Cybersecurity, Data Protection and Privacy
Client and Industry Challenges
Cyberattacks, data breaches and network intrusions are on the rise and continue to cost companies of all shapes and sizes millions of dollars every year. According to just one study, the estimated cost for data breaches incurred by companies will rise to a staggering $2.1 trillion globally by 2019—almost quadrupling costs suffered by companies from 2015 alone. In response, boards of directors, management, regulators and law enforcement agencies are focused on identifying and mitigating cybersecurity risks, including the deployment of malware, digital espionage, unauthorized insider access, distributed denial of service (DDoS) attacks, cyber extortion and ransomware threats.
Clients We Serve
Because the risks and consequences attendant to cybersecurity, data protection, and privacy cut across virtually all industries, we have represented clients in a broad array of sectors on these matters.
Why Clients Select Us
Comprehensive Service: Snell & Wilmer is uniquely positioned to advise clients in preparing for and responding to data breach and cyber incidents, leading data breach/cyber incident response efforts, and handling resulting litigation or regulatory enforcement actions. The firm’s Cybersecurity, Data Protection, and Privacy practice is comprehensive and is specifically designed to assist clients in five core areas:
Snell & Wilmer regularly advises clients in all phases of cybersecurity preparedness and regulatory compliance, including:
- Preparing, reviewing and testing cybersecurity incident response plans;
- Conducting assessments of information security and privacy policies under relevant standards issued by state and federal regulators, including the Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), Department of Health and Human Services, Office of Civil Rights (OCR), National Institute of Standards and Technology (NIST) and the California Attorney General’s Office;
- Developing and reviewing corporate governance practices and board duties relating to cybersecurity risk management;
- Providing counseling regarding cyber insurance coverage;
- Overseeing regulatory cybersecurity audits;
- Reviewing and analyzing third-party, vendor and customer agreements;
- Advising about new and evolving privacy and data security laws and best practices, in the United States and internationally;
- Responding to cybersecurity legal, regulatory and legislative developments; and
- Conducting employee training on cybersecurity issues.
The first 24 hours after a data breach are critical to restoring network security, minimizing harm, remediating damage, preserving evidence, and complying with legal and contractual obligations.
Snell & Wilmer regularly guides companies through all phases of data breach and cyber incident response, including:
- Leading internal investigations relating to data breaches and cyber incidents, in coordination with third-party forensic experts and providing comprehensive crisis management services;
- Providing guidance regarding state and federal data breach notification and remediation requirements and managing multi-state notification efforts; and
- Advising on law enforcement matters, including data breach-related government investigations requests for information.
Following a data breach or cyber incident, private litigation, including class actions, shareholder derivative actions, and securities fraud cases, is inevitable. Additionally, regulators, including the FTC, SEC and OCR will continue to accelerate their enforcement activity related to alleged privacy and data security violations. As just one example, the FTC has brought almost 60 cases against companies alleging that they engaged in unfair or deceptive practices that placed consumers’ personal data or information at risk, including recent landmark cases against Wyndham Hotels and Resorts, and LabMD.
Snell & Wilmer’s deep bench of privacy counselors, class action litigators and trial attorneys are ideally positioned to represent companies in post-incident private litigation and investigation by regulatory agencies.
Developing relationships with key cyber stakeholders at the federal and state level before a data breach occurs vastly improves the ability to quickly engage with the appropriate law enforcement agency following a significant data breach or cyber-attack. Companies should develop relationships with these agencies in advance of a significant data breach occurs and Snell & Wilmer offers law enforcement liaison services as part of its Cybersecurity, Data Protection and Privacy practice. This includes meetings and threat assessment briefings with relevant law enforcement agencies where companies are headquartered as well as in Washington, D.C.
In the current technological environment, companies collect, manage and store more information, including personally identifiable information, about individuals than ever before. That information creates both substantial value and significant risks. Snell & Wilmer routinely assists clients across sectors navigate the rapidly changing privacy and technology landscapes to maximize the value of this information while minimizing the privacy-related legal risk. In particular, our attorneys advise companies regarding data protection and privacy laws, including obligations under:
- General Data Protection Regulation (GDPR)
- EU–U.S. Privacy Shield
- Gramm-Leach Bliley Act
- Computer Fraud and Abuse Act (CFAA)
- Cybersecurity Act of 2015
- California Online Privacy Protection Action (CalOPPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic and Clinical Health Act (HITECH)
- Electronic Communications Privacy Act (ECPA)
- SEC Cybersecurity Disclosure Requirements
- Children’s Online Privacy Protection Act (COPPA)
- Fair Credit Reporting Act (FCRA)
- Fair Debt Collections Practice Act (FDCPA)
- Federal Trade Commission Act
- Sarbanes-Oxley Act
24/7 Breach Response Team: Snell & Wilmer regularly guides clients through all phases of data breach and cyber incident response, including leading internal investigations related to data breaches and cyber incidents in coordination with third-party forensic experts; providing comprehensive crisis management services; and advising regarding state and federal data breach notification and remediation requirements. To assist our clients manage multi-state data breach notification efforts, we have developed an interactive Data Breach Map that provides an overview of the data breach statutes in all 50 states as well as the territories of the United States.
Interdisciplinary Cybersecurity Team: Successful cybersecurity preparedness, incident response and post-attack litigation require companies to incorporate information technology, regulatory, corporate governance, investigations and public relations efforts into a unified strategic framework. Our team is comprised of leading attorneys in each of areas and reflects the interdisciplinary approach required in this field. Additionally, the Snell & Wilmer team includes a former official from the Department of Justice who oversaw cybersecurity, data protection, cybercrime issues in that role, privacy counselors certified by the International Association of Privacy Professionals, intellectual property attorneys with deep technical and software engineering experience, corporate lawyers and class action litigators.
Cybersecurity and Privacy-Related Legal, Regulatory and Legislative Developments: Snell & Wilmer’s attorneys regularly publish and present on cybersecurity, data protection, and privacy-related topics, and clients of our group receive Alerts and updates tailored to their industries. The group also maintains the S&W Cybersecurity and Data Privacy Law blog.