Data is often a company’s most valuable asset. Developing and implementing appropriate and tailored contracts, policies, and procedures is critical to protecting that data. In addition, when a client is the victim of a data breach – whether by a malicious hacker, a departing employee, a competitor or another third party – addressing the matter requires quick action to stop the dissemination of the data, recover it, provide notice to affected parties, and mitigate the risks associated with the incident. Armstrong Teasdale established one of the first privacy and data security practices in the Midwest, and has a strong reputation handling data breach matters and related incidents across the country.
Our Privacy and Data Security practice consists of a cross-disciplinary team of lawyers experienced with matters involving both U.S. and international privacy and data security laws. Given the increasing risk to business and the steady influx of regulation in this area, it’s critical to understand your company’s vulnerabilities and mitigate risk.
Our robust team includes a Certified Ethical Hacker (C|EH) and Certified Information Privacy Professionals (CIPP/US and CIPP/E). Members of Armstrong Teasdale’s Privacy and Data Security practice routinely advise clients ranging from internet startups to Fortune 100 companies in a variety of industries, including financial services, insurance, communications, health care, retail, legal, technology and energy and utilities. Our attorneys are experienced in handling multijurisdictional events, as well as working with the Office of Civil Rights and other state and federal regulators. The issues we routinely address for clients fall into three key categories: preparedness, response and litigation.
We counsel clients on a wide variety of matters, including:
- Breach response, including notification and state and federal compliance
- Compliance with the California Consumer Privacy Act and the upcoming California Privacy Rights Act (CPRA)
- Class action lawsuits
- Confidential information and trade secret protection
- Computer tampering violations
- Data recovery
- Document retention and best practices
- Employee training programs
- GDPR compliance and cross-border data transfers
- Immediate injunctive relief to stop the proliferation of data
- Litigation
- Loss of customer, client or employee data
- Network security gap analysis
- Noncompete, nonsolicitation, nondisclosure and confidentiality agreements
- Personally identifiable information
- Privacy and security audits
- Privacy by design principles
- Regulatory compliance and investigations, including with the Department of Health and Human Services and the Office of Civil Rights
- Risk management
- Security programs and policies
- Commercial contracts involving data use and data privacy