The areas in which we advise and represent clients include:

Regulatory Compliance, Risk Management and Strategic Advice
We counsel clients on privacy laws to help them assess litigation risks and comply with federal regulations, the European Union’s Data Protection and Privacy Directives, and the payment card industry data security standards. Representative laws include the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, the Right to Financial Privacy Act, the Children’s Online Privacy Protection Act (COPPA), the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Fair Credit Reporting Act (FCRA). We also perform audits of clients’ business practices and advise clients regarding risk management strategies, including insurance, for losses arising from privacy and data security risks.

Data Breach Response and Litigation Defense
We help clients rapidly and aggressively respond to data breaches or potential breaches, including by assisting with internal investigations, advising on breach notification compliance, managing public relations, and taking other steps to strategically reduce the risk of external investigations or litigation. When litigation is unavoidable, we have a proven track record of achieving exceptional results for our clients in data breach class action lawsuits. Our litigation strategy is at all times driven by our clients’ business needs and response plan in dealing with a breach.

Privacy Policies and Contractual Provisions
We assist clients by preparing and negotiating contractual provisions related to regulatory compliance and the protection of client and consumer data in the possession of vendors. We also work with clients to draft data security policies and procedures for the protection of employee, customer, and company information and to mitigate risks associated with data breaches. We also draft privacy and data usage policies for clients’ websites, including clients that are required to send policies to customers annually under the Gramm-Leach-Bliley Act.

Financial Institutions and Cyber Fraud
Cyber crime is one of the fastest growing threats to our clients. We help clients respond to this ever-increasing threat by managing risk through insurance, ensuring regulatory compliance, counseling our clients in their efforts to implement proactive policies and technical solutions to deter and respond to attacks, responding to cyber crime events quickly and effectively, and avoiding liability in litigation.

Trade Secrets
We have extensive experience in helping employers protect trade secrets and other valuable proprietary information through effective and enforceable agreements, policies, education and risk management programs and exit procedures for departing employees. Our attorneys also advise employers with respect to hiring practices that may give rise to litigation and have successfully defended employers in trade secret litigation.


Representative examples of our work include:

  • Defending a major corporation in a nationwide class action arising from the alleged theft of employees’ personally identifiable information. We won dismissal of the case on a 12(b)(6) motion, which was affirmed by the Ninth Circuit in a seminal ruling on emerging data breach law.
  • Advising health care clients, including providers, health plans, and business associates, on the privacy and security requirements for protected health information under HIPAA and the HITECH Act and their implementing regulations, as well as other federal and state laws, draft required notices of privacy practices, policies and procedures, and prepare, review, and revise business associate agreements.
  • Assisting clients in drafting privacy and data protection policies and procedures and prepare and negotiating contractual provisions designed to protect client data and personally identifiable information.
  • Assisting numerous clients in the preparation of website privacy statements and policies. Assisting with preparation of required privacy notices under the Gramm-Leach-Bliley Act.
  • Speaking at national and regional conferences on privacy issues.
  • Advising clients about the quality and applicability of specialized cyber, data breach and privacy insurance policies as well as traditional CGL coverage to data breach and other privacy risks.
  • Defending clients against breach of privacy claims brought under the Video Privacy Protection Act, the Wiretap Act, and state consumer protection and privacy laws.