Privacy and Data Security

As the online marketplace continues to grow, companies throughout the world are facing increasingly strict – and often inconsistent – regulations regarding the acquisition, use, and protection of personal information.

Our global privacy, data protection, and data security attorneys advise clients on a broad range of privacy and data protection matters, including developing and implementing privacy policies and procedures, privacy-related litigation, regulatory investigations, global compliance, cross-border data transfers, website terms and conditions, social media and other new information technologies, cybersecurity and network intrusion issues, and contractual matters involving privacy and security. We also counsel clients on compliance with regulations such as the TCPA, COPPA, HIPAA, GLBA, and Privacy Shield in the United States and the 95/46/CE Directive and GDPR on privacy and data protection and domestic implementation legislation in European countries.  We advise companies in the technology, financial services, telecommunications, consumer products, e-commerce, media, professional services, and healthcare sectors, and help clients develop risk management and privacy and data use policies in compliance with state, national, and international regulatory legislation.  Our attorneys conduct privacy and data security due diligence on M&A transactions, including those with cross-border components, negotiate technology license agreements, and assist with cybersecurity audits, cyber-insurance evaluations, and employee security training.

Our group includes attorneys who have achieved designation as Certified Information Privacy Professionals, including in both the U.S. and the E.U., and as a Certified Information Privacy Technologist by the International Association of Privacy Professionals as well as those with advanced degrees in computer information science and engineering.  Our attorneys are tech-savvy and have an extensive understanding of privacy and data use legislation on a global scale.  They are experienced in guiding clients through data breaches and any resulting litigation and internal investigations, helping them mitigate loss and unfavorable public opinion.

Key Contacts

All Attorneys

Compliance in the Course of Day-to-Day Business

Regularly draft and review policies and company-wide programs to ensure security and privacy compliance and online privacy policies.

Advise international groups in the U.S. and E.U. in relation to the implementation of Binding Corporate Rules.

Regularly advise companies on compliance with U.S./E.U. international data transfers.

Regularly advise companies on policies and procedures for compliance with HIPAA, privacy and security, and breach notification requirements.

Read More

Data Breach Response and Management

Regularly manage data breach response and counseling for financial services software company.

Advise e-payment services provider in the E.U. in relation to data breach investigations and enquiries by credit/debit card payment networks.

Advised client on data breach issue relating to disclosure of personally identifiable information.

Represented life sciences service provider on remediation measures following a data breach.

Compliance in the Context of Litigations and Investigations

Regularly represent U.S., French, and international corporations in analyzing and resolving data privacy and security issues related to review and production of sensitive personal and corporate information in the context of cross-border internal and regulatory investigations.

Advised on compliance with data privacy laws in connection with the processing and transfer of Finnish company documents for use in U.S. litigation.

Paris Partners Johannes Jonas, Muriel Goldberg-Darmon, Guillaume Seligmann, and Loïc Henriot were recognized in the 2021 edition of The Best Lawyers in France. Johannes was recognized for Corporate Law; Muriel for Financial Institutions and Regulatory Practice; Guillaume for Information Technology Law and Privacy and Data Security Law; and Loïc for Criminal Defense. Lawyers named to The Best Lawyers in France were recognized by their peers in the legal industry for their professional excellence in their respective practice areas.
C&G welcomes the attorneys who joined the firm in 2017. "We’re very fortunate to have added these exceptional lawyers in New York and Paris," said Managing Partner, Lawrence T Gresser.  "We look forward to continuing to build our transactional and disputes practices in all of our offices in 2018."

Anna Milleret-Godet spoke to L’Express about the wide-reaching effects of the General Data Protection Regulation (GDPR) in the EU.

Cohen & Gresser is pleased to announce the expansion of the firm's technology practice, as partner Guillaume Seligmann and associate Marie Gagey have joined our Paris office. Mr. Seligmann will head the firm's French technology, privacy, and data protection practice. He was previously a partner at Paris firm Cotty Vivant Marchisio & Lauzeral and has been recognized by The Legal 500 France and Chambers Europe.

Karen H Bromberg and Marvin J Lowenthal examine the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses that handle private data. With the SHIELD Act, New York joins the growing list of states that have adopted legislation to strengthen consumer privacy protections.

Karen H Bromberg discusses the increasingly prominent role of privacy and network security measures in decisions about potential strategic investments and acquisitions.

Christian R Everdell spoke about cryptocurrencies, blockchain, ICO enforcement actions, and government-backed and private stablecoins as a guest lecturer at Harvard Law School's Computer Crime Law class.
Lawrence T Gresser led a discussion, titled “Looking Forward,” at the Cambridge Forum on English-American Litigation addressing the growth of litigation funding, expected trends in the business of law, and developments in privacy litigation in the U.S. and UK. Larry serves as the Co-Chair of the 2019 Steering Committee.
A privacy law presentation at the In-House Counsel Forum of Korea.  This seminar will describe sources of privacy law in the United States and the European Union.  It will also illustrate how these jurisdictions approach privacy law, how it is enforced, and why it is enforced differently.  Lastly, recent privacy litigation in Europe and the United States will be discussed.