The world of protected, sensitive, and commercially valuable data can be a dangerous place. With the ever increasing frequency of data breaches in a variety of industries, many organizations must now look inward and ask tough questions about their own data, policies, and ability to respond when a breach occurs. Our multidisciplinary Privacy and Data Security team counsels our clients concerning the risks, regulatory implications, and potential litigation arising from misuse or improper storage or transmission of protected, sensitive, or commercially valuable data, whether it be Payment Card Information, Protected Health Information, Personally Identifiable Information, or trade secrets. Specifically, we counsel our clients concerning:

  • federal and state data protection and breach notification requirements;
  • compliance and reporting under federal and state securities laws;
  • best practices for preparing for and avoiding a data breach or loss, including privacy and breach notification policies, contracts with security vendors, cyber and data risk insurance, and organizational readiness for a breach;
  • crisis management and remediation in response to a data breach;
  • internal investigations arising out of a data breach, including interaction with law enforcement and regulators;
  • indemnification and insurance claims; and
  • potential litigation and regulatory action.
State Data Breach Notification Laws Map


There are currently 48 different state-level data breach notification laws across the U.S., including one in the District of Columbia, creating a web of regulation that is difficult to traverse. For entities doing business in multiple states, or for entities with customers, employees, or even former employees in multiple states, the variations in these laws, and the conflict between them, can make responding to a data breach in a timely and correct manner a treacherous exercise. Our State Regulations Map contains a summary of each state’s notification laws, providing a baseline comparison between the states of the various requirements your entity could face.


What is Your Security Status?

Every year hackers become bolder and more sophisticated. Entities that once thought they were safe from a cyberattack are now finding that they either have been hacked or are under attack. Our Privacy and Data Security lawyers can help you assess your security status, review your practices and procedures to evaluate and remedy any potential weaknesses, all under the protection of the attorney-client privilege.

Learn more about your cyber risk by clicking here and completing our Legal/Regulatory Risk Inventory Assessment Survey.


Our Experience

Our Privacy and Data Security attorneys have years of in-depth experience in dealing with various federal and state laws and regulations impacting the privacy and security of information, including, but not limited to:

  • Health Insurance Portability and Accountability Act (HIPAA);
  • Health Information Technology for Economic and Clinical Health Act (HITECH);
  • Federal and state data protection and breach notification requirements;
  • Payment Card Information Data Security Standard (PCI-DSS);
  • Family Educational Rights and Privacy Act (FERPA);
  • Gramm-Leach-Bliley (GLB) Act;
  • Fair and Accurate Credit Transactions Act (FACTA);
  • Freedom of Information Act (FOIA);
  • Fair Credit Reporting Act (FCRA);
  • Americans with Disabilities Act (ADA); and
  • Red Flags Rule.

Our Clients

  • Fortune 100 Companies
  • Financial Services Companies
  • Retail Merchants
  • Public & Private Health Care Systems and Hospitals
  • Long Term Care Facilities
  • Physicians and Other Care Providers
  • Public & Private Colleges & Universities
  • Public & Private Companies
  • Information Technology Companies
  • Software Developers & Vendors
  • Not-for-Profit Organizations