract templates, which includes customizable terms of use, app license terms, sales terms, privacy policies, acceptable use policies, data security addenda, and service level addenda. Our multidisciplinary team includes intellectual property, financial institution, and health care attorneys to ensure the subject-matter capabilities needed for a customized solution. 

We provide legal advice regarding cyber-risk liabilities, data-protection obligations, and compliance with data-privacy laws, including the Defend Trade Secrets Act (DTSA), California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), Telephone Consumer Protection Act (TCPA), US Health Insurance Portability and Accountability Act (HIPAA), US Family Educational Rights and Privacy Act (FERPA), New York Civil Rights Law, and rights of privacy and publicity. Seamlessly collaborating with our European associates, we also provide advice regarding the European Union’s General Data Protection Regulation (GDPR). 

Data Security and Technology Litigation

When business solutions to data-security and technology issues are unattainable, we turn to the legal system to unlock value and protect our clients’ interests. Our team of data-security and technology trial attorneys litigates disputes involving data protection, confidentiality, technology outsourcing, IT systems, trade secrets, digital assets, cybersecurity, cybercrime, and compliance with data-protection laws. 

Our experience includes defending class actions and insurance-coverage disputes involving violations of privacy laws and other technology issues. We also represent clients as plaintiffs to redress misappropriation of their confidential information and to pursue culpable technology providers and other third parties that harm our clients’ data-security or technology assets. And whenever necessary, we represent our clients in response to subpoenas and governmental requests to ensure their confidential information is protected. 

Legal Compliance With Data Privacy and Security Laws

For any business that collects, stores, transmits, or otherwise relies on data to get the job done, compliance with data privacy and security laws is essential. Our team helps clients comply with ever-evolving federal and state law and avoid problems that can result in significant financial penalties and reputational damage. Our services include identifying and assessing regulatory requirements, providing guidance on best practices and industry standards, and developing and implementing policies, procedures, and training programs. 

Cyber Due Diligence for M&A Transactions and Technology Outsourcing

In technology-based transactions, our team helps clients understand the current state of counterparties’ cybersecurity controls and identify areas that may need improvement. By identifying potential security risks, we help clients negotiate better terms, make informed decisions, and minimize the risk of future disputes.

Executive and Personal Protection

We understand the unique challenges faced by public figures when it comes to protecting their privacy and personal safety. Our team provides tailored legal services to executives, entertainers, and other high-profile individuals when their personal safety or reputations are at stake. We have experience prosecuting claims involving invasions of privacy and harm to reputation, protecting the confidentiality of personal information in civil litigation, and advising on criminal-law remedies for harassment, stalking, and extortion attempts.

Cyber-Incident Response

A strong incident-response plan (IRP) enables a business to prepare for the inevitable cyber incident. Whatever happens—business-email compromise, ransomware attack, or even just a mistake in handling sensitive information—our team of “breach coaches” helps clients investigate, assess, respond, and recover so they can restore normal operations as quickly as possible. We employ a proactive, team approach, using the resources necessary to address the problem, manage risk, and reduce the stress on our clients, their employees, and their customers. 

Regulatory Investigations 

When a cyber incident requires notice to government regulators, an investigation often follows. We leverage knowledge of our client’s business and our experience to manage the investigation, respond to regulators, and negotiate resolutions that protect everyone involved. 
 

Representative Experience
  • Handled a HIPAA privacy breach for a provider involving disclosures to and settlements with the US Department of Health & Human Services Office for Civil Rights (HHS-OCR) and the NYS Attorney General. 

  • Represented a Fortune 500 energy company in drafting, negotiating, and successfully closing a multimillion-dollar asset purchase agreement for the acquisition of a solar-power generation site.

  • Represented a multinational automotive and defense manufacturer, providing counseling and advice with respect to its internal processes and procedures for the processing of personal employee data by its divisions located in various states of the United States.

  • Represented a gaming software manufacturer, preparing a service agreement for hiring freelance developers and handling the revision and negotiation of a product development agreement with a gaming solution provider in the casino industry.

  • Represented an educational organization in revising and negotiating a master services agreement (MSA) and statement of work (SOW) relating to information technology support for a network of over 20 schools.

  • Representing a university in the drafting and negotiation of a wide range of information technology agreements, including the acquisition, implementation, and maintenance of a multicampus unified communications system operable through voice over internet protocol (VoIP).

  • Representing an offshore provider of a teaching and learning platform, handling the review, revision, and counseling for the provider’s SaaS agreements with various universities in the United States.

  • Represented a financial technology company in preparing and implementing an array of contracts between affiliated banks, credit processors, payment processors, cloud hosts, and end-users.

  • Represented a health care consulting company in drafting and negotiating a platform services agreement for procuring a white label instance of an online platform for managing patient risk, capturing governmental reimbursements, and reducing the risk of noncompliance with reimbursement regulations.

  • Represented a software manufacturer in drafting a master license agreement (MLA) and service level agreement (SLA) related to its software as a service (SaaS) for the management of data in energy and exploration businesses within the oil and gas industries.

Knowledge

Alerts

Press Releases

News

Blog Posts

Podcasts

Events

Services

We offer the services listed below on an hourly or flat-fee basis. Please contact us for details.

Policies and Terms for Websites

Written Information Security Program – Polices, Plans, and Reports

Counseling – Cybersecurity, Privacy, Advertising, and Litigation

Technology Agreements, Terms, and Addendums

Laws, Regulations, and Industry Standards

Featured Media

Alerts

EPA Issues Memorandum Reminding States and Tribes of Their Limited Authority Under Section 401 of the Clean Water Act