Skip to Main Content

Cybersecurity, Privacy & Data Protection

SubPractice_Hero_Privacy-Data-Security

Overview

While privacy and cybersecurity laws have proliferated at the state, federal, and international levels over the last several years, cyber intrusions have increased exponentially in virtually every industry, jeopardizing corporate data and creating significant liability risks for business organizations and institutions.

These developments have created two related but distinct requirements for businesses in the 21st century, both of which are critically important:

  • Developing privacy policies, practices, and procedures for information collected about identifiable individuals; and
  • Implementing a strong risk-based cybersecurity program that safeguards corporate data, including both personal and business information.

To achieve these objectives, companies must navigate a complex patchwork of applicable laws, contractual obligations, and industry standards.

Our Cybersecurity, Privacy & Data Protection attorneys work closely with our clients to minimize potential risks, develop compliance programs, and respond effectively to data security incidents. We blend advanced information technology (IT) understanding with deep legal and business insight to help clients develop privacy and cybersecurity programs that safeguard sensitive data—including customer data, trade secrets, and employee information maintained by almost every business today.

Our team provides a full array of services, including advice on a wide variety of privacy and data security matters and assistance with data breach investigations and responses. We also have extensive experience working with the Department of Justice and litigating cybersecurity, privacy, and data protection matters in federal and state courts.

Services

Our team provides the following services:

  • Drafting privacy and information security policies and procedures and providing privacy compliance counseling, including for businesses in industries with specialized privacy laws, such as financial services and health care;
  • Responding to data breaches, including assessing legal obligations under U.S. regulations and contractual commitments, engaging and managing forensic service providers, and assisting with post-incident reviews and evaluations;
  • Conducting internal cybersecurity legal assessments and due diligence on potential merger or acquisition targets;
  • Drafting confidentiality and data security provisions for employment agreements and vendor contracts;
  • Implementing insider threat mitigation strategies to protect intellectual property and network integrity;
  • Advising and assisting defense contractors on cybersecurity issues under government contracts;
  • Advising and assisting on issues related to International Trade and Global Security;
  • Assisting victims of identity theft, misuse of social media, and internet defamation issues;
  • Responding to subpoenas for digital data and representing parties in litigation involving cybersecurity incidents or complex digital data issues;
  • Responding to administrative inquiries and criminal subpoenas, negotiating non-prosecution resolutions, and when necessary, providing an aggressive defense to any criminal enforcement action;
  • Providing for electronic password storage and retrieval in estate plans; and
  • Drafting legislation regarding cyber law, privacy, and data security.

Who We Serve

Issues of data protection and privacy touch nearly everyone these days. Our clients come to us from all areas of the business, non-profit, and private sectors, including:

  • Large corporations, financial institutions, and health care entities seeking to implement information security programs and privacy policies;
  • Defense contractors that are required to implement cybersecurity measures on their network to safeguard technical data and controlled unclassified information under NIST 800-171 and DFARS 252.2-4-7012;
  • Businesses looking to safeguard their intellectual property and implement employee policies to minimize insider threats;
  • Businesses assessing potential data security liability of merger or acquisition targets;
  • Businesses and institutions that have experienced a cybersecurity incident;
  • Individuals and businesses entering into vendor contracts;
  • Victims of identity theft or misuse of social media;
  • Families settling estates who need post-mortem access to their loved one’s data;
  • Non-profit organizations that gather sensitive data;
  • Parties to litigation involving complicated digital data, privacy, and cybersecurity issues;
  • Organizations looking to advance legislation regarding cyber law, privacy, and data security

Case Studies

Hinckley Allen Successfully Reaches Agreement in Business Email Compromise Case

Over the course of a long-term construction project, a contractor and property tenant fell victim to a hacker, resulting in payments diverted from the tenant to the hacker, instead of to the contractor. Hinckley Allen represented the contractor who sued th…

Newsroom

Publication

Connecticut Attorney General Issues Report on Data Privacy Act Enforcement; Offers Legislative Recommendations

March 25, 2024

On February 1, 2024, the Connecticut Office of the Attorney General (the “OAG”) issued a report mandated by the Connecticut Data Privacy Act (the “CTDPA”), Conn. Gen. Stat. § 42-515 et seq. (the “Report”), which Report is required to include (…

Publication

US launches counterattack in battle over data

March 19, 2024

What is the impact of the latest Executive Order (EO-14117), aimed at preventing "countries of concern" from gaining access to personal and often sensitive data? Chair of the International Trade & National Security practice, B. Stephanie Siegmann share…

See All Publications
Firm News

B. Stephanie Siegmann Named a “Go To Lawyer” by Massachusetts Lawyers Weekly

October 31, 2022

Hinckley Allen is excited to announce that B. Stephanie Siegmann has been named a “Go To Cybersecurity/Data Privacy Lawyer” by Massachusetts Lawyers Weekly. Stephanie is a litigation partner, Chair of the International Trade & Global Security group…

Firm News

Hinckley Allen Adds National Security Expert B. Stephanie Siegmann to its Litigation Team

March 7, 2022

Hinckley Allen today announced that B. Stephanie Siegmann has joined the firm as a litigation partner and Chair of the International Trade & Global Security practice in its Boston office.“Stephanie is another outstanding hire for our Firm and will be…

Event

The Truth About the False Claims Act

April 3, 2024

B. Stephanie Siegmann, Litigation & Investigations Partner, Chair of the International Trade & National Security group, and Co-Chair of the Cybersecurity, Privacy & Data Protection group will join Eric Crusius, Partner at Holland & Knight, …