Overview
Robinson Bradshaw's Cybersecurity & Privacy Practice Group brings together a multidisciplinary team of attorneys to help clients navigate the rapidly evolving areas of cybersecurity and privacy law. We partner with clients across the country and across industries to provide solutions-driven legal guidance around cybersecurity and privacy matters.
We counsel clients regarding developments in data-protection laws, both domestically and abroad, and develop practical solutions to manage risk and obligations. This includes advising clients on handling personal information under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA) and other U.S. state-level privacy regimes. We also assist clients with implementing privacy by design, utilizing data assets and analytics in online and e-commerce settings, and complying with obligations unique to the financial services, health care and other regulated industries.
Our experience extends to helping clients effectively plan for and respond to data breaches and security incidents. Should an incident lead to litigation, our team helps defend clients at all stages of privacy litigation—from demand letters, to complaints, class action lawsuits and appeals—and in regulatory enforcement matters.
Experience
Compliance & Transactional
- Overhauled a web-based payments platform company’s GDPR compliance plan, including the revision of its standard Data Processing Addendum (DPA) offered to customers.
- Drafted website and mobile app privacy notices compliant with the State of Washington’s My Health My Data Act for a manufacturer and direct-to-consumer distributor of medical assistive technology devices.
- Assisted multiple clients in the financial services industry with privacy policy updates compliant with the Gramm-Leach-Bliley Act (GLBA) and its implementation in specific sectors in the forms of Reg. S-P and the National Association of Insurance Commissioners’ model privacy legislation.
- Routinely review and negotiate contractual information security and data breach response requirements in commercial services and technology agreements in multiple industries.
- Routinely review and negotiate privacy addenda included in services, technology and other commercial agreements, for clients in a wide range of industries, including but not limited to Business Associate Agreements (under HIPAA) and Data Processing Addenda (under GDPR, CCPA and other comprehensive privacy statutes).
- Advised multiple clients on compliance with GDPR and ePrivacy Directive cookie policy requirements in the E.U. and U.K.
- Advised multiple clients on compliance with CCPA, including as that law has evolved with the California Privacy Rights Act and subsequent rulemaking on automated decisionmaking technologies (ADMT), cybersecurity audits and risk assessment, as well as similar statutes and regulations in other U.S. states.
- Routinely conduct privacy and cybersecurity due diligence in M&A transactions and negotiate related contractual representations and warranties.
Data Breach Response
- Counsel clients on preparing and practicing (through tabletop exercises and the like) written security incident response plans and procedures.
- Advise clients on promptly, diligently and effectively responding to data breach and security incident scenarios.
Data Breach & Privacy Litigation
- Defended class actions involving alleged violations of federal laws such as the Electronic Communications Privacy Act (ECPA), Video Privacy Protection Act (VPPA), Fair Credit Reporting Act (FCRA), Health Insurance Portability and Accountability Act (HIPAA), Fair and Accurate Credit Transactions Act (FACTA), and similar state statutory and common law claims.
- Obtained favorable resolutions for multiple clients who received demand letters alleging use of tracking technologies and data brokers on websites.
- Secured dismissals for multiple clients in putative class action cases alleging harm caused by data breaches related to ransomware, phishing and pixel technology incidents.
- Obtained favorable resolution for health care client in data privacy incident related to disclosure of medical records.
- Obtained favorable resolution and final approval in class-action settlements related to data incidents.
