Cybersecurity, Privacy & Data Protection
Against the backdrop of evolving and emerging technologies, data has transformed how businesses operate. As more companies understand the value of data, we have helped them transition to the digital age.
Our cybersecurity, privacy & data protection group advises clients on the shifting landscape of emergent law while navigating their legal, business and political issues. We advise on the full scope of cybersecurity, privacy & data protection matters across regulatory compliance and due diligence, investigations and disputes, public law and policy, emerging technologies and data breach preparedness and response.
Industry-Leading Practitioners
Our cybersecurity, privacy & data protection group includes lawyers and former top-ranking officials who have received the highest industry honors, including the following distinctions:
- Practice ranked in Band 1 and one partner individually ranked by Chambers USA in the nationwide privacy and data security category.
- Winner of Global Data Review’s Women in Data award and the Daily Journal’s Top Cybersecurity/Artificial Intelligence (AI) Lawyer honor.
- Winner of The Daily Journal’s award as one of California’s top cyber/AI lawyers since 2018.
- Partner named to Cybersecurity Docket’s Incident Response 50, the world’s 50 best data breach response lawyers.
- Former Chairman of the House Committee on Science, Space and Technology, who was the first member of Congress to hold a hearing on AI.
- Former Senior Counsel in the U.S. Securities and Exchange Commission (SEC) Division of Enforcement, who led numerous investigations.
Clients Across Industries
Our clients hail from a broad range of industries, including technology, private equity, healthcare & life sciences, financial services, investment management, retail, energy & infrastructure, transportation, insurance, software, telecommunications, professional sports, media & entertainment, AI, e-commerce and data aggregation.
Full Range of Regulations
We advise clients on the full range of cybersecurity, privacy & data protection regulations, including the:
- State privacy regulations, such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Connecticut Data Privacy Act (CTDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA) and Virginia Consumer Data Protection Act (CDPA)
- EU General Data Protection Regulation (GDPR)
- Data breach notification laws
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- Biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA), Texas Biometric Privacy Law and Washington Biometric Privacy Protection Act.
- Children’s Online Privacy Protection Act (COPPA)
- Computer Fraud and Abuse Act (CFAA)
- Electronic Communications Privacy Act (ECPA)
- Fair and Accurate Credit Transactions Act (FACTA)
- Fair Credit Reporting Act (FCRA) and state credit reporting laws
- Telephone Consumer Protection Act (TCPA) and state telemarketing laws
- Telemarketing Sales Rule and the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
- Video Privacy Protection Act (VPPA)
- S.-EU Privacy Shield
- California Invasion of Privacy Act (CIPA)
- California Shine the Light Law (STLL)
- California Fair Debt Collection Practices Act (Rosenthal Act)
- Song-Beverly Credit Card Act.
Services In-Depth
Our practitioners work with clients to address privacy requirements and mitigate cybersecurity threats in the following key areas, among others.
Advocacy, Compliance & Counseling on Emerging State Privacy Statutes
Our privacy team assists businesses in transforming their privacy practices in response to comprehensive state privacy laws, including the CCPA and CPRA. We are guiding clients through understanding their compliance obligations so that they can be CPRA ready when the law goes into effect. We also advise on the growing number similar state laws, including the Connecticut Data Privacy Act (CTDPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA) and many more.
Privacy & Cybersecurity Litigation
Our renowned class action litigators work closely with the cybersecurity, privacy & data protection team to defend companies in jurisdictions across the United States. We counsel clients on how to mitigate liability with regard to privacy and data protection issues and defend them in related litigation and in regulatory and congressional investigations.
Government & Internal Investigations
Our firm is a trusted partner for global internal investigations concerning cybersecurity, privacy & data protection matters. We regularly lead data breach and privacy-related investigations, as well as investigation of potential employee misconduct with regard to data, potential corporate espionage and other issues.
M&A Due Diligence
Akin is the go-to law firm for private equity and corporate cybersecurity & data privacy due diligence in mergers, acquisitions, restructurings and other transactions. Our group includes experienced privacy and corporate counsel who understand issues particular to these types of transactions.
Artificial Intelligence, Smart Cities, Internet Of Things (Iot) & Data-Sharing Platforms
As businesses increasingly adopt AI technologies, agreements relating to the collection, storage, analysis, transmission, security and sale of all types of sensitive data have become more prevalent. We regularly advise on the regulatory landscape involving connected devices, the use of AI in governments and the private sector and cybersecurity risks via the supply chain.
Comprehensive Privacy & Cybersecurity Compliance Framework
We work closely with major companies to develop proper procedures for handling privacy compliance issues as related to information sharing and data security. Our lawyers help draft comprehensive policies and procedures to reflect significant changes in law.
Emerging Technology & Innovation-Related Services
Cutting-edge, emerging technological advances give rise to complex and nuanced cybersecurity, privacy & data protection questions. We assist clients with first-in-class digital health products, privacy-by-design digital marketing solutions, and unique cybersecurity products targeting heavily regulated markets. We provide strategic advice and draft contracts, policies, consents and other materials to help our clients advance products and solutions that are outside the box.
Board Advisory Work
Cybersecurity is an enterprise risk management issue that must be evaluated to meet fiduciary duty standards. We present to boards regarding emerging issues and draft board-level compliance oversight programs for companies, including recently acquired portfolio companies working with the new board members to manage cybersecurity, privacy & data protection risks.
Data Breach Preparedness & Response
Across all industries and at the board and management level, we develop data breach exercises testing incident response plans in real time to identify and address any weaknesses, and helping companies prepare for new and evolving threats. We employ an innovative interactive tabletop exercise for the most senior leaders at companies. Our incident response team stands ready to assist clients with their regulatory, legislative, investigation and dispute resolution needs in the wake of a data incident.
Representative Work
Compliance
- Advising a leading dining and entertainment company on developing a worldwide privacy and cybersecurity compliance program in 47 states and 14 foreign countries and territories.
- Advising a leading self-driving car company in connection with developing a global privacy program and conducting a benchmarking exercise regarding their terms of use, privacy policies and user experience.
- Advising a major American airline on the creation of a travel biometrics and privacy program.
- Advising on enhancing cybersecurity and data privacy practices for a consumer electronics company’s mobile and IoT devices and related software, including evaluating and providing recommendations regarding current controls the company has in place.
- Advised on worldwide cybersecurity, privacy & data protection terms and conditions on behalf of a global transportation company in connection with its proposed operation of autonomous vehicle pilot programs in the United States.
- Representing one of the world’s largest investment management firms as the client’s outside counsel assisting with the company’s global privacy regulation.
Disputes & Investigations
- Representing a group of transportation agencies in a class action suit alleging violation of California privacy laws.
- Represented an Emirati cybersecurity company in a U.S. Department of Justice (DOJ) investigation related to the subject and nature of the company’s work and the limits of U.S. government control over this work.