Main Practice Contacts

Randall E. Colson
+1 214.651.5665

Ronald W. Breaux
+1 214.651.5688

Pierre Grosdidier, Ph.D.
+1 713.547.2272

In the News

Ron Breaux in Bloomberg BNA Privacy and Security Law Report: Views on Lessons Learned from Payment Card Breaches

Payment card breaches at Target Corp. (245 PRA, 12/20/13) and Neiman Marcus Group Ltd. (37 PRA, 2/25/14) have heightened congressional, consumer and company interest in data security issues. >>

Recent Publications

HIPAA Covered Entity Challenges FTC’s Authority to Regulate Data Security

Although a federal court recently ruled that the United States Federal Trade Commission (the “FTC”) has the authority to regulate data security practices, a clinical testing laboratory is arguing that the FTC’s regulatory authority does not extend to entities covered by the Health Insurance Portability and Accountability Act (“HIPAA”). >>

DOJ and FTC Release a Joint Antitrust Policy Statement Encouraging Companies to Share Cyber Threat Information

In a joint policy statement released on April 10, 2014, the Department of Justice (“DOJ”) and Federal Trade Commission (“FTC”) officially encouraged companies, including direct competitors, to share cyber threat information with one another when it announced that “properly designed sharing of cyber threat information should not raise antitrust concerns.” >>

Court Rules that FTC has Authority to Regulate Corporate Cybersecurity

Beleaguered companies suffering from data breaches got more bad news when a federal judge held that the United States Federal Trade Commission (the “FTC”) has the authority to regulate corporate cybersecurity practices. >>

Privacy and Data Breach

Companies retain and transmit massive amounts of data that is vulnerable to theft and exfiltration. A complex web of state, federal, and international data privacy and security laws requires companies to protect that data and disclose breaches. Effective data security demands a coordinated effort by management, information technology, and legal personnel.

To address privacy compliance, we:

  • Counsel clients on applicable data privacy and data security issues.
  • Draft or review data use, retention, and destruction policies.
  • Negotiate contract terms to protect sensitive data made accessible to third-party vendors.
  • Advise clients regarding compliance with privacy and data security laws (including HIPAA and Gramm-Leach-Bliley), regulations, and industry standards (including the Payment Card Industry Data Security Standard).
  • Review data security compliance programs and train key personnel.
  • Tailor breach response programs unique to clients’ circumstances and risks.

A data breach is a crisis that requires a swift, comprehensive response. Haynes and Boone has helped organizations prepare for, respond to, and mitigate every aspect of data security breaches involving trade secrets, personal identifying information, financial information, payment cardholder data, protected health information, and other sensitive data.

When a data breach occurs, we:

  • Investigate the breach.
  • Develop a client-focused strategy for working with law enforcement agencies.
  • Ensure preservation of evidence while preserving attorney-client privileges.
  • Coordinate clients’ responses to criminal and regulatory authorities.
  • Defend clients against claims, including class actions, arising from the breach.
  • Prosecute civil claims against hackers and other infiltrators.
  • Represent clients before the Federal Trade Commission, the Consumer Financial Protection Bureau, and other federal and state enforcement agencies.
  • Advise clients regarding disclosure obligations under federal securities laws and federal and state privacy laws.
  • Counsel clients regarding public statements and managing media coverage.

Data breaches or other cyber incidents can result in the loss of sensitive data and damage to clients’ reputations. Clients need a team with the experience to address the legal and technical issues that will arise. Haynes and Boone has that experience.