Privacy and Data Security

Organizations of all sizes and across all industries encounter extraordinary challenges in managing the security of their data — from personally identifiable information, trade secrets, intellectual property, and other confidential information. This critical data must be securely managed in compliance with constantly evolving laws and regulations and in a manner consistent with a company’s best practices. In a dynamic legal landscape, businesses need a legal team that can help mitigate risks and respond to the unexpected.

Taft’s Privacy and Data Security attorneys draw on experience that spans industries, practice areas and jurisdictions. Our attorneys keep at the forefront of up-and-coming state and federal privacy laws concerning the collection of personal/sensitive data. We help clients not only comply with the law, but also seize opportunities to capitalize on the power in their information to grow and better serve their purposes.

Taft attorneys have experience in a wide range of state, federal, and international regulations and industry best practices, including:

  • Healthcare: HIPAA, HITECH
  • Finance: GLBA, FACTA, FCRA
  • Marketing and Communications: TCPA, TSR and CAN-SPAM
  • International: EU GDPR, PIPEDA
  • Technology: COPPA, CFAA, Stored Communications Act
  • Information Security: NIST, ISO and PCI-DSS

Taft proactively helps its business clients assess their compliance conformance. We identify areas in need of improvement and/or immediate attention, and help our clients implement measures to address and correct them. And when challenges arise, Taft stands ready to assist clients in conducting a timely and methodical response.

The Privacy and Data Security practice serves clients by:

  • Conducting data governance risk assessments, including privacy impact assessments.
  • Developing administrative safeguards, including policies, procedures and contracts.
  • Assessing, implementing and maintaining privacy and data security programs.
  • Conducting awareness training.
  • Defending and prosecuting privacy and data security claims.
  • Responding to regulatory and criminal investigations.
  • Managing incident response and data breach notification.
  • Negotiating cyber insurance coverage and pursing cyber insurance claims.
  • Resolving transactional disputes.
  • Advising clients concerning the Internet of Things (“IoT”).

The world is so immersed in technology that activities in cyberspace have become inseparable from the everyday operations of business, education, government and the military. Taft’s Privacy and Data Security practice is comprised of an exceptional team of attorneys with experience in multiple legal disciplines (litigation, government contracts, energy, banking and financial services, technology, intellectual property, labor and employment, and health care) who are prepared to address these concerns. Attorneys counsel clients regarding their data collection, retention, sharing, and security practices.

Many attorneys in our Privacy and Data Security practice have earned prestigious Certified Information Privacy Professional (“CIPP”) Certifications, the preeminent credential in the field, in several important classifications. These certifications ensure that attorneys have knowledge regarding essential privacy concepts and principals and the jurisdictional laws, regulations and enforcement models for handling and transferring data.

Related Practices

Related Industries

Privacy and Data Security Resources