Counseling & Compliance
Cooley's PDP lawyers assist clients with the assessment, revision and development of privacy and cybersecurity policies, compliance with regulatory and industry-specific issues, and legislative monitoring, assessment, and analysis. We also work with clients on cybersecurity audits and liability analysis, cyber insurance evaluation, and employee security training. For clients looking to protect their information assets, our PDP practice provides security process-hardening services to proactively mitigate the legal and business impact of security incidents. We have strong strategic relationships with third-party service providers that we can call on to provide an enhanced range of services to clients when appropriate. These relationships also equip our lawyers with the latest in threat-intelligence monitoring and deep-look, long-term strategic data protection forecasting, ensuring that our clients are well-positioned to protect against and prepare for potential breaches.
Our PDP lawyers provide tailored advice and guidance on addressing a key source of security and critical IP vulnerabilities: a company's dealings with suppliers, customers, and other business partners. Our lawyers have experience in performing transactional review and analysis, including contractual privacy and data protection assessment. We also perform due diligence during M&A and other transactions, negotiate technology license agreements, and provide support on other transactions, including those with cyber and cross-border components. We regularly advise clients on joint development agreements, supply-chain security, critical technology transfers to foreign outsourced contractors, and modernization of trade-secret protection programs.
Cooley PDP lawyers are well-versed in the regulatory and sector-specific issues touching the security concerns of our clients, particularly those in heavily regulated industries such as healthcare (e.g., HIPAA), financial services (e.g., GLBA, FCA), telecommunications, national security, and higher education (e.g., FERPA). We follow the latest trends in compliance, including revisions to the Payment Card Industry (PCI) security standards, the latest draft of the NIST Framework, and SEC reporting requirements. We frequently analyze client exposure related to the FTC and issues associated with consumer information. We offer clients guidance on regulatory actions and have represented companies in investigations and inquiries by the FTC, HHS, state Attorneys General, European Union Data Protection Authorities and UK financial regulators.
We offer a broad range of pre-litigation counseling, including evaluation of potential claims, assessment of liability risks, preparation and implementation of subpoena response policies, contract dispute evaluation and counseling, and advising on appropriate responses to regulatory activities. We work with each of our clients to provide practical, cost-effective counseling that is tailored to the client's specific legal and business objectives. While our PDP team includes skilled litigators who repeatedly win judgments in favor of our clients, we also recognize that sometimes avoiding litigation can be the most desirable outcome for a particular client in light of the client's particular interests and circumstances.
Incident Response and Data Breach Counseling
Cooley PDP lawyers have substantial experience leading both small and large incident response efforts and advising companies - including those in the online, retail, technology, and life sciences fields - that have experienced data breaches or other data security incidents. We also have developed an internal toolkit that further allows us to respond quickly and efficiently to data incidents on behalf of clients. The toolkit includes response roadmaps, notice templates for communicating with individuals and regulatory agencies in all 50 states, the UK and EU and client-specific statements of work under existing Cooley agreements with forensic, remediation, and crisis PR firms. For incidents that trigger regulatory investigations or class action litigation, we put together the right team with the appropriate experience to handle all aspects of the client's problem, and we take a collaborative approach to developing solutions in the most strategically sound, practical, and cost-effective manner.
Privacy & Data Protection Litigation
Cooley PDP litigators have handled a wide array of cases involving privacy and data security issues, including class actions and government investigations and enforcement actions. We have represented a broad range of companies whose innovative technologies and business models often raise novel legal issues in the area of privacy and data security and which, in some instances, challenge the fundamental definition of privacy in the age of information, interconnectedness, and social media. Our litigators have handled several of the leading cases dealing with these novel issues. We understand the importance of not only knowing and applying the law, but shaping it in a way that better enables our clients to develop and deploy value-maximizing business strategies. We work closely with our clients to obtain favorable resolutions as early and as efficiently as possible under the circumstances of each unique case, whether by obtaining dismissals, defeating class certification motions, negotiating favorable settlements, or litigating cases through trial and appeal.
- 50+ lawyers specializing in counseling and litigation involving wide array of privacy and data security issues in the context of e-commerce, online, mobile, and health technologies
- Team includes former Commissioner for the Commission on Cyber Security for the 44th Presidency, Certified Information System Security Professionals (CISSPs), and Certified Information Privacy Professionals (CIPPs)
- 24 x 7 incident response team
- Strong third-party strategic relationships that allow us to provide a full suite of privacy and data protection services in U.S., UK and EU
- Established relationships with crisis PR firms
- Packaged pricing options to drive efficiency and effectiveness
- In past few years, defended clients against more than 50 class actions around the country that asserted a variety of claims and theories under federal and state laws, often involving parallel engagement with government regulators
- Won 25+ motions to dismiss in privacy and data security class actions in past five years
- Frequent contributors on privacy and information security subjects at leading industry seminars and in local international media
- Named one of Law360's Practice Groups of the Year in 2015, 2014, 2013 and 2011
- Named the Privacy Litigation Department of the Year by The Recorder in 2015
- Ranked as a leading Privacy & Data Security practice by Chambers USA (2015 - 2016) and shortlisted for Privacy & Data Security Team of the Year (2015)
- Ranked as a leading Data Protection & Privacy practice (2012 – 2016) and a leading Cyber Law practice (2016) by The Legal 500 US
- Recognized by The Daily Journal as one of five "fresh and interesting practices" in 2011
- Team includes a five-time Law360 MVP in the category of Privacy (2011-2015) and a leader in Privacy & Data Security in the 2007 - 2016 editions of Chambers USA