Members of our data privacy and security team include more than 30 interdisciplinary lawyers on the front lines of this rapidly evolving area of the law. We provide proactive counseling designed to protect the integrity of our clients’ systems, investigative and remediation services that may be required after a breach, and guidance to assist our clients as they develop new relationships and sources of revenue. Whatever the context, the team possesses the experience and professional networks necessary to address all our clients’ global needs in the area of data privacy and security.
Data Privacy Team Overview
Our team includes experienced intellectual property counsel, class action litigators and technology industry professionals to assist clients with transactional matters as well as instances where an alleged breach has led to litigation. Through McGuireWoods Consulting, we also offer lobbying services to ensure that our clients have a voice in shaping precedent-setting and far-reaching legislation. Our goal is to provide a comprehensive solution for our clients by working not only with their lawyers, but also with IT staff, human resources professionals and product specialists. This approach permits us to deliver integrated services that promote information-sharing within the organization and account for the interests of all stakeholders.
Team members regularly advise clients dealing with cybercrime and inadvertent breaches. Further, as new and multiple uses for technology emerge, we help clients respond to unforeseen consequences that require immediate action. As such, team members have become globally recognized legal resources in this practice area, with many clients hailing from diverse industries, including education, energy, financial services, healthcare, insurance and retail, among others.
International Practice
Because global commerce recognizes no boundaries, the team’s Data Privacy and Security clients rely heavily on our deep international experience. Our team’s international practice helps clients secure their data globally, and navigate through U.S. (federal and state), Canadian, European, Middle Eastern and Asian data security and privacy laws. Team attorneys collectively speak 13 languages and respond to matters relating to international cloud computing, data transfer and international e-discovery matters.
Incident Response
In the event of a breach or other security matter, it is essential to be able to mobilize a broad-based response that includes resources outside of the client and our firm. Our data privacy and security team, which includes several former federal prosecutors, draws upon the resources of a large, external support network composed of qualified computer forensic examiners and law enforcement agents around the world. Among these resources are high-level technical subject matter experts and liaisons with the FBI, U.S. Secret Service, Postal Inspectors, New Scotland Yard and the big four international accounting firms. This network is further expanded through active memberships in InfraGard (FBI) and the Federal Electronic Crimes Task Force (U.S. Secret Service).
Director and Officer Protection
Our team is keenly aware of the dangers that security breaches pose to an organization as a whole, as well as the exposure of directors and officers in the event of such breaches. Therefore, a fundamental part of our practice is regularly counseling directors and executive officers on what they do and don't need to know, what the risks are of not knowing, and procedures and tips for how to stay educated and abreast of regulatory and hostile technology developments within and outside of their organizations. Whatever the risk profile of the company, we help ensure that the individual directors and officers are taking appropriate measures to faithfully fulfill their fiduciary duties, thereby protecting themselves as well as the companies they represent.
Areas of Experience
- Comprehensive Information Governance program development
- Data breach compliance, response and remediation, including media relations
- Proactive data protection audits
- Cross-border data transfer compliance, including the EU/U.S. Privacy Shield
- M&A/private equity counseling
- Vendor contract development and negotiation
- Privacy policy management
- HIPAA and state health records laws
- Cyber insurance counseling
- Legislative tracking, analysis and lobbying (in partnership with McGuireWoods Consulting)
- Forensics and technical systems planning (in partnership with forensic consultants)
- Cybersecurity crisis management
Included in team member credentials are:
- Chair of the firm’s transactional Intellectual Property practice. Her experience includes auditing and evaluating client data security policies, drafting website privacy policies, negotiating cloud computing agreements from both the vendor and customer perspectives, and providing support in the aftermath of a data breach, including compliance with breach-notification laws.
- Two Brussels-based partners are members of the European Privacy Association (EPA), a pan-European network of privacy, data protection and security experts, which works closely with the EU institutions. These partners both have experience in all privacy-related issues involving national data protection authorities and EU institutions, as well as broad experience in regulatory issues such as cloud computing, data transfers, coordination with foreign discovery or antibribery teams, interactions with intellectual property rights, re-use of public sector information, employee monitoring, and privacy audits.
- A London-based partner with extensive experience in European regulatory issues, including data protection and security; cross-border data transfer; privacy; encryption; export controls; technology and EU public procurement regulations. One recent focus has been on technology transfer and regulation in the banking and financial markets sectors.
- Chair of the firm’s Supply Chain practice, an experienced data privacy and security lawyer, who routinely counsels clients on protective measures to employ in the construction of policies and critical contracts in order to prevent security breaches, investigations, lawsuits and similar harmful events. He focuses on a variety of matters, including data storage, cloud computing and social-media risks and has particular knowledge of the Payment Card Industry Data Security Standards.
- Fifteen members who hold either the CIPP/U.S. or CIPP/E certification as Certified Information Privacy Professionals from the International Association of Privacy Professionals (IAPP).