Cybersecurity & Data Privacy

Related Professionals

Overview

…expert cybersecurity and data privacy practice group that tackles its demanding clients’ security and privacy issues. - Global Data Review 100, 2022

Our Cybersecurity & Data Privacy Practice Group focuses on the evolving business, technological and legal issues relating to the security and privacy of networks and data. We represent clients in investigations, crisis response to data breach incidents, litigation, government relations, counseling and transactions. Our multidisciplinary team of lawyers across the United States, Europe and Asia deploys extensive experience on matters including application of:

  • the EU General Data Protection Regulation (GDPR);
  • the California Consumer Privacy Act (CCPA);
  • China’s Cybersecurity Law;
  • the Health Insurance Portability and Accountability Act (HIPAA);
  • the Illinois Biometric Information Privacy Act (BIPA);
  • the Telephone Consumer Protection Act (TCPA);
  • U.S. and international data breach notification laws;
  • the Children’s Online Privacy Protection Act (COPPA); and
  • other statutes applicable to evolving issues in cybersecurity and data privacy.

We have represented clients across a wide range of industries, including retail, life sciences, financial services, software, media and hospitality in all types of matters related to data security and privacy. Representations include:

  • Acting as trial counsel in consumer class actions concerning data security breaches and misuses of personal information, including alleged unfair or deceptive trade practices that result in loss of personal information;
  • Advising private equity sponsors and other buyers on transactions in which data security incidents have the potential to impact a company’s sale; and
  • Advising companies, their officers and Boards on cyberattacks and working with them on crisis response and internal investigations, including directing outside accounting and forensics experts.

Furthermore, we draw on the deep government service experience of many of our partners, including a former U.S. Attorney General and former U.S. Deputy Attorney General, a former White House Counsel and former Deputy White House Counsel, and multiple former senior DOJ, SEC, and FTC officials. This allows us to more ably advise clients on congressional hearings, FTC investigations and inquiries by state attorneys general.

Experience

Our Cybersecurity & Data Privacy Practice Group counsels clients regarding the increasing web of global legal and compliance developments relating to data security and privacy laws, industry standards, and “voluntary” government guidelines. Our lawyers counsel clients in a variety of business settings, including government requests for data, spyware, spam, reasonable safeguards, and product and service design (i.e., “privacy-by-design”). In collaboration with attorneys from our Advertising, Marketing & Promotions Practice Group, we advise clients on marketing and advertising practices, social networking, and consumer profiling.

Our counseling experience includes industry-specific laws and requirements (such as the Gramm-Leach-Bliley (GLB) Act, HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Payment Card Industry Data Security Standard (PCI DSS)), the EU Data Protection Directive and the related EU - U.S. Privacy Shield, and governmental guidelines like the FTC Behavioral Advertising Guidelines. Our team also counsels clients on the obligations created under the EU General Data Protection Regulation (GDPR).
Our team works closely with clients to lead forensic and incident response teams in security breach matters. With a deep understanding of federal and state breach laws and practical experience, we assist clients with internal investigations, public disclosures (including public company disclosure obligations under U.S. securities law and CF Disclosure Guidance: Topic No. 2: Cybersecurity), law enforcement disclosure and coordination, and pre-litigation strategies.

In addition, our Cybersecurity & Data Privacy attorneys work with Kirkland’s unique Crisis Response Practice Group to help clients prepare for and manage legal crisis situations. We also work closely with a network of third-party specialists to provide necessary technical and operational support.
Our litigation experience encompasses both plaintiff and defense work. On the defense side, we have represented clients in matters ranging from private class action suits to federal and state enforcement actions. On the plaintiff side, we have represented clients seeking recovery for losses in a variety of contexts, including against perpetrators directly, negligent enablers of perpetrators, contractual counter-parties and insurance carriers.

Additionally, incidences of digital trade secret theft are on the rise, and our attorneys continue to draw on the formidable depth of the Intellectual Property and Commercial Litigation practices to litigate a wide range of trade secret matters, including misappropriations by company insiders and by competitors.

Our group includes members from Kirkland's Transactional Practice Group, who represent clients in deals where data is a significant aspect and are familiar with the important data issues that can emerge in a variety of deal contexts, including mergers, acquisitions, divestitures, restructurings, joint ventures, strategic alliances, outsourcing, licenses and other commercial agreements.

Some deals are built entirely on the value of data being collected or shared. Data is a strategic asset for any company and commitments relating to the use, sharing or acquisition of data can have long-term impact on a company's business. Our group has extensive experience navigating clients through issues that can arise relating to ownership, usage, restrictions (including with respect to selling customer lists), obligations (including with respect to securing data and handling breaches), risk allocation (representations, warranties and indemnities) and liability schema (including limitations on remedies and damages).

Practices