Data, often a company’s most valuable asset, can also be one of its greatest liabilities if it is not properly protected and used. Developing and implementing appropriate contracts, policies and procedures is critical. In addition, the explosion of data innovation surrounding the development of distributed ledger technologies and related products such as blockchain (Web3) presents opportunities and risks for cutting-edge companies seeking to capitalize on these developments.

Armstrong Teasdale’s Data Innovation, Security and Privacy team is highly experienced in guiding organizations through the thicket of federal, state and international rules governing personal information. We routinely counsel clients in connection with development and implementation of, and updates to, information privacy and security programs. Our team is also adept at handling data breaches and related incidents. When a client is the victim of a data breach – whether by a malicious hacker, a departing employee, a competitor or another third party – we provide responsive guidance to stop the dissemination of the data, recover it, provide notice to affected parties, and mitigate risks.

Data Innovation

Web3 is a broad term encompassing blockchain technologies, cryptocurrencies and digital assets, and novel business models, among other things. While this nascent field is rapidly evolving, Armstrong Teasdale lawyers have already developed a deep understanding of the technologies involved and the relevant laws, regulations and industry standards. We also monitor and engage with government agencies establishing new, comprehensive safety and security guidelines. Working collaboratively with members of the Securities, Financial Services and Banking, Fintech and other relevant practices, the Data Innovation, Security and Privacy team counsels clients ranging from startups to Fortune 500 firms on innovative technologies and uses for data, and related concepts, including:

  • Nonfungible Tokens (NFTs), digital assets stored on blockchain technology, created by computer code and often bought with cryptocurrency. The computer code underlying an NFT includes “smart contracts,” is unique, and is noninterchangeable. Their investment potential is complicated by questions of ownership in agreements, the dramatic rise in illegal activity surrounding them, which has led to the increased likelihood of government regulations and legal oversight on the horizon.
  • Decentralized Finance (DeFi), which encompasses a wide variety of applications (including blockchain technology) designed to eliminate intermediaries (such as banks). Their hallmarks of efficiency and responsiveness give rise to regulatory and compliance complications, as well as heightened transactional risks that have eroded consumer trust.
  • Decentralized Autonomous Organizations (DAOs), entities governed by a community organized around a specific set of rules enforced on a blockchain via smart contracts. As prominent losses from cybersecurity incidents run into the hundreds of millions of dollars, calls for regulation have increased as consumers bear the brunt of these losses.
  • Cryptocurrency, which has experienced a rapid—and volatile—evolution. Lacking a centralized regulatory authority, they present risks both for security as well as compliance. And like DeFi, their “borderless” nature makes it difficult to establish jurisdiction.

Information Security and Privacy

Our cross-disciplinary team of lawyers has in-depth experience with matters involving both U.S. and international privacy and data security laws. Given the increasing opportunities for savvy data use and the commensurate risk to business and the steady influx of regulation, it’s critical to understand your company’s vulnerabilities and mitigate risk.

Our robust team includes a Certified Ethical Hacker (C|EH), a Certified Information Systems Security Professional (CISSP), a Fellow of Information Privacy (FIP), Certified Information Privacy Professionals (CIPP/US, CIPP/C and CIPP/E) and a former Fortune 20 Chief Privacy Officer. Members of the practice routinely advise clients ranging from internet startups to Fortune 100 companies in a variety of industries, including financial services, insurance, communications, health care, retail, legal, technology and energy and utilities. Our lawyers are experienced in handling multijurisdictional events, as well as working with the Office of Civil Rights and other state and federal regulators. The issues we routinely address for clients fall into three key categories: preparedness, response and litigation.

We counsel clients on a wide variety of matters, including:

  • Compliance with the California Consumer Privacy Act (CCPA), the upcoming California Privacy Rights Act (CPRA), the Utah Consumer Privacy Act (UCPA), and the Colorado Privacy Act (CPA), as well as the emerging patchwork of other state-level privacy laws
  • Compliance with federal privacy laws and regulations, such as the HIPAA privacy and security rules, the GLBA safeguards rule, the Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), the FTC Act and the Telephone Consumer Protection Act (TCPA)
  • Regulatory compliance and investigations, including with the Department of Health and Human Services and the Office of Civil Rights
  • Breach response, including notification and state and federal compliance
  • Litigation, including class action lawsuits
  • Immediate injunctive relief to stop the proliferation of data
  • Enhancing their privacy and security programs and elevating privacy and security issues to boards and top-level management
  • General Data Protection Regulation (GDPR) compliance, data protection impact assessments and cross-border data transfers
  • Commercial contracts involving data use and data protection issues
  • Security programs and policies, including Written Information Security Programs (WISPs) and Acceptable Technology Use Policies
  • Confidential information and trade secret protection
  • Computer tampering violations
  • Data recovery
  • Document retention and best practices
  • Employee training programs
  • Loss of customer, client or employee data
  • Network security gap analysis
  • Noncompete, nonsolicitation, nondisclosure and confidentiality agreements
  • Privacy and security audits
  • Privacy by design principles
  • Enterprise risk management
  • Software license audits
Contact Us
  • Worldwide
  • Boston, MA
  • Denver, CO
  • Dublin, Ireland
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • London, England
  • Miami, FL
  • New York, NY
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
Worldwide
abstract image of world map
Boston, MA
800 Boylston St.
30th Floor
Boston, MA 02199
Google Maps
Boston, Massachusetts
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Dublin, Ireland
Fitzwilliam Hall, Fitzwilliam Place
Dublin 2, Ireland
Google Maps
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
1980 Festival Plaza Drive, Suite 750
One Summerlin
Las Vegas, NV 89135
Google Maps
Las Vegas, Nevada
London, England
Royal College of Surgeons of England
38-43 Lincoln’s Inn Fields
London, WC2A 3PE
Google Maps
Miami, FL
355 Alhambra Circle
Suite 1250
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
201 South Main Street
Suite 750
Salt Lake City, UT 84111
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1050 Connecticut Avenue NW
Suite 500
Washington, DC 20036
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware