Skip to Main Content

Cybersecurity, Privacy & Data Protection

SubPractice_Hero_Privacy-Data-Security

Overview

While privacy and cybersecurity laws have proliferated at the state, federal, and international levels over the last several years, cyber intrusions have increased exponentially in virtually every industry, jeopardizing corporate data and creating significant liability risks for business organizations and institutions.

These developments have created two related but distinct requirements for businesses in the 21st century, both of which are critically important:

  • Developing privacy policies, practices, and procedures for information collected about identifiable individuals; and
  • Implementing a strong risk-based cybersecurity program that safeguards corporate data, including both personal and business information.

To achieve these objectives, companies must navigate a complex patchwork of applicable laws, contractual obligations, and industry standards.

Our Cybersecurity, Privacy & Data Protection attorneys work closely with our clients to minimize potential risks, develop compliance programs, and respond effectively to data security incidents. We blend advanced information technology (IT) understanding with deep legal and business insight to help clients develop privacy and cybersecurity programs that safeguard sensitive data—including customer data, trade secrets, and employee information maintained by almost every business today.

Our team provides a full array of services, including advice on a wide variety of privacy and data security matters and assistance with data breach investigations and responses. We also have extensive experience working with the Department of Justice and litigating cybersecurity, privacy, and data protection matters in federal and state courts.

Services

Our team provides the following services:

  • Drafting privacy and information security policies and procedures and providing privacy compliance counseling, including for businesses in industries with specialized privacy laws, such as financial services and health care;
  • Responding to data breaches, including assessing legal obligations under U.S. regulations and contractual commitments, engaging and managing forensic service providers, and assisting with post-incident reviews and evaluations;
  • Conducting internal cybersecurity legal assessments and due diligence on potential merger or acquisition targets;
  • Drafting confidentiality and data security provisions for employment agreements and vendor contracts;
  • Implementing insider threat mitigation strategies to protect intellectual property and network integrity;
  • Advising and assisting defense contractors on cybersecurity issues under government contracts;
  • Advising and assisting on issues related to International Trade and Global Security;
  • Assisting victims of identity theft, misuse of social media, and internet defamation issues;
  • Responding to subpoenas for digital data and representing parties in litigation involving cybersecurity incidents or complex digital data issues;
  • Responding to administrative inquiries and criminal subpoenas, negotiating non-prosecution resolutions, and when necessary, providing an aggressive defense to any criminal enforcement action;
  • Providing for electronic password storage and retrieval in estate plans; and
  • Drafting legislation regarding cyber law, privacy, and data security.

Who We Serve

Issues of data protection and privacy touch nearly everyone these days. Our clients come to us from all areas of the business, non-profit, and private sectors, including:

  • Large corporations, financial institutions, and health care entities seeking to implement information security programs and privacy policies;
  • Defense contractors that are required to implement cybersecurity measures on their network to safeguard technical data and controlled unclassified information under NIST 800-171 and DFARS 252.2-4-7012;
  • Businesses looking to safeguard their intellectual property and implement employee policies to minimize insider threats;
  • Businesses assessing potential data security liability of merger or acquisition targets;
  • Businesses and institutions that have experienced a cybersecurity incident;
  • Individuals and businesses entering into vendor contracts;
  • Victims of identity theft or misuse of social media;
  • Families settling estates who need post-mortem access to their loved one’s data;
  • Non-profit organizations that gather sensitive data;
  • Parties to litigation involving complicated digital data, privacy, and cybersecurity issues;
  • Organizations looking to advance legislation regarding cyber law, privacy, and data security

Case Studies

Hinckley Allen Successfully Reaches Agreement in Business Email Compromise Case

Over the course of a long-term construction project, a contractor and property tenant fell victim to a hacker, resulting in payments diverted from the tenant to the hacker, instead of to the contractor. Hinckley Allen represented the contractor who sued th…

Newsroom

Publication

Navigating Profound Change: CISA Announces Proposed Rule for Mandated Cyber Incident Reporting

April 9, 2024

In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how organizations manage cyber incidents to…

Publication

New Hampshire Enacts Comprehensive Data Privacy Law

April 9, 2024

On March 6, 2024, New Hampshire Governor Chris Sununu signed into law SB 255-FN, An Act Relative to the Expectation of Privacy (the “Act”), making New Hampshire the 14th state to enact a comprehensive data privacy law — joining California, Colorado, …

See All Publications
Firm News

B. Stephanie Siegmann Named a “Go To Lawyer” by Massachusetts Lawyers Weekly

October 31, 2022

Hinckley Allen is excited to announce that B. Stephanie Siegmann has been named a “Go To Cybersecurity/Data Privacy Lawyer” by Massachusetts Lawyers Weekly. Stephanie is a litigation partner, Chair of the International Trade & Global Security group…

Firm News

Hinckley Allen Adds National Security Expert B. Stephanie Siegmann to its Litigation Team

March 7, 2022

Hinckley Allen today announced that B. Stephanie Siegmann has joined the firm as a litigation partner and Chair of the International Trade & Global Security practice in its Boston office.“Stephanie is another outstanding hire for our Firm and will be…

Contacts

See All Professionals
Connecticut Attorney General Issues Report on Data Privacy Act Enforcement; Offers Legislative Recommendations
Connecticut Attorney General Issues Report on Data Privacy Act Enforcement; Offers Legislative Recommendations
Accelerated Scrutiny of AI Systems in 2024: The EU AI Act and the U.S. Strategy
Accelerated Scrutiny of AI Systems in 2024: The EU AI Act and the U.S. Strategy