Privacy and Data Security
Haynes and Boone’s Privacy and Data Security Group is a multi-disciplinary team that collaborates to provide seamless support to clients. Our team has decades of experience negotiating data processing agreements, conducting government enforcement investigations, and litigating sophisticated white collar and securities matters. We help ensure compliance with national, international, and industry-specific privacy laws, investigate cyber incidents, and represent clients in related disputes.
We counsel clients on compliance with applicable data privacy laws and regulations, including the GDPR, EU-U.S. post-Privacy Shield, FTC enforcement, CCPA, HIPAA, COPPA, and other national and foreign privacy rules and regimes. Our depth of experience assisting national and multi-national companies crosses markets and industries and gives our clients the advantage of understanding the latest approaches and best practices in this emerging area of the law. We draft and negotiate data processing agreements on behalf of our clients with affiliates, subprocessors, and vendors located within the U.S. and internationally. We also draft and advise on public-facing privacy statements, employee-facing privacy policies, breach response plans, and related information technology policies.
When a cyber incident occurs, we’re at the ready, and we advise our clients with an eye toward mitigating long-term risk. We leverage our relationships with forensic investigators and law enforcement to investigate the incident, restore operations, and manage the disclosure process, and we do so in an efficient way designed to limit business interruption. We look beyond the immediate aftermath of an incident and develop holistic strategies to minimize the collateral risks of litigation and regulatory investigations. When disputes nonetheless arise, we apply our deep knowledge of government investigations and complex litigation to defend our clients vigorously. We have represented our clients in follow-up inquiries by both federal and state regulators and in federal and state court litigation.
Eight broker-dealer and investment adviser firms were sanctioned by the U.S. Securities and Exchange Commission (“SEC”) on August 30, 2021, for failures in their cybersecurity policies and procedures. According to the SEC, the failures allowed unauthorized third parties to take over cloud-based email accounts of firm representatives, exposing personally identifying information (PII) of thousands o [...]