Data Privacy and Security

At Koley Jessen, our Data Privacy & Security team stays ahead of the rapidly evolving legal landscape regarding privacy and cybersecurity to better serve our clients. We provide comprehensive assistance through every step of the data life cycle by providing a broad range of data privacy and security services, including compliance counseling, transactional work, incident response, and data privacy and security litigation.

Compliance Counseling

We help clients navigate and comply with data privacy and security laws, including the California Consumer Privacy Act of 2018 (“CCPA”) and related CPRA, GDPR, CFAA, PCI/DSS, ECPA, PIPEDA, EFTA, GLBA, HIPAA, HITECH, CAN-SPAM, TCPA, TSR, VPPA, COPPA,  FERPA, FCRA, and state data security and privacy laws, including data breach notification laws. We assist in navigating risk concerning session-replay software and related tracking tools. In addition, we assist clients in handling cross-border transfer issues and stay on top of legislative changes that affect our clients.

We partner with clients to develop robust privacy and data security policies, perform employee security trainings to ensure the greatest protection of information, and analyze clients’ existing cybersecurity structure to identify potential gaps in protection. We connect clients with third-party service providers to provide support in building a strong data privacy and security infrastructure. 

Transactional Work

In addition to providing data privacy and security advice in connection with potential transactions, we provide due diligence support during M&A transactions to evaluate a potential target’s data security and privacy issues.

Privacy in Commercial Contracts

We draft and negotiate data processing and transfer agreements, service provider addendums, comprehensive compliance protocols, security agreements, and counsel clients on the impact of privacy provisions in commercial agreements, including indemnity and liability clauses.

Incident Response

We advise clients facing potential data breaches or other security incidents by providing quick incident response and data breach counseling. We help navigate the legal and reputational implications of a data breach and provide a response roadmap to prevent future security incidents. We facilitate remediation services required to contain, analyze, investigate, and remediate an incident while protecting the confidentiality and integrity of client data. 

Data Privacy and Security Litigation

We assist clients in identifying and evaluating potential claims or privacy obligation violations and resolving contract disputes pertaining to data privacy and security. We work closely with clients to achieve favorable resolutions that align with their objectives and the unique circumstances of their cases, which may include negotiating favorable settlements, obtaining dismissals, defeating class certification motions, or litigating cases from trial to appeal. Our representation extends to class actions, complex civil litigation, and government and internal investigations. Throughout the litigation process, we provide strategic counsel and leverage our expertise in data privacy and security, navigating the complexities to achieve preferable outcomes while mitigating potential risks. 

Representative Matters

• Updated and revised security policies for national university
• Assisted manufacturing client in remediating and responding to potential data breach
• Assisted government contractor in navigating federal requirements surrounding “CUI” (controlled unclassified information)
• Counseled multinational corporation on international data transfers post-“Schrems II” European Union Court of Justice July 2020 decision