Cybersecurity and Privacy

We provide clients across industries with comprehensive counsel on complex, evolving, and multifaceted issues related to information security and data breach. We blend our skills and experiences as litigators and transactional attorneys with a deep understanding of information security and data breach law to meet and anticipate our clients’ needs.  Carlton Fields' team includes attorneys who have earned the designation of Certified Information Privacy Professional (CIPP/US, CIPP/C, CIPP/E), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT) as well as former federal cybersecurity prosecutors. They are active and hold leadership positions in data privacy and cybersecurity organizations, such as:

  • International Association of Privacy Professionals (IAPP)
  • The Sedona Conference Working Group on Data Security and Privacy Liability
  • DRI - Data Management and Security Committee
  • ABA - Privacy and Computer Crime Committee CLE Working Group
  • ABA - Computer and Software Legislation Committee
  • ABA - Electronic Filing Committee
  • ABA - Internet Relationships and Cloud Computing Committee
  • ABA - Section of Science & Technology Law
  • The International Security Management Association
  • ISACA (Information Systems Audit and Control Association)

Our services include:

Data Breach and Incident Response

  • Help clients prepare for, and respond to, data breaches and the full range of government investigations they may prompt
  • Develop comprehensive incident response plans that address internal and external actions
  • Provide immediate support, via phone and email, for clients that learn of a possible data breach and must act immediately to thwart potential liability

Policy Drafting and Implementation 

  • Draft data privacy and information security policies, procedures, and programs for businesses of all sizes with both domestic and international operations 
  • Update existing client policies to meet evolving business challenges

Federal and State Privacy Laws 

  • Regularly assist clients with their obligations pursuant to laws including, Gramm-Leach-Bliley, the Fair Credit Reporting Act, HIPAA, and HITECH 
  • Help clients navigate state breach notification laws

International Privacy Regulations and Global Policies 

  • Counsel clients on compliance with the Privacy Shield negotiated between U.S. Department of Commerce and European Commission, which streamlines the method for U.S. companies to comply with the European data protection directive 
  • Counsel clients on compliance with the EU General Data Protection Regulation
  • Counsel clients on compliance with International Standards of Organization, the internationally recognized best practices for personal data use, transmission, and storage

Employee Privacy Issues 

  • Advise employers on a wide range of privacy areas, including compliance with federal and state regulations 
  • Counsel clients on compliance with the Fair Credit Reporting Act and analogous state law regarding pre-employment background checks and post-hire investigations

Website and Social Networking Issues 

  • Help ensure client compliance with FTC and other regulations 
  • Assist clients with the wide-ranging issues that arise as a result of social media use and an Internet presence, and help them develop related proactive policies and standards

Key matters

  • Helped clients implement companywide privacy and security policies to ensure protection of sensitive data
  • Helped clients that have experienced data breaches
  • Defended clients being investigated by federal and/or state government agencies after complaints of privacy violations or data breaches (e.g., we help clients that are subject to the federal HIPAA privacy and security regulations respond to investigations by the U.S. Department of Health and Human Services’ Office for Civil Rights.)
  • Assist and represent clients with creation and implementation of Vendor Management Programs, including policies and procedures related to vendor risk assessment, vendor due diligence, vendor supervision, and vendor contract negotiation and management.