Privacy and Data Security

Haynes and Boone’s Privacy and Data Security Group is a multi-disciplinary team that collaborates to provide seamless support to clients. Our team has decades of experience negotiating data processing agreements, conducting government enforcement investigations, and litigating sophisticated white collar and securities matters. We help ensure compliance with national, international, and industry-specific privacy laws, investigate cyber incidents, and represent clients in related disputes.

We counsel clients on compliance with applicable data privacy laws and regulations, including the GDPR, EU-U.S. post-Privacy Shield, FTC enforcement, CCPA, HIPAA, COPPA, and other national and foreign privacy rules and regimes. Our depth of experience assisting national and multi-national companies crosses markets and industries and gives our clients the advantage of understanding the latest approaches and best practices in this emerging area of the law. We draft and negotiate data processing agreements on behalf of our clients with affiliates, subprocessors, and vendors located within the U.S. and internationally. We also draft and advise on public-facing privacy statements, employee-facing privacy policies, breach response plans, and related information technology policies.

When a cyber incident occurs, we’re at the ready, and we advise our clients with an eye toward mitigating long-term risk. We leverage our relationships with forensic investigators and law enforcement to investigate the incident, restore operations, and manage the disclosure process, and we do so in an efficient way designed to limit business interruption. We look beyond the immediate aftermath of an incident and develop holistic strategies to minimize the collateral risks of litigation and regulatory investigations. When disputes nonetheless arise, we apply our deep knowledge of government investigations and complex litigation to defend our clients vigorously. We have represented our clients in follow-up inquiries by both federal and state regulators and in federal and state court litigation.

Show More
Amendments to Regulation S-P Create New Cybersecurity Requirements for Financial Institutions
June 05, 2024

The Securities and Exchange Commission adopted amendments to Regulation S-P on May 15, 2024, to govern the handling of customers’ nonpublic personal information by certain financial institutions.  The amendments apply to an expanded set of financial institutions including broker-dealers, funding portals, investment companies, registered investment advisers and transfer agents (collectively, “cover [...]