Privacy & Cybersecurity

The need for privacy and cybersecurity compliance measures has become a paramount consideration as businesses become more digitally driven, data breaches become more publicized, and regulation continues to increase. Company executives, boards of directors, employees, customers, and third-party providers all have data security obligations. Leveraging our industry-specific command of privacy and cybersecurity issues and our experience navigating complex regulatory environments, we customize solutions and policies to meet each client’s business demands and ever-changing technology footprint.

We recognize that companies have a legitimate need to collect, process, and disseminate information—and the resultant data is a valuable asset that companies need to leverage and protect. Our team helps clients achieve their business goals while addressing privacy and cybersecurity concerns in a manner that protects the clients’ brands and reputations and complies with applicable regulations. This arena consists of three main components: compliance management, transactional issues, and data breach response and litigation.

Our compliance management team helps clients proactively develop and implement privacy and cybersecurity processes and policies for their workforces and third parties. The group also conducts compliance reviews and audits, and addresses online and website privacy requirements. The transactional team assists clients with third-party vendor and customer transactions, due diligence, and data collection, acquisition, and use. When breaches, disputes, or litigation is underway or unavoidable, our crisis-tested and trial-ready data breach response and litigation lawyers focus on efficient and practical responses and resolutions. We work to protect our clients before, during, and after a data breach incident.

Morgan Lewis privacy and cybersecurity lawyers advise clients operating in the United States, Europe, South America, and Asia on compliance with privacy and cybersecurity regulations. Regulations in the United States include the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, the Electronic Communications Privacy Act (ECPA), the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, the Children’s Online Privacy Protection Act (COPPA), and the Fair Credit Reporting Act (FCRA). European regulations include the European Commission’s ePrivacy Directive, European Critical Infrastructure Directive, and Data Protection Directive. We also counsel clients on investigations by the Federal Trade Commission (FTC), by the US Department of Health and Human Services’ Office of Civil Rights (OCR), and under the Sarbanes-Oxley Act, as well as e-commerce issues across industries such as retail, financial services, healthcare, pharmaceutical and life sciences, and manufacturing.