News
Privacy, Security, and Artificial Intelligence
Privacy, Security, and Artificial Intelligence
Organizations of all sizes and across all industries encounter extraordinary challenges in managing their data — from personally identifiable information, trade secrets, intellectual property, and other confidential information. This critical data must be securely managed in compliance with constantly evolving laws and regulations and in a manner consistent with a company’s best practices. In a dynamic legal landscape, businesses need a legal team that can help mitigate risks and respond to the unexpected. However, businesses must also have strategic counsel on how to leverage such data more effectively in growing their business, creating value for their customers, and further distinguishing themselves from the competition.
Taft’s Privacy, Security, and Artificial Intelligence Practice attorneys draw on experience that spans industries, practice areas, and jurisdictions. Our attorneys keep at the forefront of up-and-coming state, federal, and international privacy laws and regulations concerning the collection of personal/sensitive data. We advise clients on data privacy and cybersecurity issues, data security breaches, mergers and acquisitions, joint ventures, marketing programs, consumer protection, outsourcing, compliance and regulatory matters, information management, and information sharing. We help clients plan and ensure the necessary safeguards are in place.
Our team is also focused on assisting clients of all sizes on the responsible development, deployment, and governance of artificial intelligence (AI) systems, including compliance with emerging state, federal, and international AI regulations. As with all aspects of our business counseling, we bring a risk-based approach to helping clients both capitalize on the power of AI, while properly managing and balancing the very real risks associated with this powerful technology.
Taft attorneys have experience in a wide range of state, federal, and international regulations and industry best practices, including:
- Artificial Intelligence: EU AI Act; State laws regulating AI.
- Healthcare: HIPAA/HITECH; State consumer health protection laws.
- Consumer Privacy: CCPA and other state laws.
- Finance: GLBA, FACTA, FCRA, FTC Safeguards Rule.
- Marketing and Communications: TCPA, TSR, FTC, and CAN-SPAM.
- International: EU GDPR, UK GDPR and Data Protection Act, PIPEDA.
- Technology: COPPA, CFAA, Stored Communications Act.
- Information Security: NIST, ISO and PCI-DSS.
Taft proactively helps its business clients assess their compliance conformance. We identify areas in need of improvement and/or immediate attention, and help our clients implement measures to address and correct them. And when challenges arise, Taft stands ready to assist clients in conducting a timely and methodical response.
Our attorneys serve our clients by:
- Conducting data governance risk assessments, including privacy and AI impact assessments.
- Developing administrative safeguards, including policies, procedures, and contracts.
- Assessing, implementing, and maintaining governance programs for privacy, security and artificial intelligence
- Conducting awareness training.
- Defending and prosecuting privacy and data security claims.
- Responding to regulatory and criminal investigations.
- Managing incident readiness/response and data breach notification.
- Developing business continuity and disaster recovery plans.
- Negotiating cyber insurance coverage and pursuing cyber insurance claims.
- Resolving transactional disputes involving technology and data ownership claims.
- Advising clients concerning the Internet of Things (“IoT”).
- Counsel clients on compliance with evolving laws and rules.
The world is so immersed in technology that activities in cyberspace have become inseparable from the everyday operations of business, education, government, and the military. Taft’s Privacy and Data Security practice is an exceptional team of attorneys with experience in multiple legal disciplines, including litigation, government contracts, energy, banking and financial services, technology, intellectual property, labor and employment, and health care who are prepared to address these concerns. Our attorneys counsel clients regarding their data collection, retention, sharing, and security practices.
Many attorneys in our practice group have earned prestigious Certified Information Privacy Professional (CIPP) Certifications, the preeminent credential in the field, in several important classifications. These certifications ensure that attorneys have knowledge regarding essential privacy concepts and principles and the jurisdictional laws, regulations, and enforcement models for handling and transferring data.
Our attorneys also contribute to the Taft Privacy & Data Security Insights blog and share daily tips and content via LinkedIn.
Related Practices
Related Industries
Notable Matters
- Advise hospitals and physician groups with respect to security audits.
- Advise technology companies on leveraging AI internally and with products and services
- Representing and defending against claims under the California Information Privacy Act
- Assisting clients as data brokers, including registration with state authorities
- Prepare HIPAA/HITECH privacy and security policies and procedures for health care providers and for business associates.
- Provide HIPAA/HITECH training for health care providers and for business associates.
- Act as outside counsel to a large academic medical practice providing guidance on HIPAA and HITECH matters, including advising on potential breaches and drafting notice of violations.
- Draft privacy policies and terms of use for websites and applications.
- Draft and review agreements involving the access, use, and disclosure of personal information to address data privacy and data breach concerns.
- Conducted a HIPAA risk assessment and risk analysis for a large U.S. health care corporation with nationwide operations.
- Represented a large health care provider in a multistate data breach, including coordination with the Office of Civil Rights (HHS) and states attorneys general.
- Represented a large physician group practice in connection with a data breach HIPAA/HITECH analysis (breach originating with the vendor) and investigation, patient notification, and HHS OCR notification.
- Represented a hospital in connection with a data breach analysis and investigation, HIPAA/HITECH analysis, and advice.
- Successfully represented an industry-leading company against a former employee who had electronically transferred trade secrets and other company confidential information before leaving to join a competitor.
- Successfully defended a company accused of misappropriating trade secrets.
- Drafted policies and provided training to numerous companies related to the human resources aspect of privacy and data security, including bring your own device policies.
- Drafted policies and provided training to companies relative to implementing reasonable precautions to protect trade secrets and other nonpublic, business-sensitive information.
- Assisted educational institutions when student information may have been improperly disclosed.
News
Zach Heck Talks Legal Risks on The Economic Pulse Podcast News
The Big Long List of U.S. AI Laws News
Taft Attorneys Participate in University of Dayton Government Contracts Symposium Law Bulletins
Are you CMMC Ready? DFARS Phase I Enforcement Begins November 10, 2025 Law Bulletins
Children’s Privacy Law Update: New Laws Regulate How Companies Interact with Children’s Data News
Taft Hosts Panel at NVSBC Breakfast in Dayton
Past Events
All Privacy, Security, and Artificial Intelligence Professionals
Show me:
