Privacy and Data Security
Overview
In 1890, Samuel Warren and Louis Brandeis, the founders of our firm, published “The Right to Privacy” in the Harvard Law Review. The article is credited with creating the doctrine of privacy law and has been hailed as one of the most influential law review articles ever. Nutter is proud of its place in the history of privacy law and remains at the forefront of this cutting-edge area.
What We Do
We work closely with our clients, immersing ourselves in their business so that we can provide the best possible value and strategic guidance. This approach allows our clients to stay focused on core business activities, minimize potential risks, and respond effectively to data security incidents. Our attorneys have an exceptional track record in a broad array of privacy and data security matters, including regulatory compliance, preparation for and responses to data breaches, and the integration of artificial intelligence. In addition, we have worked extensively on these issues with clients in health care, banking, finance, and other heavily regulated industries.
Cyber Incident Response and Data Breaches
Cyberattacks and other types of data breaches are increasingly common and can be devastating for businesses. They present a minefield of technical, legal, and public relations challenges. We have extensive experience in investigating network intrusions, hacking, ransomware attacks, cyber extortion, and other types of data breaches. We help clients coordinate with regulatory authorities, meet public disclosure requirements, evaluate remedial measures, and defend against civil litigation or government enforcement actions.
Cybersecurity Assessments and Incident Response Planning
Our experience in advising clients in the wake of cyberattacks gives us key insights in advising clients on how to mitigate cyber risks. Our team is skilled in its ability to understand our client’s unique business needs and to work with their IT and security professionals to assess their legal obligations and help guide their decision-making in assessing, seeking to prevent, and preparing for cyberattacks. We specialize in working with cybersecurity vendors, digital forensic experts, and penetration testers to help draft and test defensible security plans.
Artificial Intelligence
Recent advancements in artificial intelligence (AI) offer new opportunities, but can also create complex issues for companies seeking to incorporate the technology. Our team advises clients in navigating legal challenges as they develop or implement AI tools. We frequently conduct risk assessments, provide guidance on AI governance, and draft AI agreements for clients to leverage the technology for their business operations. Our knowledge of rapidly changing legislation across the United States and beyond allows our team to accurately mitigate the regulatory and litigation risks of AI use for our clients.
Board Advisory
Boards have responsibilities to ensure that data is secure, privacy laws are followed, and AI is implemented responsibly. Few boards of directors have the skills or experience to provide the necessary oversight for these complicated issues. Our team is uniquely positioned to advise boards of directors on how to structure cybersecurity and AI governance and how to fulfill their cybersecurity and AI oversight obligations.
Privacy Compliance Counseling
Privacy regulations in the U.S., Europe, and all over the world are rapidly changing. Our team is expert in advising companies dealing with privacy laws and data breach notification statutes. We are skilled at asking the right questions, mapping and understanding the flow of sensitive data through an organization, spotting compliance issues, and drafting policies and recommended practices to safeguard data. We help clients develop training programs and website privacy policies, and represent clients when they face issues involving global compliance, cross-border data transfers, and compliance audits.
Insider Threats
Though headlines tend to focus our attention on data breaches caused by outside hackers, the majority of data breaches and intellectual property thefts are actually caused by insiders – employees, contractors, or customers who abuse their legitimate access to sensitive data. Our team is skilled in helping clients prepare for, investigate, and respond to insider incidents.
Our Team
Our interdisciplinary Privacy and Data Security team has years of experience providing counsel, regulatory advice, and litigation services to businesses and institutions.
We have the knowledge and experience to help businesses understand and comply with the evolving laws and standards that regulate the collection, use, sharing, and protection of personal data.
The interdisciplinary nature of our team—comprised of transactional and litigation attorneys—makes Nutter adept at counseling clients across a broad range of industries on compliance with, and defending against, alleged violations of privacy and data security laws.
Read More
View Practice Team
Representative Matters
Representative Matters
News & Insights
News
Events
Publications
Blog Posts
Related Industries
Related Areas
Experience
- Palisade Corporation
Represented Palisade Corporation, an Ithaca, New York-based provider of risk modeling and decision analysis software, in its recapitalization by Thompson Street Capital Partners (TSCP), a private equity firm based in St. Louis, MO.
- Medical Insurance Company
Advised medical insurance company dealing with a cyberattack impacting its customers’ Personal Identifying Information (PII) and Protected Health Information (PHI). Representation of this client included managing its response to the resulting United States Department of Health and Human Services (HHS) investigation and negotiating with numerous state Attorneys General regarding the incident.