Privacy and Data Security

Our privacy and data security practice addresses the administrative, regulatory and litigation concerns of business in the face of mounting threats and increasing state and federal regulation in the areas of data privacy, data breach and security.


Our privacy and data security practice focuses on prevention and risk counseling, data breach preparation, investigation and response, regulatory compliance, privacy and data security policies and training, and related litigation and dispute resolution. Should a data breach, government investigation or litigation occur, our attorneys are prepared to work with clients to navigate the complex regulatory landscape of today’s digital environment.

We regularly work with clients doing business online. Whether the need is negotiating the purchase of a domain name, sending or responding to a cease and desist demand involving use of a trademark, representing a client in connection with an action under the Anticybersquatting Consumer Protection Act (ACPA) or Uniform Doman Name Dispute Resolution Policy (UDRP), or sending or responding to a take-down notice under the Digital Millennium Copyright Act, our team will provide a valuable, cost-effective solution. The attorneys in this group work closely with clients facing the uncertainties created by the rapidly evolving law of the Internet, such as privacy, contracting, and protection and use of trademarks, copyrights and other intellectual property online. We routinely prepare online license, use, and service agreements, privacy policies, terms of use, and other agreements. We can also assist clients engaged in the business of online marketing and advertising, such as holding online sweepstakes and contests.

We work for you.

In the constantly changing digital landscape, put our experienced attorneys to work on behalf of your evolving business.

We provide counsel and representation in the following areas:

  • Anti-cybersquatting, domain name strategies and trademark issues (ACPA, UDRP, URS)
  • Data and security breaches
  • Document retention requirements, information sharing and information disclosure
  • Health care regulations and reporting, including the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA)
  • Management and employee training regarding data security and privacy requirements and development of applicable policies and procedures
  • Internal investigations, permissible monitoring of employees, and background checks
  • Government investigations (preparation and response)
  • Litigation related to privacy and data security incidents or breaches
  • Online copyright and ISP safe harbors under the Digital Millennium Copyright Act (DMCA)
  • Contract negotiation involving data security and privacy matters
  • Online speech and conduct (CDA and ISP terms of use) and social media issues
  • Privacy statutes, rules and regulations, including the Americans with Disabilities Act Amendments Act (ADAAA), California Online Privacy Protection Act, CAN-SPAM Act, Children’s Online Privacy Protection Act (COPPA), Fair and Accurate Credit Transactions Act (FACTA), Fair Credit Reporting Act (FCRA), Federal Identity Theft Assumption and Deterrence Act (ITADA), Genetic Information Nondiscrimination Act (GINA), Electronic Communication and Privacy Act (ECPA), Payment Card Industry Data Security Standards (PCI DSS and PA-DSS) and Telephone Consumer Protection Act (TCPA)
  • Privacy and security provisions for cloud, data center and network infrastructure provider agreements, including the Stored Communications Act (SCA) and the Wiretap and Stored Communications Acts
  • Website hosting agreements, terms and conditions of use and privacy policies, as well as clickwrap and browsewrap license agreements