Data Privacy & Cybersecurity

Whether your organization faces uncertainty from complex state and federal privacy and cybersecurity requirements, or you need preventative guidance to ensure your company’s data remains confidential, Dickinson Wright offers full-spectrum services to identify, address, and respond to statutory, regulatory, contractual, and best-practice information privacy obligations. We can help identify and anticipate risks and obligations, design and implement form-fitting and customized plans and policies, proactively develop and implement data incident response procedures, and advise on how to respond when you suspect a data incident or breach.

Our data privacy and cybersecurity team shares backgrounds in techno-legal issues, digital forensics, cybercrime investigations, healthcare law, employment law, government and regulatory investigations, and litigation. We draw on that framework to help our clients understand the intersection of laws and technology, identify threat vectors, and implement policies to satisfy best-practice standards, minimize the risk of cybersecurity events, and respond quickly to any incidents that may arise.

Your data privacy and cybersecurity needs don’t stop at the border, and neither does our experience. With offices across the U.S. and in Canada, our team works seamlessly together to ensure compliance with data transfers, merger and acquisition transactions, and other cross-border privacy matters.

Our Services

Data Breach Prevention and Remediation: Despite best practices, data security incidents still occur. Risks can be minimized with proper policies, training, and safeguards designed to meet an organization’s unique needs and circumstances. Our attorneys evaluate clients’ specific obligations to develop proactive procedures designed to protect the confidentiality, integrity, and accessibility of your data and to implement strategic response plans to identify, evaluate, and respond to data security incidents. Working closely with you, we respond to a number of issues including:

Data Collection, Storage, and Use	Network Intrusions
Data Exfiltration	Ransomware Attacks
Identity Theft	Reporting Obligation
Improper System Access	State Breach Notification Laws

Regulatory Compliance: Federal and state privacy laws affect nearly everyone who controls or possesses personal data. Understanding these laws and regulations can be complicated, and failing to comply with them can carry stiff penalties. Dickinson Wright’s data privacy and cybersecurity team helps clients understand and comply with laws addressing the security of personal information, protected health information, and confidential information. Our attorneys regularly counsel clients on their risks and obligations under laws relevant to their data, and we offer strategic guidance on the many issues associated with the privacy and security of your data.

General Data Protection Regulation (GDPR) Compliance: Effective May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) officially replaced the EU’s former Data Protection Directive. The Regulation applies to all organizations located within the EU as well as those outside the EU that have employees or workers in the EU, that offer goods or services to EU residents, or that monitor the behavior of EU residents. Any company that processes and holds the personal data of subjects residing in the EU, regardless of the company’s location, must be GDPR compliant. Companies falling under GDPR obligations should be aware of the consent obligations affecting their collection of personal information, the retentions obligations surrounding that data, new obligations relating to data breaches involving GDPR-covered personal information, and numerous other new obligations that could lead to hefty fines and penalties if they are not appropriately followed. Our attorneys can help you update your policies and ensure your activities are GDPR compliant.

Governmental Investigations: Even organizations not suspected of criminal wrongdoing can still find themselves the target of a search warrant, subpoena, or court order mandating the disclosure of sensitive and confidential information. We help clients respond to government requests for confidential or proprietary information while protecting the client and preserving their business continuity. Our team of former state and federal law enforcement personnel, prosecuting attorneys, and other government attorneys provide valuable perspectives when counseling clients through responses and when intervening on a client’s behalf to interact with government agents.

Litigation: Dickinson Wright’s seasoned team of litigators bring extensive courtroom experience to protect clients’ rights, enforce obligations owed to our clients, and help clients meet their legal goals in an efficient and straightforward manner. We represent clients in regulatory actions, defend clients against individual or class action lawsuits, and ensure data security obligations are enforced.

To learn more about Dickinson Wright’s Data Privacy & Cybersecurity practice, please check out the firm’s Data Privacy & Cybersecurity Practice Guide.