Regardless of your industry, service, product or size, you are now also a data company.
Your servers, computer hard drives and mobile devices likely contain valuable intellectual property and business data that can be commercialized for profit. Conversely, they can also include sensitive commercial data and personal information on customers and employees that should not be disclosed.
We can help you optimize the value of your digital assets in a manner that complies with an ever-changing legal and regulatory framework. Equally important, we can advise on how you should manage and protect your and your customers’ sensitive data from attacks, so they do not become a significant liability.
Our multi-disciplinary team of lawyers can handle any aspect of your data protection needs. Please click on the links below to learn more about our services.
The proper collection, safeguarding and use of information are growing concerns that require attention to technology, business practices and the requirements of multiple jurisdictions and government agencies. Data collection from mobile devices and social media are two highly visible areas of risk. Whether your business involves digital advertising or financial safeguards, we can help management put effective and reasonable privacy policies and procedures in place. Our lawyers develop privacy policies for a variety of clients, applications and business models, including drafting procedures and policies for the management of consumer information (online and offline) and the protection of employment and other sensitive materials.
We develop compliance programs and policies that address complex state and federal privacy regulations, so you can reduce the risk of improper disclosure of confidential or sensitive information.
We provide practical advice on what you can do now to decrease your liability should a data breach occur. We help companies determine what data must be stored to comply with applicable laws, and what should be saved for business purposes. Less data equals less exposure in the event of a cyber breach and less data to collect, review and produce during litigation.
Various federal laws and the laws of 46 states govern a company’s response and notification requirements in the event of a breach. We can help you prepare and then comprehensively and effectively respond to data breaches by partnering with consultants in the fields of software, forensics, insurance and public relations. In addition, we work with cybersecurity professionals after a cyber breach to ascertain and advise you on the nature of potential legal claims and the exposure for damages. Finally, our lawyers help to develop a litigation strategy with practical solutions that align with your interests.
We offer trial attorneys who are experienced in representing clients and their insurers in complex litigation to represent clients against claims from federal agencies and regulators, state Attorneys General and private litigants, including the defense of national class actions across the country.
A contract with a vendor for the physical or cloud storage and maintenance of your customers’ personal information and data does not mean you are absolved of liability if that information is breached. We conduct due diligence of prospective vendors and negotiate and enact third-party vendor programs to reduce clients’ risks from a breach.
In addition, we are experienced in advising clients in the following industries and, therefore, are familiar with specific issues that may come into play with data protection and cybersecurity. For more information, please click on the following links.
Increasingly, banking is done remotely via mobile devices or on the Internet. While online banking has many advantages, it also comes with a significant risk for both financial institutions and their customers - unauthorized transfers from a customer’s account caused by a breach of the customer’s computer system. We counsel clients with regard to compliance with the Gramm-Leach-Bliley Act and related privacy and safeguards rules and the Fair Credit Reporting Act (FCRA). Our experienced litigators can develop and execute a strategy that balances a financial services company’s reputational concerns, exposure to damages and desire to retain its customers.
We routinely advise hospitals, health systems, physicians and vendors on privacy and security issues related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which governs the use and disclosure of Protected Health Information (PHI). To help our health care clients avoid potentially significant monetary penalties associated with the improper disclosure of PHI, we develop comprehensive compliance programs and provide counsel on what constitutes a data breach. If a data breach has occurred, we can guide our clients through the relevant breach notification requirements and mitigation efforts.
We counsel clients and help enact effective privacy and online policies to ensure that their marketing, social media and promotional campaigns are compliant with regulations and laws from, and related to, the Federal Trade Commission (FTC), the Children’s Online Privacy Protection Act (COPPA), the California Online Privacy Protection Act (CalOPPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) that protect consumers.
Any data that can be associated with a location is particularly sensitive because it can often be used to identify a person and make assumptions about his or her habits and activities. As a result, laws and regulations are increasingly being created or amended to protect geolocation information. This will become more of an issue for public and private sector entities since these entities have been collecting this type of information for many years without regulatory oversight. We help various entities develop products and services that use geolocation information in a manner that is compliant with privacy regulations and applicable laws.
As the use of unmanned systems technology becomes more pervasive, the amount of data being collected, transmitted and stored will grow exponentially. Because we have extensive knowledge of the field of geospatial data, including what is and what is not permissible under privacy laws, we can help public and private sector entities narrowly tailor their collection plans so that they comply with applicable federal, state and local laws. We can also advise on best practices on how they should protect the data they collect from unapproved uses. In addition, we are closely following laws and policies intended to protect command and control communications from cyber threats.
Cybersecurity issues confront all businesses but are especially challenging for government contractors. In addition to being particularly savory targets for hackers, government contractors must confront an array of evolving, complex, conflicting and increasingly costly standards and requirements regarding information security. We help companies navigate through the changing legal standards and requirements and advise on data breach responses through investigation, reporting and follow-up. We can help government contractors safeguard company interests by strengthening agreements involving information security, advise on due diligence in M&A situations, help develop a proactive response to cybersecurity audits and enforcement actions and provide counsel on cybersecurity-related bid protests and claims. In sum, our team of regulatory, transactional and litigation lawyers can help government contractors develop an appropriate approach to confronting this daunting challenge in a responsible manner that is commensurate with their company’s situation.
Related News
Cybersecurity Standards Apply to Thee, Not Me
Cybersecurity: Mitigating the Legal Risks of On-Line Banking With Business Customers
eDiscovery & Information Governance – Tips for Effectively Managing Your Email
Preparing for a Data Breach – What to Know about Breach Notification
Tony Anikeeff discusses OPM system shutdown in the Washington Examiner
Williams Mullen Announces Data Protection & Cybersecurity Practice
Rob Van Arnam and Kevin Pomfret quoted by Law360 about Data Protection & Cybersecurity Practice
Cybersecurity & Data Protection announcement picked up in editorial by FierceBigData
Proposed Amendments Provide Data Security Standard Under ITAR and EAR
Do You Know Your IP Rights In Your Imagery and Other Data Products?
31 Tips for 31 Days - National Cybersecurity Awareness Month
12 Williams Mullen Attorneys Named 2016 North Carolina Super Lawyers
Latest "Ransomware" Attack Affects Hospital Data – How Secure Are Your Patient Data?
Kelsey Farbotko Quoted in Richmond Times-Dispatch about Health Care Cyber Attacks
Kevin Pomfret Interviewed by NBC12 on Recent Battle Between FBI and Apple
Will Spokeo Impact Standing In Data Breach Cases?
Kelsey Farbotko Quoted in Richmond Times-Dispatch on Medical Records Theft from Redskins Trainer
FAA Issues Final Rule for Businesses to Use Drones
Adoption of Privacy Shield Gives U.S. Businesses Greater Clarity On Data Transfers From Europe
Kevin Pomfret Discusses Potential Policy Changes Due to Pokémon GO
No Harm, Yes Foul: FTC Rules Risk of Consumer Harm Sufficient to Find LabMD Liable for Security Breach.
Williams Mullen Welcomes Three First-Year Associates - Nov, 2016
The Evolving Internet of Things and Its Risks for Business Consumers
Williams Mullen Attracts Seasoned Attorney Michael Maloney to Expanding Government Contracts Practice
Bills to Help Small Businesses Prepare for Cyber Attacks Working Way Through Congress
Global Cyber Attack Highlights Need for President Trump’s Executive Order
Kevin Pomfret Pens Article for GeospatialWorld on Commercial Remote Sensing Satellites in the U.S.
State Governors Sign Cybersecurity Compact
Federal Trade Commission’s Uber Consent Agreement Designates Geolocation Information as Personal Information
Selling Unmanned Systems Products and Services to the Government
Kevin Pomfret Quoted in USGIF Blog Post on Global Location Data
Kevin Pomfret Talks Geospatial Law with ABA's National Security Law Today Podcast
Yahoo! Settlement Affirms SEC's Focus on Cybersecurity Disclosures
GDPR-like Privacy Protection Is Coming to U.S.
Fourth Circuit Ruling Makes Data Management Policies More Important than Ever
Virginia Adds Improper Tax Return Access to Data Breach Notification Laws
Forecasting The Future: What to Learn from The Weather Channel App's Geolocation Lawsuit
Bob Korroch Named a BTI Client Service All-Star for 2019
Williams Mullen Expands Intellectual Property Section with Ed White and Janet Cho
Kevin Pomfret Relays Importance of Keeping Landsat Remote Sensing Data Free
PODCAST: How Do I Conduct Due Diligence of a Company’s Data Assets?
Commerce Adopts Export Controls on Artificial Intelligence Software for Geospacial Imagery – Controls on Additional Technologies Expected Shortly
The Impact of Remote Workforce on Contractual Obligations
The Need for Enhanced Risk-Based Information Security Policies with a Remote Workforce
Protecting Your Sensitive Information While Using Virtual Meeting Platforms
Legal Risks in Sharing Geolocation Data with Government Agencies
Data & Privacy Legal Developments: Virginia Consumer Data Protection Act, Data Scraping, CFIUS and more
Data & Privacy Update: Biometric, Ransomware, PIPEDA and EU-UK Data Transfers
FAQs: Virginia Consumer Data Protection Act
Tackling the Complex World of Cybersecurity
TCPA Litigation Update: The Aftermath of the Supreme Court’s Facebook v. Duguid Decision
North Carolina Proposes Expansive Consumer Privacy Protections
Data & Privacy Update: Six Most Significant Developments Companies Need to Know About
Accomplished Health Care Lawyer Nathan Kottkamp Joins Williams Mullen
Virginia Consumer Data Protection Act to Become Effective January 1, 2023
PODCAST: Recent Trends in the FTC’s Privacy Enforcement
71 Williams Mullen Attorneys Named to Virginia Business Magazine’s "Legal Elite" for 2023
Related Events
CLE Institute 2020
Privacy Law Updates in the United States
2023 North Carolina CLE Institute
Navigating the New Cyber Incident Reporting Requirements
Limiting The Ever-Present “Bet the Company” Risk
CLE Institute 2021
Virginia Association for Community Banks: Second Quarter Compliance Forum Tuesday Session
CLE Institute - Advertising and Customer Engagement in the Digital Age
2020 Cybersecurity Summit
M&A Webinar Series - Data Protection and Privacy: Due Diligence Issues in M&A Transactions
Exit Planning Boot Camp – Woodbridge
Cybersecurity Vigilance – An Expert Panel Briefing for Directors and CEOs
CLE Day
Regulatory Hot Topics – Data Processing Contracts, LIBOR Transition
Blockchain Technology: What You Need To Know for Your Business
Guarding the Company Jewels: Data Security & Privacy, IP and Reputation Management
Banking on Your Cybersecurity
First Quarter Compliance Forum Central
Recent Developments in International Cyber and Privacy Laws: Implications on Insider Threat Programs, Incident Reporting, the Internet of Things, and Geolocation Data Processing
Spring 2018 Cybersecurity Seminar: Emerging Technologies Drive Emerging Risks
Cybersecurity Breaches: Understanding the How and What if a Breach Occurs at Your Bank
Emerging Security & Privacy Issues Arising from the Proliferation of Devices in the Health Care Workplace
Information Security: The Planning & Procedures Necessary to Protect Your Bank's Data - Virginia Association of Community Banks
Webinar: Cybersecurity Compliance for Higher Education: 2018 and Beyond
Data Retention: Risks & Mitigation - Virginia Bankers Association’s Enterprise Risk Management Workshop
Selling Unmanned Systems Products and Services to Federal, State and Local Government Agencies
Seminar: Technology as a Component of Strategic Planning and Risk Avoidance
The Carolinas Center's 41st Annual Hospice & Palliative Care Conference
Expanding to the US Market in 2017: Challenges and Opportunities
Driving IT Innovation - Triangle Technology Executives Council Panel
Seminar: Mitigating Risk in Vendor Technology Contracts
United States Geospatial Intelligence Foundation (USGIF) Geospatial & Remote Sensing Law Workshop
Tysons Chamber 4th Annual Cyber Security Summit
Fall 2016 Cybersecurity Seminar
Coastal Virginia Cyber Symposium - “Making Virginia Cyber Secure” Panel
2016 Cybersecurity Seminar
Richmond Cyber Summit
Technology and IP Forum: How Well Do You Know Your Data Assets?
2015 Cybersecurity Seminar: Identifying and Mitigating Data Breaches and Related Liabilities
Related Attorneys
Carmelle F. Alipio – 919.981.4038 – calipio@williamsmullen.com
Anthony H. Anikeeff – 703.760.5206 – aanikeeff@williamsmullen.com
Wyatt S. Beazley, IV – 804.420.6497 – wbeazley@williamsmullen.com
J.P. McGuire Boyd, Jr. – 804.420.6927 – mboyd@williamsmullen.com
Miles S. Bruder – 919.981.4039 – mbruder@williamsmullen.com
Janet W. Cho – 804.420.6339 – jcho@williamsmullen.com
Brydon M. DeWitt – 804.420.6917 – bdewitt@williamsmullen.com
Rebecca E. Ivey – 804.420.6334 – rivey@williamsmullen.com
Nathan A. Kottkamp – 804.420.6028 – nkottkamp@williamsmullen.com
Michael D. Maloney – 703.760.5230 – mmaloney@williamsmullen.com
Craig L. Mytelka – 757.473.5336 – cmytelka@williamsmullen.com
Kevin D. Pomfret – 703.760.5204 – kpomfret@williamsmullen.com
Courtney Reigel – 804.420.6368 – creigel@williamsmullen.com
Robert Van Arnam – 919.981.4055 – rvanarnam@williamsmullen.com
Lauren W. Waller – 804.420.6590 – lwaller@williamsmullen.com
Edward T. White – 804.420.6338 – ewhite@williamsmullen.com