Privacy and Data Security

As the online marketplace continues to grow, companies throughout the world are facing increasingly strict – and often inconsistent – regulations regarding the acquisition, use, and protection of personal information.

Our global privacy, data protection, and data security attorneys advise clients on a broad range of privacy and data protection matters, including developing and implementing privacy policies and procedures, privacy-related litigation, regulatory investigations, global compliance, cross-border data transfers, website terms and conditions, social media and other new information technologies, cybersecurity and network intrusion issues, and contractual matters involving privacy and security. We also counsel clients on compliance with regulations such as the TCPA, COPPA, HIPAA, GLBA, and Privacy Shield in the United States and the 95/46/CE Directive and GDPR on privacy and data protection and domestic implementation legislation in European countries.  We advise companies in the technology, financial services, telecommunications, consumer products, e-commerce, media, professional services, and healthcare sectors, and help clients develop risk management and privacy and data use policies in compliance with state, national, and international regulatory legislation.  Our attorneys conduct privacy and data security due diligence on M&A transactions, including those with cross-border components, negotiate technology license agreements, and assist with cybersecurity audits, cyber-insurance evaluations, and employee security training.

Our group includes attorneys who have achieved designation as Certified Information Privacy Professionals, including in both the U.S. and the E.U., and as a Certified Information Privacy Technologist by the International Association of Privacy Professionals as well as those with advanced degrees in computer information science and engineering.  Our attorneys are tech-savvy and have an extensive understanding of privacy and data use legislation on a global scale.  They are experienced in guiding clients through data breaches and any resulting litigation and internal investigations, helping them mitigate loss and unfavorable public opinion.

Key Contacts

All Attorneys

Compliance in the Course of Day-to-Day Business

Regularly draft and review policies and company-wide programs to ensure security and privacy compliance and online privacy policies.

Advise international groups in the U.S. and E.U. in relation to the implementation of Binding Corporate Rules.

Regularly advise companies on compliance with U.S./E.U. international data transfers.

Regularly advise companies on policies and procedures for compliance with HIPAA, privacy and security, and breach notification requirements.

Read More

Data Breach Response and Management

Regularly manage data breach response and counseling for financial services software company.

Advise e-payment services provider in the E.U. in relation to data breach investigations and enquiries by credit/debit card payment networks.

Advised client on data breach issue relating to disclosure of personally identifiable information.

Represented life sciences service provider on remediation measures following a data breach.

Compliance in the Context of Litigations and Investigations

Regularly represent U.S., French, and international corporations in analyzing and resolving data privacy and security issues related to review and production of sensitive personal and corporate information in the context of cross-border internal and regulatory investigations.

Advised on compliance with data privacy laws in connection with the processing and transfer of Finnish company documents for use in U.S. litigation.

C&G welcomes the attorneys who joined the firm in 2017.

"We’re very fortunate to have added these exceptional lawyers in New York and Paris," said Managing Partner, Lawrence T Gresser.  "We look forward to continuing to build our transactional and disputes practices in all of our offices in 2018."

Christian R Everdell spoke about cryptocurrencies, blockchain, ICO enforcement actions, and government-backed and private stablecoins as a guest lecturer at Harvard Law School's Computer Crime Law class.
Lawrence T Gresser led a discussion, titled “Looking Forward,” at the Cambridge Forum on English-American Litigation addressing the growth of litigation funding, expected trends in the business of law, and developments in privacy litigation in the U.S. and UK. Larry serves as the Co-Chair of the 2019 Steering Committee.
A privacy law presentation at the In-House Counsel Forum of Korea.  This seminar will describe sources of privacy law in the United States and the European Union.  It will also illustrate how these jurisdictions approach privacy law, how it is enforced, and why it is enforced differently.  Lastly, recent privacy litigation in Europe and the United States will be discussed.