At Koley Jessen, our Data Privacy & Security team stays ahead of the rapidly evolving legal landscape regarding privacy and cybersecurity to better serve our clients. We provide comprehensive assistance through every step of the data life cycle by providing a broad range of data privacy and security services, including compliance counseling, transactional work, incident response, and data privacy and security litigation.
We help clients navigate and comply with data privacy and security laws, including the California Consumer Privacy Act of 2018 (“CCPA”) and related CPRA, GDPR, CFAA, PCI/DSS, ECPA, PIPEDA, EFTA, GLBA, HIPAA, HITECH, CAN-SPAM, TCPA, TSR, VPPA, COPPA, FERPA, FCRA, and state data security and privacy laws, including data breach notification laws. We assist in navigating risk concerning session-replay software and related tracking tools. In addition, we assist clients in handling cross-border transfer issues and stay on top of legislative changes that affect our clients.
We partner with clients to develop robust privacy and data security policies, perform employee security trainings to ensure the greatest protection of information, and analyze clients’ existing cybersecurity structure to identify potential gaps in protection. We connect clients with third-party service providers to provide support in building a strong data privacy and security infrastructure.
In addition to providing data privacy and security advice in connection with potential transactions, we provide due diligence support during M&A transactions to evaluate a potential target’s data security and privacy issues.
Privacy in Commercial Contracts
We draft and negotiate data processing and transfer agreements, service provider addendums, comprehensive compliance protocols, security agreements, and counsel clients on the impact of privacy provisions in commercial agreements, including indemnity and liability clauses.
We advise clients facing potential data breaches or other security incidents by providing quick incident response and data breach counseling. We help navigate the legal and reputational implications of a data breach and provide a response roadmap to prevent future security incidents. We facilitate remediation services required to contain, analyze, investigate, and remediate an incident while protecting the confidentiality and integrity of client data.
Data Privacy and Security Litigation
We assist clients in identifying and evaluating potential claims or privacy obligation violations and resolving contract disputes pertaining to data privacy and security. We work closely with clients to achieve favorable resolutions that align with their objectives and the unique circumstances of their cases, which may include negotiating favorable settlements, obtaining dismissals, defeating class certification motions, or litigating cases from trial to appeal. Our representation extends to class actions, complex civil litigation, and government and internal investigations. Throughout the litigation process, we provide strategic counsel and leverage our expertise in data privacy and security, navigating the complexities to achieve preferable outcomes while mitigating potential risks.
- Updated and revised security policies for national university
- Assisted manufacturing client in remediating and responding to potential data breach
- Assisted government contractor in navigating federal requirements surrounding “CUI” (controlled unclassified information)
- Counseled multinational corporation on international data transfers post-“Schrems II” European Union Court of Justice July 2020 decision
News & Publications
- New York Department of Financial Services Strengthens Cybersecurity Regulation Through Recent Amendment11.27.2023
- Executive Order on Artificial Intelligence Puts Focus on Privacy and Cybersecurity Considerations for AI Development11.09.2023
- California Enacts Law Requiring Data Brokers to Participate in “One-Stop Shop” For Consumers to Request Deletion of Their Data10.23.2023
- Nebraska CPA, March/April 2023
- Potential Update to Federal Communications Commission Data Breach Rule Would Expand Notification Requirements03.24.2023
- As States Attempt to Toughen Biometric Data Restrictions, Companies that Collect and Store Biometric Data Face Risk03.15.2023
- Protecting Against Data Breach Liability: How Service Providers Can Manage the Inherent Risk of Cyber IncidentsThe Nebraska Lawyer, September/October 2022
- OneTrust DataGuidance, 09.01.2020
- Top European Union Court Invalidates EU-U.S. Privacy Shield Framework for Cross-Border Data Transfers07.16.2020
- The Nebraska Lawyer, May/June 2020
- My Vendor Just Suffered a Data Breach. Now What?: Strategies to Safeguard Your Company From Vendor Security IncidentsKJ University, 09.20.2023
- NSBA 2022 Business Law Seminar, 12.02.2022
- KJ University, 09.20.2022
- Women in eDiscovery, 02.23.2021
- PRSA Nebraska, 08.11.2020
- Nebraska State Bar Association, 07.24.2020
- Iowa State Bar Association, 11.30.2018