Skip to Main Content

Cybersecurity, Privacy & Data Protection

SubPractice_Hero_Privacy-Data-Security

Overview

While privacy and cybersecurity laws have proliferated at the state, federal, and international levels over the last several years, cyber intrusions have increased exponentially in virtually every industry, jeopardizing corporate data and creating significant liability risks for business organizations and institutions.

These developments have created two related but distinct requirements for businesses in the 21st century, both of which are critically important:

  • Developing privacy policies, practices, and procedures for information collected about identifiable individuals; and
  • Implementing a strong risk-based cybersecurity program that safeguards corporate data, including both personal and business information.

To achieve these objectives, companies must navigate a complex patchwork of applicable laws, contractual obligations, and industry standards.

Our Cybersecurity, Privacy & Data Protection attorneys work closely with our clients to minimize potential risks, develop compliance programs, and respond effectively to data security incidents. We blend advanced information technology (IT) understanding with deep legal and business insight to help clients develop privacy and cybersecurity programs that safeguard sensitive data—including customer data, trade secrets, and employee information maintained by almost every business today.

Our team provides a full array of services, including advice on a wide variety of privacy and data security matters and assistance with data breach investigations and responses. We also have extensive experience working with the Department of Justice and litigating cybersecurity, privacy, and data protection matters in federal and state courts.

Services

Our team provides the following services:

  • Drafting privacy and information security policies and procedures and providing privacy compliance counseling, including for businesses in industries with specialized privacy laws, such as financial services and health care;
  • Responding to data breaches, including assessing legal obligations under U.S. regulations and contractual commitments, engaging and managing forensic service providers, and assisting with post-incident reviews and evaluations;
  • Conducting internal cybersecurity legal assessments and due diligence on potential merger or acquisition targets;
  • Drafting confidentiality and data security provisions for employment agreements and vendor contracts;
  • Implementing insider threat mitigation strategies to protect intellectual property and network integrity;
  • Advising and assisting defense contractors on cybersecurity issues under government contracts;
  • Advising and assisting on issues related to International Trade and Global Security;
  • Assisting victims of identity theft, misuse of social media, and internet defamation issues;
  • Responding to subpoenas for digital data and representing parties in litigation involving cybersecurity incidents or complex digital data issues;
  • Responding to administrative inquiries and criminal subpoenas, negotiating non-prosecution resolutions, and when necessary, providing an aggressive defense to any criminal enforcement action;
  • Providing for electronic password storage and retrieval in estate plans; and
  • Drafting legislation regarding cyber law, privacy, and data security.

Who We Serve

Issues of data protection and privacy touch nearly everyone these days. Our clients come to us from all areas of the business, non-profit, and private sectors, including:

  • Large corporations, financial institutions, and health care entities seeking to implement information security programs and privacy policies;
  • Defense contractors that are required to implement cybersecurity measures on their network to safeguard technical data and controlled unclassified information under NIST 800-171 and DFARS 252.2-4-7012;
  • Businesses looking to safeguard their intellectual property and implement employee policies to minimize insider threats;
  • Businesses assessing potential data security liability of merger or acquisition targets;
  • Businesses and institutions that have experienced a cybersecurity incident;
  • Individuals and businesses entering into vendor contracts;
  • Victims of identity theft or misuse of social media;
  • Families settling estates who need post-mortem access to their loved one’s data;
  • Non-profit organizations that gather sensitive data;
  • Parties to litigation involving complicated digital data, privacy, and cybersecurity issues;
  • Organizations looking to advance legislation regarding cyber law, privacy, and data security

Case Studies

Hinckley Allen Successfully Reaches Agreement in Business Email Compromise Case

Over the course of a long-term construction project, a contractor and property tenant fell victim to a hacker, resulting in payments diverted from the tenant to the hacker, instead of to the contractor. Hinckley Allen represented the contractor who sued th…

Newsroom

Publication

Jack Teixeira Pleads Guilty to Massive Leak of Pentagon Secrets

March 8, 2024

B.She described the potential sentence of 16 years under the plea agreement for the willful retention and transmission of national defense information as one of the longest sentences ever imposed for this type of conduct. “The secrets that he posted abou…

Publication

Accelerated Scrutiny of AI Systems in 2024: The EU AI Act and the U.S. Strategy

January 9, 2024

On December 9, 2023, representatives from the Council of the European Union, the European Parliament, and the European Commission agreed in principle on the world’s first comprehensive legal regulations for artificial intelligence – the European Union …

See All Publications
Firm News

B. Stephanie Siegmann Named a “Go To Lawyer” by Massachusetts Lawyers Weekly

October 31, 2022

Hinckley Allen is excited to announce that B. Stephanie Siegmann has been named a “Go To Cybersecurity/Data Privacy Lawyer” by Massachusetts Lawyers Weekly. Stephanie is a litigation partner, Chair of the International Trade & Global Security group…

Firm News

Hinckley Allen Adds National Security Expert B. Stephanie Siegmann to its Litigation Team

March 7, 2022

Hinckley Allen today announced that B. Stephanie Siegmann has joined the firm as a litigation partner and Chair of the International Trade & Global Security practice in its Boston office.“Stephanie is another outstanding hire for our Firm and will be…

Event

The Truth About the False Claims Act

April 3, 2024

B. Stephanie Siegmann, Litigation & Investigations Partner, Chair of the International Trade & National Security group, and Co-Chair of the Cybersecurity, Privacy & Data Protection group will join Eric Crusius, Partner at Holland & Knight, …