Privacy and Data Security
Areas Of Focus
In 1890, Samuel Warren and Louis Brandeis, the founders of our firm, published “The Right to Privacy” in the Harvard Law Review. The article is credited with creating the doctrine of privacy law and has been hailed as one of the most influential law review articles ever.
Nutter is proud of its place in the history of privacy law and remains at the forefront of privacy and security law. We have a premier practice in Privacy and Data Security, providing counsel, regulatory advice, and litigation services to businesses and institutions. We work closely with our clients, immersing ourselves in their business so that we can provide the best possible value and strategic guidance. This approach allows our clients to stay focused on core business activities, minimize potential risks, and respond effectively to security incidents. Our attorneys have an exceptional track record in a broad range of privacy and data security matters ranging from compliance with HIPAA, GDPR, and banking regulations to preparation for and responses to data breaches.
Cyber Incident Response and Data Breaches
Cyberattacks and other types of data breaches are becoming increasingly common and can be devastating for businesses. They present a minefield of technical, legal, and public relations challenges. We have extensive experience in investigating network intrusions, hacking, cyber extortion, and other types of data breaches. We help clients coordinate with regulatory authorities, meet public disclosure requirements, evaluate remedial measures, and defend against civil litigation or government enforcement actions.
Cyber Security Assessments and Incident Response Planning
Our experience in advising clients in the wake of cyberattacks gives us key insights in advising clients on how to mitigate cyber risks. Our team is skilled in its ability to understand our client’s unique business needs and to work with their IT and security professionals to assess their legal obligations and help guide their decision-making in assessing, seeking to prevent, and preparing for cyberattacks. We specializes in working with cyber security vendors, digital forensic experts, and penetration testers to help draft and test defensible security plans.
In the wake of data breaches, regulators, litigants, and shareholders are more and more asking, “Where was the Board of Directors?” Few Boards of Directors have the skills or experience necessary to provide the necessary oversight for cyber risk issues. Our team is uniquely positioned to advise Boards of Directors on how to structure cyber security governance and how to fulfill their cyber security oversight obligations.
Though headlines tend to focus our attention on data breaches caused by outside hackers, the majority of data breaches and intellectual property thefts are actually caused by insiders – employees, contractors, or customers who abuse their legitimate access to sensitive data. Our team is skilled in helping clients prepare for, investigate, and respond to insider incidents.
Privacy Compliance Counseling
Privacy regulations in the US, Europe, and beyond are rapidly changing. Our team is expert in advising companies dealing with privacy laws, including HIPAA, data breach notification statutes, and the European Union’s GPDR. We are skilled at asking the right questions, mapping and understanding the flow of sensitive data through an organization, spotting compliance issues, and drafting policies and recommended practices to safeguard data. We help clients develop training programs and website privacy policies, and represent clients when they face issues involving global compliance, cross-border data transfers, and compliance audits.
Digital Data and Litigation
Litigation today inevitably raises complicated issues relating to digital data. In addition to the now routine issues around electronic discovery, litigants grapple with problems concerning, for example, rights to data stored in other countries, data in the cloud, or data accessed by third parties. This, in turn, can create extremely complicated conflicts of laws, pitting one country’s data protection regime against another country’s discovery requirements. Our deep knowledge of the relevant technical issues, combined with our legal skills, allow us to help clients navigating issues such as these at the intersection of law and technology.
Our team stays abreast of the latest developments in the industry by participating in organizations such as the International Association of Privacy Professionals (“IAPP”). Our Privacy and Data Security team includes a Certified Information Privacy Professional (“CIPP”), the preeminent credential in the field. We have the knowledge and experience to help businesses understand and comply with the evolving laws and standards that regulate the collection, use, sharing, and protection of personal data.
The interdisciplinary nature of our team—comprised of transactional and litigation attorneys—makes Nutter adept at counseling clients across a broad range of industries on compliance with, and defending against, alleged violations of privacy and data security laws.
View Practice Team
News & Insights
- Leading Cybersecurity/Privacy and White Collar Defense Authority Seth P. Berman Joins Nutter as Partner09.06.2017
- Pat Concannon Serves as Contributing Author on Highly Regarded Data Security Book, Reports Mass Lawyers Weekly07.14.2016
- Nutter Partner Patrick Concannon Authors “Congressional Response to the Internet” Chapter for MCLE Data Security and Privacy Book11.20.2015
- Seth Berman Presents ‘Hacking City Hall’ at the Massachusetts Interlocal Insurance Agency Spring Conference04.03.2018
- Seth Berman Presents Cybersecurity Workshop at the Massachusetts Municipal Association’s Annual MeetingHynes Convention Center, 01.19.2018
- Ian Roffman, Jonathan Kotlier, and Seth Berman to Present at the Boston Bar Association’s Inaugural White Collar Crime ConferenceSeaport World Trade Center, 01.18.2018
- Seth Berman to Present on The Intersection of HR and Cybersecurity: How to Mitigate Threats from Within at Labor, Employment and Benefits Breakfast BriefingNutter, 12.13.2017
- Ron Cahill and Pat Concannon Present on Protecting Trade Secrets and Employee / Customer Data from Data Breaches11.15.2016
- 04.05.2018 | Legal Advisory
- 04.03.2018 | Article
- 02.20.2018 | Article
- 01.29.2018 | Article
- How Community Banks Can Overcome Cybersecurity Paralysis: Insights from Nutter’s Tom Curry and Seth Berman01.25.2018 | Legal Update
- 01.09.2018 | Legal Advisory
- 12.19.2017 | Article
- 12.19.2017 | Legal Advisory
- The Intersection of Human Resources and Cybersecurity: How to Mitigate Threats from Within: Insights from Nutter’s Seth Berman12.12.2017 | Legal Update
- 11.01.2017 | Legal Update
- Wire Fraud Scams and Corporate Email Attacks: Beware of Tricks, Not Treats, During Cyber Security Awareness Month10.11.2017 | Legal Update
- 09.27.2017 | Legal Advisory
- 09.12.2017 | Article
- Equifax Breach is a Category 5 Incident Affecting You – Our Recommendations on How to Safeguard Your Data09.11.2017 | Legal Advisory
- Writing for ABI Journal, John Loughnane Analyzes Mediating Cybersecurity Disputes in Distressed SituationsJuly 2017 | Article
- Writing for Law360, John Loughnane Outlines Lessons for Lenders and IP Licensees from Sixth Circuit Ruling01.25.2016 | Article
- 04.05.2018 | Legal Advisory
- 04.03.2018 | Article