In the 21st century, information is a mission-critical asset for companies. The ability to navigate the increasingly complex web of state, national and international laws, regulations and court decisions dictating how you can use and protect that information, as well as respond to breaches, is a mission-critical function. Willkie’s cybersecurity and privacy attorneys have both the substantive knowledge and practical experience to help clients manage these legal risks and achieve their business goals. In 2017, the group was named to BTI’s “Cybersecurity Honor Roll,” and noted as a “strong cybersecurity performer.”
Willkie’s international cybersecurity and privacy team has represented a wide range of U.S. and multinational clients. Our multidisciplinary practice includes attorneys with in-depth experience in all aspects of cybersecurity and privacy law, as well as extensive experience in complementary areas, including technology and communications, securities regulation and enforcement, intellectual property, mergers and acquisitions, complex litigation, antitrust and competition, insurance and consumer protection regulations.
Our close collaboration across offices and legal disciplines enables us to provide clients with comprehensive, practical advice. Our attorneys have extensive international privacy and data security experience through our work with data protection laws and authorities in more than 60 countries.
We provide practical guidance to companies that rely on data and information as part of their day-to-day businesses, and counsel on all aspects of cyber risk, including:
- Compliance counseling, risk assessment and mitigation
- Corporate governance and SEC issues
- Global incident planning, response and investigations
- Cybersecurity insurance assessment and counseling
- Assessment of privacy and cybersecurity issues in M&A transactions
- Representation of clients before U.S. federal agencies (including the FTC, SEC, FCC and DOJ) and international data protection authorities regarding cybersecurity and privacy policy development, investigations and other proceedings
- Private litigation (data breach, insurance)
Our Clients
In all industries, data security and privacy are essential elements of corporate risk management for companies. We help develop comprehensive compliance plans designed to allow clients to achieve their business goals. Our cybersecurity and privacy attorneys have a long and successful history representing a diverse set of clients, including financial institutions, cable operators, telecommunications providers, mutual funds and hedge funds, information services providers, software developers, hardware manufacturers, video programming networks and other media organizations, accounting firms, publishers, retailers, insurance companies and industry trade associations.
Our Knowledge
Our attorneys have substantive experience advising clients on numerous U.S. federal statutes covering privacy and cybersecurity issues, including:
- Children’s Online Privacy Protection Act (COPPA)
- Communications Act (including cable privacy and telecommunications privacy provisions in Sections 222 and 631)
- Communications Assistance for Law Enforcement Act (CALEA)
- Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
- Electronic Communications Privacy Act (ECPA) (including wiretapping and Stored Communications Act (SCA) issues)
- Fair and Accurate Credit Transactions (FACT) Act
- Fair Credit Reporting Act (FCRA)
- Foreign Intelligence Surveillance Act (FISA)
- Gramm-Leach-Bliley (GLB) Financial Services Modernization Act
- Health Insurance Portability and Accountability Act (HIPAA)
- Right to Financial Privacy Act (RFPA)
- SEC Regulations S-P and S-ID
- Sarbanes-Oxley (SOX) Act
- Telephone Consumer Protection Act (TCPA)
- USA PATRIOT Act
Our cybersecurity and privacy attorneys also have experience in analyzing and advising on state and federal laws regarding data breach notification, as well as state laws regarding information security, identity theft and related issues. We closely monitor proposed and newly enacted state and federal privacy legislation to determine any potential impact on our clients.
Our attorneys also have deep knowledge of cybersecurity and privacy laws outside the U.S. and laws governing international data transfers, including:
- EU General Data Protection Regulation
- EU Privacy Directive
- EU-U.S. Privacy Shield
- UK Data Protection Act
- Canada’s Personal Information Protection and Electronic Documents Act