Advising at the confluence of technology, data, business, law and regulation, Benesch's Data Privacy & Cybersecurity lawyers provide comprehensive counsel on global technology and data-related issues and develop innovative policies, practices and protocols that minimize risk while supporting business growth.
Leveraging & Protecting Data
Our team helps clients protect and leverage data and use it creatively and safely while remaining fully compliant with the many applicable laws and regulations. Our lawyers also navigate clients through the complexities posed by emerging technologies and an ever-evolving landscape of data privacy and cybersecurity requirements.
We advise clients in designing and implementing cost-effective, business-minded solutions to their most complex data-driven legal issues and concerns. With a focus on long-term resilience, our lawyers take the time to understand each client’s technologies, business processes and goals. Then we deliver practical, tailored future-proof strategies and data governance structures to limit their exposure, position them to achieve their full potential and ensure compliance on a global scale. We think strategically and pragmatically, advising clients across a wide range of industries from e-commerce, retail, technology, higher education and hospitality to the highly regulated financial services, insurance, healthcare and pharmaceutical sectors.
Guidance at Every Stage
Our experience spans a wide range of privacy and data protection matters involving data use, collection, retention, sharing and disposal. Our services include:
Regulatory and Compliance
Our attorneys are data privacy regulatory authorities well-versed and experienced in cybersecurity and privacy law matters on a global scale. We have long-established, effective working relationships with officials at key government agencies and ready access to agency decision-makers, which optimizes our ability to effect action. Should a compliance violation or data breach occur, we help clients manage the associated risk and respond swiftly and effectively while striving to end matters confidentially.
We help clients comply with the various U.S. federal, state and local laws, rules and regulations, as well as those of Canada, the EU/EEA and other global jurisdictions, and we offer guidance on proposed laws, rules and regulations. Our experience includes the following:
An Exceptional Team Immersed in Technology and Data Security
Members of our Data Privacy & Cybersecurity Group have been instrumental in creating cybersecurity policies, laws and enforcement programs and served in high-level governmental operational and policy roles in cybercrime, cybersecurity, counterterrorism, counterintelligence, critical infrastructure protection and national security-related matters.
We have decades of experience representing businesses ranging from startups to global consumer companies, B2B brands and major venture capital and private equity funds and their portfolio companies, and we provide risk-based and actionable legal counsel on matters.
Immersed daily in all facets of the technology industry and data security issues, we are an interdisciplinary team composed of Intellectual Property, Healthcare, Labor & Employment and Litigation lawyers. Our group includes former in-house lawyers, PhDs, attorneys who have worked as scientists or engineers, Certified Information Privacy Professionals (CIPP/US) and members of the International Association of Privacy Professionals (IAPP). Recognized as go-to legal thought leaders in the privacy and cybersecurity sector, we are up to speed on data privacy laws and regulations, with an eye on future guidance and emerging issues including technology-related concerns.
Benesch’s IP Group has more than 25 attorneys, patent agents, and paralegals, many of whom are former scientists or engineers. Several of our attorneys are members of the International Association of Privacy Professionals (IAPP) who have achieved CIPP certifications.
We regularly assist a range of clients, from large, publicly traded companies to privately held middle market companies, in their global data security privacy compliance efforts, breach response and mitigation actions, and related issues. We also regularly handle complex transactions involving all manner of U.S. and foreign data privacy compliance.
We are unique in that we are a large general practice law firm with a full data security and privacy compliance and litigation practice. We provide strategic advice and assist our clients to develop strategies to protect, enforce, and commercialize data, IP assets and rights, and, if necessary, litigate data breach and IP disputes across the country.
We do extensive data security compliance work, helping our clients comply with a variety of federal, state, local, and foreign laws, rules, and regulations in the U.S., Canada, and the EU/EEA, including:
We also assist our clients in applying best practices for complying with the vast array of data security and privacy technical standards and guidelines, including PCI-DSS, AICPA SOC 1 and SOC 2, SSAE 16 and SSAE 18, ISO 27001, ITIL, COBIT, and NIST standards, as well as with data classification, breach response, and mitigation, and in creating and implementing applicable policies/procedures.
Service Examples:
Benesch's Healthcare+ Practice
Updates to HIPAA have rippled throughout the healthcare industry to now directly regulate vendors and other service providers to the healthcare industry (“business associates”), along with hospitals, health plans, doctor’s offices, and others within the industry, who must take special care in managing information about patients and their care. One of the most noticeable trends in the industry is the movement to electronic medical records and use of electronic tools to manage care.
Benesch understands the technology and regulations shaping the healthcare landscape. Our team members offer diverse perspectives, specialized knowledge, and experience that provide an insider’s viewpoint and deep understanding to each engagement.
Service Examples:
Benesch's Labor & Employment Practice
Employers face major regulatory challenges from HIPAA, the Fair Credit Reporting Act (FCRA), the Americans with Disabilities Act (ADA), and others. Management of the resulting data is critical, which has put a premium on the increased use of technology for data storage, sharing and security.
In today’s workplaces, it is important to have a partner who helps ensure the proper processes, policies and tools are in place to protect the sensitive information that belongs to your business, your employees, and your customers.
Benesch has experience providing training to privacy officers to maintain compliance with data security regulations, and we work with companies to prevent data loss or to help mitigate a data breach. In addition, the team is able to offer pragmatic advice on how to reduce the risk of employee data theft. An expansion of HIPAA has created compliance needs for companies doing business with entities in the healthcare industry. Additionally, more companies are moving to self-funded health plans, which require data security and compliance on par with what is expected of traditional health insurers.
Service Examples:
Benesch's Data Privacy Defense and Response Team
Our Data Privacy Defense and Response Team combines our vast experience in the litigation of commercial disputes with our experience in data security and privacy law to create a focused litigation defense capability in the data security and privacy area. Our Data Privacy Defense and Response Team is national in nature with the capability of handling complex litigation arising from governmental enforcement actions, private actions, and class actions in courts across the United States under the new and growing body of data security law that is emerging within the United States. Working closely with our IP, Healthcare, and Labor and Employment teams, our Data Privacy Defense and Response Team ensures that clients have sophisticated counsel in connection with disputes that arise in this burgeoning and risk-laden area.
Working together, our team provides insightful counsel and deep experience in how to protect your business.
Assessing Enterprise Risk
Finding areas where your business is at risk is the first step to protecting it. We have developed standard methodologies and tools to perform comprehensive gap analyses and assess the risk of noncompliance based on the major U.S. and global cybersecurity and data privacy requirements. We take a holistic approach, working with leading cybersecurity and data privacy technology consultants to assess not only legal risk but also technical risk. We have years of experience reviewing our clients’ risk management plans, including their cybersecurity and data privacy insurance coverages. We also counsel boards of directors, given their increasing role in monitoring and effectively mitigating enterprise cybersecurity and data privacy risk.
Developing and Implementing Compliance Programs
We have extensive experience developing compliance programs related to cybersecurity and data privacy, including the essential element of employee education. We work with security experts to identify security vulnerabilities, and help our clients prepare, adopt, and implement response plans. If a potential privacy or security breach occurs, we routinely assist in assessing the situation and determining the appropriate response.
Managing Breach Response and Defending Cyber Liability Claims
Because rapid response is essential if a cybercrime, network intrusion, or other data incident occurs, our 24/7/365 Data Breach Hotline instantly connects our clients to an experienced attorney on the team. We work closely with other trusted professional service providers to assist them in handling incident response, crisis management, and breach mitigation.
Our IP practice, Data Privacy Defense and Response Team, and white-collar defense and corporate investigations practice work together to both defend and assist our clients to pursue and enforce their rights, working closely with law enforcement agencies as warranted when a cybersecurity or data privacy event occurs.
Incorporating Cybersecurity and Data Privacy into Transactions
Unlike most general practice firms, our data security and privacy practice is fully integrated into our IP and technology transactions practices. As a result, we bring extensive experience in how to incorporate cybersecurity and data privacy into every transaction. Our team works on the most sophisticated, high-value technology and M&A deals and has helped companies in a variety of industries (manufacturing, IT, financial services, medical devices, health services, and more) in connection with their most significant “bet the company” technology transactions. We have prepared and negotiated hundreds of license agreements, and an extensive array of privacy policies and records retention policies across a variety of industries. We have helped clients close over $1 billion in deal value of data-centric M&A deals in the last several years.
Reviewing & Negotiating Third-Party Contracts
We regularly review and negotiate third-party IP vendor and outsourcing contracts to assure adequate protections for confidential and proprietary information. We have handled these matters opposite some of the largest and most well-known third-party vendors in the world, including numerous engagements representing corporate clients in transactions with the leading IP vendor outsourcing vendors, including IBM, SAP, Oracle, Salesforce.com, Accenture, Deloitte Consulting, PwC, KPMG, Tata Consultancy, Wipro, Cognizant, Verizon, Amazon Web Services, Microsoft Azure, and many other national and international vendors. All of these involve complex data-centric transactions, including business process outsourcing (SaaS, IaaS, PaaS), and include comprehensive confidentiality, data security, and privacy provisions for both on-shore and off-shore outsourcing deals.
Advising On Data Localization Requirements and Cybersecurity Best Practices
We actively assist our clients on data localization matters and requirements, particularly within the U.S., Mexico, Central and South America, Europe, and Asia, and in terms of cybersecurity best practices. We regularly provide guidance on best practices and compliance requirements in connection with the collection, storage, and transmission of personal data and cross-border data transmissions.