Cybersecurity & Data Privacy
Related ProfessionalsOverview
…expert cybersecurity and data privacy practice group that tackles its demanding clients’ security and privacy issues. - Global Data Review 100, 2022
Our Cybersecurity & Data Privacy Practice Group focuses on the evolving business, technological and legal issues relating to the security and privacy of networks and data. We represent clients in investigations, crisis response to data breach incidents, litigation, government relations, counseling and transactions. Our multidisciplinary team of lawyers across the United States, Europe and Asia deploys extensive experience on matters including application of:
- the EU General Data Protection Regulation (GDPR);
- the California Consumer Privacy Act (CCPA);
- China’s Cybersecurity Law;
- the Health Insurance Portability and Accountability Act (HIPAA);
- the Illinois Biometric Information Privacy Act (BIPA);
- the Telephone Consumer Protection Act (TCPA);
- U.S. and international data breach notification laws;
- the Children’s Online Privacy Protection Act (COPPA); and
- other statutes applicable to evolving issues in cybersecurity and data privacy.
We have represented clients across a wide range of industries, including retail, life sciences, financial services, software, media and hospitality in all types of matters related to data security and privacy. Representations include:
- Acting as trial counsel in consumer class actions concerning data security breaches and misuses of personal information, including alleged unfair or deceptive trade practices that result in loss of personal information;
- Advising private equity sponsors and other buyers on transactions in which data security incidents have the potential to impact a company’s sale; and
- Advising companies, their officers and Boards on cyberattacks and working with them on crisis response and internal investigations, including directing outside accounting and forensics experts.
Furthermore, we draw on the deep government service experience of many of our partners, including a former U.S. Attorney General and former U.S. Deputy Attorney General, a former White House Counsel and former Deputy White House Counsel, and multiple former senior DOJ, SEC, and FTC officials. This allows us to more ably advise clients on congressional hearings, FTC investigations and inquiries by state attorneys general.
Experience
Counseling
Our counseling experience includes industry-specific laws and requirements (such as the Gramm-Leach-Bliley (GLB) Act, HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Payment Card Industry Data Security Standard (PCI DSS)), the EU Data Protection Directive and the related EU - U.S. Privacy Shield, and governmental guidelines like the FTC Behavioral Advertising Guidelines. Our team also counsels clients on the obligations created under the EU General Data Protection Regulation (GDPR).
Incident Response & Investigations
In addition, our Cybersecurity & Data Privacy attorneys work with Kirkland’s unique Crisis Response Practice Group to help clients prepare for and manage legal crisis situations. We also work closely with a network of third-party specialists to provide necessary technical and operational support.
Litigation & Government Relations
Additionally, incidences of digital trade secret theft are on the rise, and our attorneys continue to draw on the formidable depth of the Intellectual Property and Commercial Litigation practices to litigate a wide range of trade secret matters, including misappropriations by company insiders and by competitors.
Transactions
Our group includes members from Kirkland's Transactional Practice Group, who represent clients in deals where data is a significant aspect and are familiar with the important data issues that can emerge in a variety of deal contexts, including mergers, acquisitions, divestitures, restructurings, joint ventures, strategic alliances, outsourcing, licenses and other commercial agreements.
Some deals are built entirely on the value of data being collected or shared. Data is a strategic asset for any company and commitments relating to the use, sharing or acquisition of data can have long-term impact on a company's business. Our group has extensive experience navigating clients through issues that can arise relating to ownership, usage, restrictions (including with respect to selling customer lists), obligations (including with respect to securing data and handling breaches), risk allocation (representations, warranties and indemnities) and liability schema (including limitations on remedies and damages).