- areas of expertise
- Advertising Technology
- Advertising, Marketing & Public Relations
- Art Law
- Artificial Intelligence
- Blockchain Technology
- Branded Entertainment
- Cannabis Industry
- Celebrity Branding
- Charitable Organizations
- Content Review & Clearance
- Corporate & Finance
- Cross-Border Transactions & Global Media Clearance
- Data Strategy, Privacy & Security
- Employment Compliance, Training & Litigation
- Entertainment
- Estate Planning & Administration
- Executive Compensation & Employment
- Fashion
- Hospitality Law
- Intellectual Property
- Interactive Entertainment
- IP Finance
- Legal Ethics & Professional Responsibility Litigation
- Litigation
- Publishing
- Real Estate
- Social Media
- Sports
- Tax
- Technology & Digital Media
- Trademark & Brand Management
- White Collar Defense & Investigations
Attorneys in Our Data Strategy, Privacy & Security Group
Our globally recognized Data Strategy, Privacy & Security Group represents clients in all types of matters involving data, including monetization, governance, compliance, negotiation, due diligence, training, public policy, incident response, regulatory enforcement, and litigation. For our latest insights, please read the Firm’s Technology Law Updates blog.
Our Clients
We represent companies across industries, including technology, advertising, gaming, media, financial services, insurance, healthcare, retail, consumer products, real estate, hospitality, sports, and education.
Our Services
Data Strategy
- We help companies develop strategy for their data use, including relating to:
- - Data monetization
- - Data governance
- - New products and features
- - Training data sets and models
- - Board and executive leadership
Privacy, Security & Platform Compliance
- We help companies comply with US federal and state data protection requirements, including:
- - Comprehensive state privacy laws (including the CPRA)
- - Consumer protection laws (including the FTC Act)
- - Security laws (including the FTC Safeguards Rule, NY Shield Act, NY DFS Cybersecurity Regulation, SEC Public Company Cybersecurity Rule, Forthcoming SEC Investment Adviser and Broker-Dealer Cybersecurity Rules, and Forthcoming CPRA Cybersecurity Regulations)
- - Laws governing:
- - AI, automated-decision making, machine learning, and profiling (see our Artificial Intelligence page)
- - Targeted advertising (see our Advertising Technology page)
- - Children and minors (including COPPA and Age-Appropriate Design Codes)
- - Financial data (including FCRA, GLBA, and FFIEC)
- - Health data (including HIPAA and the Washington My Health My Data Act)
- - Biometric data and facial recognition/detection (including BIPA)
- - Precise location data
- - Student data (including FERPA and SOPIPA)
- - Emails and texts (including CAN-SPAM and TCPA)
- - HR and employment data
- - Cross-border transfers
- - Industry requirements
- - PCI Compliance
- - Ad tech (including IAB, DAA, and NAI)
- - Cybersecurity standards and frameworks (including 800-53, ISO 27000/27002, SOC2, and NIST CSF)
- - Platform requirements (including iOS, Android, and Chrome)
Negotiation
- We help companies draft, revise, and negotiate agreements involving data, including:
- - AI enterprise agreements
- - SaaS agreements
- - Data processing agreements
- - Data licensing agreements
- - Data matching agreements (including clean room agreements)
Due Diligence & Assessments
We help companies conduct due diligence and perform impact assessments and audits, including for high-risk processing activities, when evaluating vendors or customers, or in connection with M&A deals, IPOs, and SEC cybersecurity and privacy disclosures.
Training
We help companies conduct training, including boardroom and executive leadership training, tabletop exercises, and annual trainings required by law.
Public Policy
We help companies with public policy matters, including drafting written comments and providing input on developing laws, regulations, standards, guidelines, and self-regulatory principles.
Incident Response
We help companies with security incident response, including incident response and disaster-recovery plans, investigations, remediation, insurance coverage and claims, reporting and notification, and post-breach penalties and audits. As part of this process, we work closely with business teams, law enforcement, forensic experts, and vendors.
-
Regulatory Enforcement
We are familiar with the latest regulatory expectations and enforcement. We help companies respond to inquiries from regulators relating to data use, including letters of alleged noncompliance. We have represented companies in regulatory enforcement actions brought by the FTC and State Attorneys General, including through investigation, due diligence, response, and settlement.
-
Litigation
- Our litigation team represents companies in disputes involving data. We have defended companies against class actions and mass arbitrations involving alleged violations of wiretapping laws, COPPA, VPPA, TCPA, and other data-related claims.
