Main Practice Contacts

Randall E. Colson
+1 214.651.5665


Ronald W. Breaux
+1 214.651.5688


Pierre Grosdidier, Ph.D.
+1 713.547.2272


In the News

Emily Westridge Black in Law360: Obama Cybersecurity Blitz May Lessen Liability For Breaches

The White House began a push this week for federal legislation that would create a national breach reporting standard and encourage cyberthreat information sharing, measures that attorneys say would reduce companies’ liability for cyberattacks by replacing the dozens of reporting standards that currently exist and providing a shield to companies that divulge threats. >>



Recent Publications

CFAA Claims by Software Vendors for Unauthorized Access to Their Licensed Software on Their Clients’ Computers

Can a software vendor assert a Computer Fraud and Abuse Act (“CFAA,” 18 U.S.C. § 1030) claim against a third-party end-user for unauthorized access to the vendor’s licensed software operating on the vendor’s client’s computers? In other words, does the vendor have a viable CFAA claim if it does not own the accessed computers, but access nonetheless violates the terms of the vendor’s software license agreement? >>

Target Consumer Class Action Survives Motion to Dismiss

Consumers that filed a class action against Target Corporation following the company’s 2013 payment card breach have survived a motion to dismiss. >>

Data Breach Plaintiffs Bring Creative Claims to Overcome Standing Hurdles

New breaches of individuals’ personally identifiable information (“PII”) are announced every week, but so far plaintiffs have had limited success in pursuing class actions against breached companies because they usually cannot plead injury-in-fact sufficient to establish standing. >>

Sony Pictures Hit With Class Actions Arising from Recent Data Breach

Two groups of former Sony employees filed putative class actions this week arising from the company’s recent data breach. >>





Privacy and Data Breach

Read our special series, A Desk Guide to Data Protection and Breach Response

Companies retain and transmit massive amounts of data that is vulnerable to theft and exfiltration. A complex web of state, federal, and international data privacy and security laws requires companies to protect that data and disclose breaches. Effective data security demands a coordinated effort by management, information technology, and legal personnel.

To address privacy compliance, we:

  • Counsel clients on applicable data privacy and data security issues.
  • Draft or review data use, retention, and destruction policies.
  • Negotiate contract terms to protect sensitive data made accessible to third-party vendors.
  • Advise clients regarding compliance with privacy and data security laws (including HIPAA and Gramm-Leach-Bliley), regulations, and industry standards (including the Payment Card Industry Data Security Standard).
  • Review data security compliance programs and train key personnel.
  • Tailor breach response programs unique to clients’ circumstances and risks.

A data breach is a crisis that requires a swift, comprehensive response. Haynes and Boone has helped organizations prepare for, respond to, and mitigate every aspect of data security breaches involving trade secrets, personal identifying information, financial information, payment cardholder data, protected health information, and other sensitive data.

When a data breach occurs, we:

  • Investigate the breach.
  • Develop a client-focused strategy for working with law enforcement agencies.
  • Ensure preservation of evidence while preserving attorney-client privileges.
  • Coordinate clients’ responses to criminal and regulatory authorities.
  • Defend clients against claims, including class actions, arising from the breach.
  • Prosecute civil claims against hackers and other infiltrators.
  • Represent clients before the Federal Trade Commission, the Consumer Financial Protection Bureau, and other federal and state enforcement agencies.
  • Advise clients regarding disclosure obligations under federal securities laws and federal and state privacy laws.
  • Counsel clients regarding public statements and managing media coverage.

Data breaches or other cyber incidents can result in the loss of sensitive data and damage to clients’ reputations. Clients need a team with the experience to address the legal and technical issues that will arise. Haynes and Boone has that experience.