Jenner & Block

Data Privacy and Cybersecurity

Businesses from around the world—and across all industries— turn to our Data Privacy and Cybersecurity Practice for counseling and litigation services to ensure the privacy and integrity of their sensitive information.  We offer counseling on privacy and data security issues, including data breaches and cybersecurity incidents, perform policy audits related to relevant legislation and develop customized compliance programs.  Our practice integrates the firm’s litigation excellence across multiple industries and agencies, both domestic and international.

Nearly all companies face privacy and information governance issues as a consequence of operating new and legacy databases.  As technology continues to evolve, so too must every business, considering and planning against privacy and cybersecurity risks in the workspace.  Jenner & Block’s Data Privacy and Cybersecurity Practice focuses on practical, end-to-end solutions, assisting companies in using their sensitive data in the most efficient, effective and compliant manner possible.  The Data Privacy and Cybersecurity Practice provides holistic, prophylactic advice as programs and systems are being developed, integrating information governance with low risk privacy and security exposure.  In the unfortunate event of a privacy incident, the lawyers in the Data Privacy and Cybersecurity Practice guide clients through the myriad decision points to minimize the distraction and impact of the incident. 

Our lawyers provide regulatory and compliance advice across the spectrum of privacy laws, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Electronic Communications Privacy Act (ECPA), the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the California Consumer Privacy Act (CCPA), among others.  We also offer in-depth guidance on compliance with laws governing electronic and telephone communications and similar statutes, such as the Wiretap Act, the Pen Register Act, the Foreign Intelligence Surveillance Act (FISA), the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), the Telephone Consumer Protection Act (TCPA) and the Video Privacy Protection Act (VPPA).

Our lawyers regularly conduct audits on existing security policies to look for cybersecurity weaknesses and areas vulnerable to data breaches, and advise on the use and protection of consumer and employee data, as well as the attendant need to collect, protect, store, share or destroy data.  We counsel clients regarding online advertising, marketing and promotions as they relate to privacy considerations, support companies in designing transactions to effectively protect and utilize informational assets and provide counseling services related to industries that are governed by other privacy and consumer protection laws.

The information governance of personal information may be impacted by multiple jurisdictions, including international laws, regulations, and directives.  Our lawyers have extensive experience navigating the nuances of international information governance, in particular providing strategic advice for businesses operating in multiple jurisdictions.  For example, our lawyers have detailed knowledge of the European Union General Data Protection Regulation (GDPR) and have advised companies across numerous industries on compliance with its mandates.  We regularly counsel clients on the cross-border transfer of data from the European Union, including the respective benefits and risks of GDPR, Model Contracts and Binding Corporate Rules.

The firm’s experience with investigations and enforcement proceedings is a vital component of this practice.  Our lawyers conduct internal investigations for clients that want to audit proactively for potential misconduct.  Our experience with many state, federal and international government enforcement agencies enables us to provide sound advice concerning the best course of action if wrongdoing is identified, including potential disclosure to authorities.  We also assist clients in creating and implementing compliance programs designed to avoid such problems.