The collection, use and disclosure of personal data trigger a range of privacy and cybersecurity laws and regulations, all of which are enforced by aggressive plaintiffs’ lawyers and government agencies. The retention of sensitive proprietary information pertaining to business partners also implicates a range of legal obligations, and exposure of such information often results in litigation and strained business relationships.
Our lawyers have handled hundreds of data breaches and draw on this experience to routinely represent clients in litigation and governmental investigations arising out of large, complex data breaches, including major incidents involving millions of personal, financial or patient records. We have also represented clients in complex class actions in courts around the country and in governmental investigations by the US Federal Trade Commission (FTC), Office for Civil Rights (OCR) and Federal Communications Commission (FCC), and by state attorneys general. We have also advised clients in disputes with vendors and business partners over losses arising out of cyber incidents.
We are the health-industry market leader with respect to handling responses to OCR investigations. Our lawyers have unparalleled experience negotiating resolution agreements with OCR on behalf of health clients, including major academic medical centers, health plans and provider networks.
We have litigated some of the most important privacy cases in recent years and have obtained landmark rulings, including the US Supreme Court’s 2015 ruling in Gobeille v. Liberty Mutual. We have defended clients in scores of federal and state cases across the country, including dozens of class actions involving claims under federal and state privacy laws, the Fair Credit Reporting Act, the Telephone Consumer Protection Act, the Fair Debt Collection Practices Act, and unfair and deceptive practices statutes, as well as numerous common-law privacy and security claims. We have also represented companies in data collection matters, disputes and class actions involving personal information acquired at point of sale using credit and debit cards in a number of states, including Song Beverly and other state statutes.