Incident Response

Our experience includes:

  • Defending a Las Vegas casino and resort in data breach class action litigation.
  • Counseling public and private companies in responding to spear-phishing attacks resulting in the weaponization of their networks and compromise of personal and other confidential information
  • Representing an online retailer in a malware attack impacting consumers in every state
  • Helping a legal services organization investigate and respond to a ransomware attack
  • Representing a financial services company in a data breach of consumer information resulting in consumer/governmental notifications in 33 states and multiple state attorneys general investigations
  • Advising a multinational technology company in the investigation and response to a cyber incident impacting numerous business customers and their financial services clients
  • Counseling a major university on data breach reporting obligations in connection with the posting of student information on insecure web server
  • Advising organizations in multiple industries on business email compromises involving W-2 spoofing, tax fraud, and fraudulent wire transactions
  • Representing an online retailer in computer fraud and intellectual property theft litigation involving former employee hacking
  • Advising health plans and third-party administrators on incident responses relating to unauthorized access to, acquisition or disclosure of personal health and personally identifiable information
  • Advising an IT services company on cyber incident response and resulting litigation relating to destructive attack on network
  • Representing an online marketing organization in data breach litigation
  • Assisting multiple organizations relating to technology-facilitated extortion, threats, theft, and fraud targeting senior executives, employees, or those connected to them
  • Advising a leading automobile manufacturer in nationwide cyber incident response planning
  • Counseling financial services, employee benefits, legal services, media, manufacturing, technology, nonprofit, and higher education organizations on cybersecurity risk management, regulatory and industry standard compliance, and cyber incident response planning
  • Handling multiple 50-state data breach disclosures
  • Representing clients in multiple U.S. Department of Health and Human Services Office of Civil Rights investigations and penalty assessments of HIPAA data breaches
  • Conducting Payment Card Industry (PCI) compliance investigations as a result of a data breach

Transactional and Regulatory Compliance

  • Counseling dozens of organizations in the life sciences, manufacturing, media, hospitality, medical services, technology, financial services, higher education, and retail industries on GDPR compliance. Services included legal guidance on amending privacy notices, preparing data processing agreements, structuring cross-border transfers, data and process mapping, cookie and email consents, data breach response, data processing impact assessments, legitimate interests analysis, privacy governance, and privacy by design.
  • Advising banks and other financial services companies on compliance with NYDFS cybersecurity regulations
  • Counseling a national bank in the preparation of an enterprise-wide consumer telephone contact policy for both bank-owned and third-party call centers, including a strategy for outbound calls. The policy creation required a full system analysis and assessment of any TCPA compliance gaps.
  • Representing a large broadcasting and telecom provider in the sourcing of hosted services related to its consumer information
  • Reviewing the mobile app of a leading national fashion retailer and provided guidance on its privacy policy and terms of use
  • Advising a multinational technology company on privacy and cybersecurity issues relating to its mobile health apps
  • Drafting financial privacy notices and disclosures on behalf of a leading furniture retailer
  • Counseling a consumer leasing company on GLBA compliance involving its use of consumer information exchanged with its retail store partners
  • Representing a multinational financial services company in its engagement of a third-party provider handling consumer financial information
  • Advising major insurance company on the development of digital safety products for its customers.
  • Assisted a global investment management firm in the privacy and data security aspects of the extension of a $40 million line of credit to a provider of retail installment sale financing to consumers. The representation included conducting privacy and data security diligence, negotiating the deal representation and warranties, and handling post-closing compliance.
  • Assisting a provider of Voice over Internet Protocol telephony platform with sophisticated call analytics in the negotiation of its services agreement and terms and conditions of use
  • Drafting an information security plan for a digital publishing company and advising it on COPPA issues related to its advertising campaigns
  • Assisting clients, including a supplier of aerospace systems and a medical device company, in the formulation and documentation of a cross-border data transfer strategy for employee information and preparation for certification under Privacy Shield
  • Advising a leading professional development membership organization on compliance with EU Data Protection Directive and "Cookie Directive"
  • Drafting and negotiating master services agreements, EU data processing agreements, and information security policies and assisted in preparation for certification under the Privacy Shield for a company providing services for clinical trials conducted worldwide