Practice Areas
{ Banner Image }

Cybersecurity, Data Privacy and Information Governance

Practices Main

Our data security team assists clients with:

  • Privacy and data protection
  • Data breach investigation and response
  • Litigation of data breach actions
  • Regulatory compliance
  • Government enforcement actions
  • Information management
  • Record retention and destruction policies
  • Insurance coverage for cyber risks
  • Employment issues
  • Internet terms of use and privacy policies
  • Information technology transactions
  • Vendor vetting and contracts

Data Breach Prevention and Response

Data privacy and security are among the biggest challenges for businesses today.  It seems like every day we hear about another company that has been a victim of a cyber-attack or a data breach.  Data breaches can lead to costly, unanticipated expenses and business disruptions, as well as regulatory enforcement actions and class-action lawsuits.  Many companies are unprepared to respond properly to such a crisis.

Potter Anderson attorneys counsel companies on preventive best practices for minimizing the likelihood of such attacks and preparing for response and rapid recovery in the event that such attacks occur.  We know data breaches are almost inevitable.  Potter Anderson attorneys believe that responding quickly to a breach can mitigate the harm and help maintain business continuity. Our data privacy team will help you, before and after a breach, so that you can respond to the intrusion promptly and effectively to minimize the potential harm to your clients, customers or patients, as well as to your business and reputation.  Our team offers comprehensive legal advice and strategy regarding proper data breach procedures to comply with a myriad of federal and state laws, regulations and guidelines.  We regularly provide training to our clients and their employees, and we advise our clients on the development of effective compliance plans and other best practice.

Data Breach Litigation

Many companies suffering data breaches or cyber-attacks have been sued by stockholders or individuals whose information has been compromised.  They also may face enforcement actions by governmental agencies such as the FTC or the Office of Civil Rights.  Our litigation team defends companies and their directors who have been sued for breaches of fiduciary duty, breach of contract, trade secret violations or violations of the FTC Act, the Stored Communications Act (SCA), the Computer Fraud and Abuse Act (CFAA), the Health Insurance Portability and Accountability Act (HIPAA) and others.  We closely monitor developing case law in these areas and use such decisions for our clients’ strategic advantage.

Insurance Coverage

Insurance is critical to maximizing your protection against data breaches and other cyber risks.  Our team regularly assists our clients in evaluating insurance policies and programs and obtaining coverage for various types of cyber risks.

Technology and Information Governance Counseling and Litigation

In addition to data privacy and security, Potter Anderson attorneys provide comprehensive representation in other substantive areas of cybersecurity, technology and information governance, including in litigation, corporate governance, vendor contracting and mergers and acquisitions.  We review vendor contracts, insurance policies, privacy policies, business associate agreements, website term of use and other types of contractual relationships to assure that our clients have fulfilled their legal and regulatory obligations and have managed risks appropriately.  Our experience allows us to interface effectively with both the C-Suite and information technology managers at both a strategic and granular level.  We use our deep understanding of relevant technologies to help our clients develop and implement privacy and information security policies that reflect the needs of their business, and to implement and enforce those policies.

Representative Matters

  • Counseled clients on data privacy and security and data breach prevention and response, including developing data privacy and security policies.
  • Assisted clients in responding to data breaches, including identifying trusted experts, preserving evidence, advising on compliance with notice and reporting obligations and drafting notice letters.
  • Negotiated a major CRM software development agreement on behalf of a governmental entity, providing for the use of hybrid-Agile software development methodology.
  • Provided counsel on the information technology aspects of acquisitions and divestitures, including the divestiture of a multi-billion dollar business.  Advised on the outsourcing of corporate information technology services, including one of the largest outsourcing transactions at that time.
  • Represented both technology providers and recipients in the negotiation of agreements for cloud computing services, software licensing and development, web access, domain name transfer, conversion services, computer system sales and integration, consulting services, and confidentiality.
  • Represented an international software services company regarding its electronic commerce transactions and a joint venture to promote the online sale of software to end users.
  • Negotiated online supply agreements with customers of an international personal care products company.
  • Counseled clients on the establishment of e-commerce web sites and the publication of online catalogs.
  • Prosecuted or defended litigation relating to software licensing and development agreements.