Data Privacy and Protection in the US
The US has traditionally taken a vertical approach to data protection, with a focus on specific sectors. However, recent developments at both federal and state levels indicate a move towards a more horizontal approach. We can share our expertise to ensure your data protection procedures are in compliance with state and federal requirements, and advise you in case of data breaches involving personally identifiable information (see below).
Data Privacy and Protection in the European Union and Other Major Markets
Our EU team offers a “one-stop shop” for any organization needing to address data protection and e-privacy issues in the EU. We have substantial experience advising clients in many sectors on compliance across the EU/EEA, including the evolving interpretation of existing e-privacy, data protection and data retention rules, and the implications of the significant legislative changes on the horizon at EU level. Our country experts have substantial experience advising multinational clients on how to prepare for and respond to data breaches involving personal data (see below), as well as conflicts of laws involving access to personal data.
We also have data protection experts in virtually all of our other offices, including Russia, the Middle East and the Asia Pacific region. We are adept at providing multinational clients with advice on establishing regulatory compliance programs and data breach response plans that address the differing and sometimes conflicting requirements of the jurisdictions in which they operate.
Cybersecurity
Our Data Privacy, Cybersecurity & Digital Assets team works across borders and practice specialties to deliver comprehensive and strategic advice and counsel on cybersecurity. We address cybersecurity and privacy issues, cyber theft and data breach prevention, as well as the liability stemming from data breaches and post-breach forensics.
Our experience with the broad swathe of policy, regulatory, legislative, legal, compliance and enforcement issues that impact risk management and cybersecurity means we can offer valuable and proactive advice to clients in critical infrastructure sectors, such as banking and financial services, energy, telecommunications, information technology and health, along with other industries impacted by cybersecurity concerns.
The Emerging Role of Regulators and Cybersecurity
As cybersecurity risks grow exponentially around the world, regulators across the globe are looking at new ways to manage the risk. We bring a global view of what is happening in the emerging realms of cybersecurity in other countries, including in the EU, Asia Pacific, Latin America and others. In many cases, we can help our global clients anticipate how emerging cybersecurity policies, regulations and laws are being debated around the world, and share best practices about what has worked and what happens. The increasingly connected nature of the globe dictates that corporations need teams like ours who have detailed experience in all of these matters.
As a result, that means we can help clients understand how proposed cyber changes will impact their current – and often complex and overlapping – regulatory regimes. For example, in the US, we work closely with the White House and relevant federal agencies. We also work with independent agencies, including the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC), the Federal Energy Regulatory Commission (FERC) and entities like the North American Electric Reliability Corporation (NERC), as well as every committee jurisdiction in Congress.
We have similar capabilities in Brussels and key EU member states, as well as in the Asia Pacific region, to help ensure global messaging, coordination and solutions.
Data Breach Preparedness and Response
Our team includes data breach experts with a proven track record of advising clients on data breach preparedness and response, at both local and international levels. Working closely with our litigation experts in key markets, we have developed a four-point program that covers the essential elements of sound data management, whether this involves personal information, intellectual property, commercially sensitive data, systems software or other business-critical data:
- Prepare and train
- Protect and prevent
- Detect and respond
- Recover and fortify
We work closely with technical security professionals and forensics experts on matters ranging from developing compliance and prevention programs, to drafting tailored data breach response plans and coordinating crisis management. You can also tap into our Financial Services team’s expertise on issues relating to data and cyber breach insurance policies and claims.