Data, often a company’s most valuable asset, can also be one of its greatest liabilities if it is not properly protected and used. Developing and implementing appropriate contracts, policies and procedures is critical. In addition, the rapid innovation and development of new technologies and products that collect, analyze, and process data present opportunities and risks for cutting-edge companies seeking to capitalize on these developments.
Armstrong Teasdale’s Data Innovation, Security and Privacy team is highly experienced in guiding organizations through the thicket of federal, state and international rules governing personal information. We routinely counsel clients in connection with development and implementation of, and updates to, information privacy and security programs. Our team is also adept at handling data breaches and related incidents. When a client is the victim of a data breach – whether by a malicious hacker, a departing employee, a competitor or another third party – we provide responsive guidance to stop the dissemination of the data, recover it, provide notice to affected parties, and mitigate risks.
Data Innovation
Armstrong Teasdale lawyers have already developed and continue to develop a deep understanding of new and emerging data collection, analysis and processing technologies and the relevant laws, regulations and industry standards. We also monitor and engage with government agencies establishing new, comprehensive safety and security guidelines. Working collaboratively with members of the Securities, Financial Services and Banking, Fintech and other relevant practices, the Data Innovation, Security and Privacy team counsels clients ranging from startups to Fortune 500 firms on innovative technologies and uses for data, and related concepts.
Information Security and Privacy
Our cross-disciplinary team of lawyers has in-depth experience with matters involving both U.S. and international privacy and data security laws. Given the increasing opportunities for savvy data use, the commensurate risk to business and the steady influx of regulation, it’s critical to understand your company’s vulnerabilities and mitigate risk.
Our robust team includes a Certified Ethical Hacker (C|EH) and Certified Information Privacy Professionals (CIPP/US and CIPP/E). Members of the practice routinely advise clients ranging from internet startups to Fortune 100 companies in a variety of industries, including financial services, insurance, communications, health care, retail, legal, technology and energy and utilities. Our lawyers are experienced in handling multijurisdictional events, as well as working with the Office of Civil Rights and other state and federal regulators. The issues we routinely address for clients fall into three key categories: preparedness, response and litigation.
We counsel clients on a wide variety of matters, including:
- Compliance with the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Utah Consumer Privacy Act (UCPA), and the Colorado Privacy Act (CPA), as well as the emerging patchwork of other state-level privacy laws
- Compliance with federal privacy laws and regulations, such as the HIPAA privacy and security rules, the GLBA safeguards rule, the Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), the FTC Act and the Telephone Consumer Protection Act (TCPA)
- Regulatory compliance and investigations, including with the Department of Health and Human Services and the Office of Civil Rights
- Breach response, including notification and state and federal compliance
- Litigation, including class action lawsuits
- Immediate injunctive relief to stop the proliferation of data
- Enhancing privacy and security programs and elevating privacy and security issues to boards and top-level management
- General Data Protection Regulation (GDPR) compliance, data protection impact assessments and cross-border data transfers
- Commercial contracts involving data use and data protection issues
- Security programs and policies, including Written Information Security Programs (WISPs) and Acceptable Technology Use Policies
- Confidential information and trade secret protection
- Computer tampering violations
- Data recovery
- Document retention and best practices
- Employee training programs
- Loss of customer, client or employee data
- Network security gap analysis
- Noncompete, nonsolicitation, nondisclosure and confidentiality agreements
- Privacy and security audits
- Privacy by design principles
- Enterprise risk management
- Software license audits
