Privacy and Data Security

Haynes and Boone’s Privacy and Data Security Group is a multi-disciplinary team that collaborates to provide seamless support to clients. Our team has decades of experience negotiating data processing agreements, conducting government enforcement investigations, and litigating sophisticated white collar and securities matters. We help ensure compliance with national, international, and industry-specific privacy laws, investigate cyber incidents, and represent clients in related disputes.

We counsel clients on compliance with applicable data privacy laws and regulations, including the GDPR, EU-U.S. Privacy Shield, FTC enforcement, CCPA, HIPAA, COPPA, and other national and foreign privacy rules and regimes. Our depth of experience assisting national and multi-national companies crosses markets and industries and gives our clients the advantage of understanding the latest approaches and best practices in this emerging area of the law. We draft and negotiate data processing agreements on behalf of our clients with affiliates, subprocessors, and vendors located within the U.S. and internationally. We also draft and advise on public-facing privacy statements, employee-facing privacy policies, breach response plans, and related information technology policies.

When a cyber incident occurs, we’re at the ready, and we advise our clients with an eye toward mitigating long-term risk. We leverage our relationships with forensic investigators and law enforcement to investigate the incident, restore operations, and manage the disclosure process, and we do so in an efficient way designed to limit business interruption. We look beyond the immediate aftermath of an incident and develop holistic strategies to minimize the collateral risks of litigation and regulatory investigations. When disputes nonetheless arise, we apply our deep knowledge of government investigations and complex litigation to defend our clients vigorously. We have represented our clients in follow-up inquiries by both federal and state regulators and in federal and state court litigation.

Privacy and Data Security


Haynes and Boone Wins Key Sixth Circuit Ruling in Data Breach Suit

Haynes and Boone won a significant case before the U.S. Court of Appeals for the Sixth Circuit that sets important limitations on the liability of merchants who have been victimized by data breaches.

Special Series

A Desk Guide to Data Protection and Breach Response

Haynes and Boone is pleased to present this “Desk Guide to Data Protection and Breach Response” to help you navigate the rapidly evolving cybersecurity landscape. The Desk Guide, which was prepared by the firm’s interdisciplinary Privacy and Data Breach group, provides a practical approach to data security.

Topics include:

  • Data Breach Litigation: Fighting the War on Multiple Fronts
  • New Types of Privacy Lawsuits Are Emerging
  • The Department of Justice, Securities and Exchange Commission, and State Regulators Are Increasingly Active in Cybersecurity Enforcement
  • The FTC is Testing the Limits of its Section 5 Power to Regulate Cybersecurity
  • The U.S. Department of Health and Human Services Stepped Up its HIPAA Enforcement Efforts
  • Government Agencies’ Cybersecurity Efforts Are Increasingly Scrutinized
  • Privacy Issues Are Not Just a Domestic Concern
  • Privacy and Data Security Legislation Remains Primarily a State Issue
  • Insurance Coverage for Cyber Incidents Is Increasingly Debated
  • Individual Businesses and Industries are Fighting Back

Email Disclaimer