Jenner & Block

Data Privacy and Cybersecurity

Businesses from around the world—and across all industries— turn to our Data Privacy and Cybersecurity Practice for counseling and litigation services to ensure the privacy and integrity of their sensitive information.  We offer comprehensive counseling on privacy and data security issues, including data breaches and cybersecurity incidents, as well as performing policy audits related to relevant legislation and developing customized compliance programs.  Clients also rely on our multi-disciplinary capabilities for internal investigations, regulatory enforcement actions, and civil litigation.  Our practice, led by the former chief privacy officer of the US Department of Justice, integrates the firm’s litigation excellence across multiple industries and agencies, both domestic and international.

Nearly all companies face privacy and information governance issues as a consequence of operating large legacy and new databases.  As technology continues to evolve, so too must every business, considering and planning against privacy and cybersecurity risks in the workspace.  Jenner & Block’s Data Privacy and Cybersecurity Practice focuses on practical, end-to-end solutions, assisting companies in utilizing their sensitive data in the most efficient, effective, and compliant manner possible.  The Data Privacy and Cybersecurity Practice provides holistic, prophylactic advice as programs and systems are being developed, integrating information governance with low risk privacy and security exposure.  In the unfortunate event of a privacy incident, the lawyers in the Data Privacy and Cybersecurity Practice guide clients through the myriad decision points to minimize the distraction and impact of the incident. 

Our lawyers provide regulatory and compliance advice across the spectrum of privacy laws, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Children’s Online Privacy Protection Act, the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), among others.  We also counsel on the Foreign Intelligence Surveillance Act (FISA), the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), the Telephone Consumer Protection Act (TCPA) and the Video Privacy Protection Act (VPPA). 

Our lawyers regularly conduct audits on existing security policies to look for cybersecurity weaknesses and areas vulnerable to data breaches, and advise on the utilization and protection of consumer and employee data, as well as the attendant need to collect, protect, store, share or destroy data.  We counsel clients regarding online advertising, marketing, and promotions as they relate to privacy considerations, support companies in designing transactions to effectively protect and utilize informational assets, and provide counseling services related to industries that are governed by other privacy and consumer protection laws, such as the Federal Acquisition Regulation and by regulatory authorities, such as the FTC, SEC, FCC, HHS, and DHS.

The information governance of personal information may be impacted by multiple jurisdictions, including international laws, regulations, and directives.  Our lawyers have extensive experience navigating the nuances of international information governance, in particular providing strategic advice for businesses operating in multiple jurisdictions.  For example, our attorneys have detailed knowledge of the European Union Data Protection Directive and national implementation laws and have conducted thorough analyses of the proposed European Union Data Protection Regulation.  We counsel clients regularly on the cross-border transfer of data from the European Union, including the respective benefits and risks of Safe Harbor, Model Contracts, and Binding Corporate Rules.  We have conducted worldwide privacy assessments related to the transfer of employee and customer personal information.

The firm’s experience with investigations and enforcement proceedings is a vital component of this practice.  Our lawyers conduct internal investigations for clients that want to audit proactively for potential misconduct.  Our experience with many state, federal, and international government enforcement agencies enables us to provide sound advice concerning the best course of action if wrongdoing is identified, including potential disclosure to authorities. We also assist clients in creating and implementing compliance programs designed to avoid such problems.