Privacy and Cybersecurity

The firm’s privacy and cybersecurity group is a natural extension of our long-standing role as a sought-after legal advisor to clients in industries that receive, manage and transmit sensitive financial, business, personal and other information. The group is comprised of a multidisciplinary team of lawyers that advises clients with respect to the rapidly evolving body of privacy and cybersecurity statutes, regulations and caselaw, in both a transactional and litigation context. This includes counsel on privacy and cybersecurity concerns related to:

  • corporate governance
  • corporate and finance transactions
  • regulatory compliance
  • employment matters
  • risk management
  • breach response

Our lawyers also provide counsel and advocate on behalf of clients on privacy and cybersecurity-related matters in pre-litigation disputes, litigation, alternative dispute resolution and insolvency/bankruptcy proceedings. 

Our lawyers are actively involved in leading industry and professional associations related to privacy and cybersecurity. Our lawyers are certified by, and the firm sponsors and is an active participant in, the International Association of Privacy Professionals (IAPP). The firm remains, as it has for decades, an active participant in the financial services industry, including industry and professional associations such as the Commercial Finance Association (CFA). Our day-to-day involvement with the trends and issues of most concern to our clients allows us to anticipate our clients’ needs and provide the most current insights on best practices and changes in the global privacy and cybersecurity landscape.

Corporate Governance and Regulatory

We advise corporate boards, directors and officers on privacy and cybersecurity governance policies and procedures to ensure their compliance with applicable laws, regulations and best practices, and protect against director liability. We monitor developments with privacy legislation and the regulations promulgated thereunder, including Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act of 2003, the Driver's Privacy Protection Act, CAN-SPAM, state and federal security breach notification laws, the Payment Card Industry Data Security Standard and other federal and state requirements. We also advise clients on continuing changes in state regulation, including New York State’s cybersecurity and third party information security requirements for covered entities.

Bankruptcy and Insolvency

The firm has long been well known for its experience and expertise in the bankruptcy, insolvency, restructuring and loan workout arenas. Our lawyers regularly advise clients when a corporation possessing non-public financial, business or personal data faces financial difficulties. Often a secured lender foreclosing on its borrower’s collateral will find itself in possession of sensitive data (such as that of a borrower’s employees or customers), which the foreclosing lender then has the responsibility to protect. In other instances, sensitive data (such as customer lists) are among the assets being liquidated. Our lawyers are well positioned to advise clients on the privacy and cybersecurity issues that may arise in distressed financial situations.


Our firm’s litigators regularly provide counsel and advocate on behalf of clients on privacy and cybersecurity-related matters in pre-litigation disputes, litigation, alternative dispute resolution and insolvency/bankruptcy proceedings. This includes insurance coverage disputes, vendor liability, negligence and fraud, as well as trade secret, competition and intellectual property (including social media account) ownership disputes.

Corporate and Finance Transactions

In addition to other advice provided to clients involved with mergers and acquisitions, vendor and third party agreements, licensing agreements, technology transfers, joint ventures and partnerships, our transactional lawyers draft and negotiate privacy and cybersecurity-related terms in all manner of corporate agreements and governance documents. We incorporate additional transactional requirements pursuant to applicable regulations, including those related to multifactor authentication, data encryption and stored data. Our team also consults on global privacy regulatory requirements in cross-border transactions.

The firm has long been well known for its experience and expertise in commercial lending and finance transactions. Our lawyers regularly advise our banking and finance clients on issues of privacy and cybersecurity in the context of credit decision-making, loan underwriting and loan monitoring, as well as during the negotiation of loan documentation.

Risk Management

Our privacy and cybersecurity group assists clients in assessing and developing loss prevention and risk management programs to avoid or minimize financial losses or reputational injury related to cyber breaches or data loss.

Employment and Competition Law

Our firm counsels corporate and individual clients on employment-related privacy and cybersecurity issues, including social media, email, bring-your-own-device rules, trade secret protection and other employment-related policies. Our lawyers also provide guidance on privacy issues related to Internet marketing.

Top of Page