skip to main content
Receive client alerts and/or Silicon Valley e-News in your inbox.
Successfully managing cyber security and data privacy risks are first-order challenges for most organizations. Womble Carlyle’s multi-disciplinary cyber and data privacy team comprises over 20 lawyers who practice data privacy law across a broad range of sectors including the financial, manufacturing, professional, health-care, education, telecommunications, utility and governmental sectors.
We help our clients:
Our attorneys also advise and counsel clients on internet marketing, brand protection and complex domain name disputes. Our intellectual property attorneys, including trademark, patent, copyright and licensing attorneys, help clients manage and protect intellectual property and personal information online.
We work as a team – both with our clients and each other. We promote a comprehensive and integrated approach to all phases of our cyber and privacy practice. There is seldom a one size fits all solution in this space, and the essential diverse skill sets are required to meet cyber security and data privacy challenges
Internationally, our partnership with the U.K. firm of Bond Dickinson LLP and our corresponding relationships in the Lex Mundi legal network allows us to manage breach investigations and international data privacy matters on a very cost effective basis.
Services and Experience (click on a category to expand)
The ability to respond competently in any crisis requires preparation and training. Nowhere is that more true than in responding to a cyber breach. Most cyber breaches are discovered without advanced notice as stolen data appears on the dark web. Often there is no time to prepare a response before the events, investigations and publicity that a breach triggers.
In case of a breach, your management team can face legally-mandated notification deadlines that are unreasonably short. There may be technical challenges of staggering complexity involved in booting out the criminals, restoring functionality, and determining the extent of the data loss. Management will need to decide quickly when to brief board members and other stakeholders and what to tell them. The breach may bring aggressive attention from the press which must be managed.
All this can occur against the possibility of class action lawsuits that can be filed within hours of a breach disclosure. Regulatory investigations by entities like the Federal Trade Commission, the Civil Rights Division of Health and Human Services, the Securities and Exchange Commission or states’ attorneys general may follow quickly.
Failing to handle these situations professionally and competently can greatly damage your organization’s standing in the eyes of the public, resulting in loss of good will or a damaged brand.
Womble Carlyle lawyers have assisted many clients in drafting data breach plans, identifying breach response teams, and preparing and training the leadership teams, directors, or other governing bodies in effective data breach response.
Following a data loss, your company will need to meet legal, regulatory, contractual and ethical obligations, and to demonstrate its competence in handling information in a crisis. Womble’s team has helped manage some of the world’s largest data breaches and helped clients recover quickly and effectively from the experience. Those clients include retailers, payment processors, governmental units, universities, cloud providers, and manufacturers. Our breadth of experience in healthcare, FinTech, communications, employee benefits and government representation inform our work in helping clients with breach preparation. Our team has deep experience helping clients assert attorney client privilege for breach investigations, and in responding to the welter of legal issues that arise from data incidents or attacks. We have served as contingency planners prior to intrusions and litigation counsel when clients are attacked.
Theft of intellectual property and protected data is rampant – whether by disgruntled employees, third party cyber thieves, competitors or foreign entities.
We have represented clients in hundreds of matters where the loss of information presents a material risk to their reputation and financial stability. Our clients turn to us:
To lead them through whatever “heavy weather” may follow. Companies victimized by a data breach or cybercrime too often themselves become the target of class action plaintiffs. We know the ins and outs of class action litigation across the country.
Our cyber litigation team brings deep expertise, experience and diligence to every aspect of our work. We have represented Fortune 500 companies and dozens of other clients in federal and state courts throughout the United States. Our representative experience includes:
Post-breach, companies may quickly become targets of investigations by federal and state agencies, including the Federal Trade Commission (FTC), the Civil Rights Division of Health and Human Services, the Consumer Financial Protection Bureau, the Securities and Exchange Commission, Comptroller of the Currency, the Federal Communications Commission, the Department of Defense, the F.B.I., the Secret Service, the European Data Protection Authorities and state attorneys general and other consumer advocacy agencies. The publicity, fines and consent orders that emerge from these investigations can have wide ranging and adverse impact on the company.
Womble Carlyle’s data privacy and cyber security team includes attorneys with extensive government and law enforcement experience who can investigate breaches and coordinate client’s engagement with law enforcement, forensic experts and federal and state regulators. They have extensive experience in managing responses to administrative, quasi-judicial and criminal investigations both at the state level and in Washington across a wide range of sectors. Our attorneys are able to conduct parallel, often privileged, investigations to allow clients to discover facts before they become surprises. They are experienced managing communications, disclosures and data flows and defending client from overreaching or over-zealous criminal and regulatory investigators. Our partnership with the U.K. firm of Bond Dickinson and membership with the Lex Mundi legal network allows us to manage breach investigations with international scope on a very cost effective basis.
Organizations often underestimate the number and complexity of the legal obligations that apply to their data. Specific rules and regulations apply to:
In the border-less world of the internet, the residence of the employees, retirees or customers determines what law applies to their data as held by your organization. For that reason, many regionally-based organizations are unaware that they are technically subject to the data privacy laws of distant states like California or Massachusetts or foreign entities like the European Union.
Non-healthcare related business are often surprised to learn that certain data they hold concerning employee wellness or benefit plans can subject them to HIPAA data privacy regulations.
Specific rules also apply to how organizations monitor their employees’ email accounts and electronic activities and how they use electronic communications and social media for advertising and public relations.
The Womble team has helped scores of organizations build effective data protection and cyber security policies, including vendor requirements, business associate agreements, and contracts for cyber protective and testing services. Your organization should be continually maintaining, updating and testing privacy practices and cyber diligence, and our team can help design and negotiate the contracts, policies, and procedures needed to keep your organization ready. We provide up-to-the-minute legal and regulatory changes that affect you and help map your actions to comply with evolving requirements.
Consumer, Financial and Health Care Information: Members of Womble Carlyle’s cybersecurity and data privacy team help clients understand and comply with data privacy and security obligations imposed under the Federal Trade Commission (FTC) Act, individual state’s “Little FTC” acts, HIPAA, the Gramm-Leach-Bliley Act, the Children’s Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act, the Telemarketing and Consumer Fraud and Abuse Prevention Act, Telephone Consumer Protection Act (“TCPA”), the Federal Communications Act (“FTC”), regulations and guidance from the Federal Financial Institutions Examination Council (“FFIEC”), the Payment Card Industry Data Security Standards, Federal Data Security D-FARs and FedRAMP, the CAN-SPAM Act and various state regulatory structures. We represent clients before federal regulatory entities including the FTC, the FCC, and NHTSA as well as state regulatory agencies and attorneys general. We also advise businesses about global consumer data collection and privacy protection regulations and qualification and compliance with the Privacy Shield program of the United States Department of Commerce and the European Union.
Click here for detailed information concerning our TCPA practice.
Workplace Privacy: Privacy issues arise in the workplace regarding background and credit checks, surveillance or searches of employees’ electronic accounts and devices, social media policies, and monitoring of email and internet activity. Womble Carlyle data privacy team members can advise clients on the whole range of workplace privacy issues. Click here for additional discussion of data privacy in the work place or social media policies.
Self-Created Standards and Obligations: Organizations can unwittingly create binding data privacy and cyber security obligations through statements in their privacy policies, web pages and employee manuals. Significant liability may attach to these commitments. Similarly, unexpected and often unnecessary liability may arise through what may appear to be “boiler plate” terms in contracts with customers, suppliers, payment card services and financial services providers, software vendors, and others.
Organizations often enter into such obligations without fully comprehending the liabilities they are assuming. Womble Carlyle’s privacy attorneys are experienced in assessing and remediating issues related to such self-imposed privacy obligations. Clients retain us to conduct general reviews of the policy statement and contracts that constitute potential sources of liability. We also assist clients in formulating policies, practices, and contractual templates to limit the creation of unnecessary liability in the future.
Ensuring Your Vendors Protect Your Security: Vendors have emerged as a major source of cyber liability and an important gateway to data breaches. Including effective cyber security commitments in vendor contracts is rapidly becoming a minimum requirement of a cyber security program to be recognized as effective.
Organizations that fail to include appropriate protections in their vendor contracts may find themselves in breach of regulatory standards issued by entities like the Federal Trade Commission, the Civil Rights Division of Health and Human Services, and the Federal Financial Institutions Examination Council if they suffer a data breach through a vendors’ negligence. Our lawyers assist clients in auditing these contracts and setting up necessary templates for new contracts.
Corporate Policies: Members of Womble Carlyle’s cyber security and data privacy team assist clients in designing, reviewing, and updating corporate policies and practices to ensure compliance with existing and evolving privacy and data protection standards. They regularly assist clients across a broad spectrum of sectors in identifying the data they should and should not collect and maintain.
Continuity of Representation: Continuity of representation is a key benefit of making Womble Carlyle your data privacy and security law firm. The Womble Carlyle attorneys that advise clients across the full range of their data privacy and cyber security issues are members of the same legal team that will be there to assist clients when breaches or other crises occur, and as regulation in this area continues to evolve.
We help healthcare providers and health information technology companies navigate the increasingly complex regulatory landscape. For example, we work with all types of healthcare providers and their vendors on compliance with HIPAA and state privacy and security laws. We help hospitals and ACOs structure data use and data sharing arrangements that improve patient care. We work with electronic health record companies on de-identification and data analytics, and we advise data centers and cloud providers on the regulatory requirements that arise when patient data is stored. When a breach of patient data is discovered, we assist with notifications to patients and federal and state agencies, and we provide support when those breaches lead to governmental audits and investigations.