Each year, cyberattacks and data breaches multiply.

The average breach of business data costs about $5.9 million. More than a third of cyberattacks target small entities—60 percent of which go out of business within six months following an attack. Many cyber hackers target companies in the financial services, manufacturing, multi-level marketing, and technology sectors. Clients seeking to capitalize on innovative business opportunities using digital technologies face significant risks.

Our multidisciplinary team provides practical legal risk management and compliance guidance relating to the challenges of using both established and emerging technologies with regulated and sensitive data. We combine comprehensive knowledge of the most recent developments in the rapidly expanding area of data privacy and cybersecurity law with pragmatic understanding of how information technology actually works within a company or organization, both in the United States and abroad. We have helped organizations from emerging start-ups to established Fortune 100 companies resolve more than 250 data breach incidents. And, if litigation or enforcement actions result from a breach, we provide experienced, vigorous defense.

show more

Cybersecurity and Privacy Client Results

  • We advise a number of US-based clients on their EU data protection law compliance obligations. Recent examples of advice have included:

    • Mechanisms for cross-border data transfer of personal data from the EU to the US, including Privacy Shield self-certification
    • Model contract clauses and consent
    • Review of online privacy policies to ensure compliance with the laws of multiple jurisdictions
    • Reviews of third-party practices regarding onward data transfer
    • Advice regarding the legality of employee monitoring in the EU
  • Our team develops privacy programs and strategies that address:

    • Collection, use, and processing of personal information of patients, customers, vendors, and business partners
    • Drafting policies, operating procedures, and processes that address the use of personal information
    • Preparing training materials for seminars on social media, communications, and privacy issues
    • Drafting templates and schedules that address data security and personal information for use with vendors and service providers
    • Providing ongoing counseling on domestic and international privacy matters
  • We have served as a data breach first-responder to a computer network intrusion in-process at Software-As-A-Service (SAAS) providers, health care clinics, and e-commerce companies. Our attorneys immediately execute an incident response protocol and launch a privileged incident investigation. We then interface with technical responders, general counsel, and executives through the incident containment and remediation phases.

  • We provide guidance and regulatory review of clients’ data collection and processing functions and advise on privacy strategy both within the US and EU, including the potential impact of proposed US “do not track” legislation and changes to EU laws arising out of the EU Cookie Directive.

  • Conduct risk assessments and regulatory gap assessments, on behalf of Boards of Directors and executives, seeking transparency and accountability for data protection practices and risk posture.

  • Provide guidance and regulatory review of promotional and marketing campaigns involving social media, digital, and Internet programs directed to consumers; advise on consumer protection issues and evolving national privacy regulations and best practices; and draft agreements with service providers including interactive advertising agencies, app developers and promotions companies.

  • Advise on data protection issues arising in connection with international multimedia promotions for film properties, including strategic counseling on international compliance with online data collection requirements, with particular focus on social media campaigns and websites targeted at children.

  • Comprehensive support for multichannel retailers operating in multiple states in connection with retail stores, catalog sales and online merchandising. Counseling includes:

    • Consumer protection and privacy issues
    • Implementation of consumer loyalty programs
    • Customer acquisition and business intelligence components
    • Promotional and marketing programs such as sweepstakes, product reviews, coupons, and gift cards

Cybersecurity and Privacy Publications

Experienced and Certified: International Association of Privacy Professionals

Craig Stewart - CIPP/US Certification from IAPP

250+ Data Breach Incidents: Resolved

Holland & Hart has helped organizations from emerging start-ups to established Fortune 100 companies resolve more than 250 data breach incidents

BTI's Best at Cybersecurity 2017

Recognized as a “strong cybersecurity performer” by Corporate Counsel

Widget Image

Unless you are a current client of Holland & Hart LLP, please do not send any confidential information by email. If you are not a current client and send an email to an individual at Holland & Hart LLP, you acknowledge that we have no obligation to maintain the confidentiality of any information you submit to us, unless we have already agreed to represent you or we later agree to do so. Thus, we may represent a party adverse to you, even if the information you submit to us could be used against you in a matter, and even if you submitted it in a good faith effort to retain us.