Benesch's 3iP Practice

Innovations, Information Technology & Intellectual Property

Benesch’s 3iP Practice Group has more than 25 attorneys, patent agents, and paralegals, many of whom are former scientists or engineers. Several of our attorneys are members of the International Association of Privacy Professionals (IAPP) who have achieved CIPP  certifications.

We regularly assist a range of clients, from large, publicly traded companies to privately held middle market companies, in their global data security privacy compliance efforts, breach response and mitigation actions, and related issues. We also regularly handle complex transactions involving all manner of U.S. and foreign data privacy compliance.

We are unique in that we are a large general practice law firm with a full data security and privacy compliance and  litigation practice. We provide strategic advice and assist our clients to develop strategies to protect, enforce, and commercialize data, IP assets and rights, and, if necessary, litigate data breach and IP disputes across the country.

We do extensive data security compliance work, helping our clients comply with a variety of federal, state, local, and foreign laws, rules, and regulations in the U.S., Canada, and the EU/EEA, including:

• Blockchain & smart contracts
• BYOD policies
• The California Consumer Privacy Act (CCPA)
• The California Online Privacy Protection Act (CalOPPA) and Do-Not Track laws
• The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
• The Children’s Online Privacy Protection Act (COPPA)
• The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
• The Defend Trade Secrets Act (DTSA)
• The EU General Data Protection Regulation (GDPR)
• The Fair Credit Reporting Act (FCRA)
• The Family Educational Rights and Privacy Act (FERPA)
• The Federal Trade Commission Act
• The Gramm-Leach-Bliley Act (GLBA)
• The Health Insurance Portability and Accountability Act (HIPAA and HITECH)
• The FTC’s Telemarketing Sales Rule (TSR)
• The FTC’s Fair Information Practice Principles (FIPPs)
• The Telephone Consumer Protection Act (TCPA)
• The Video Privacy Protection Act
• Various state laws, including workplace privacy statutes, antispam statutes, AG enforcement actions, and other privacy protection statutes

We also assist our clients in applying best practices for complying with the vast array of data security and privacy technical standards and guidelines, including PCI-DSS, AICPA SOC 1 and SOC 2, SSAE 16 and SSAE 18, ISO 27001, ITIL, COBIT, and NIST standards, as well as with data classification, breach response, and mitigation, and in creating and implementing applicable policies/procedures.

Service Examples:

• CCPA and other state law based compliance for a variety of clients located within the U.S. that do business in California and other states with robust data security and privacy laws, rules and regulations.
• EU GDPR compliance for a host of clients, including two publicly traded manufacturing companies located in the U.S. with substantial EU operations and customer bases.
• All of the data privacy and security due diligence and transactional issues in connection with corporate transactions (acquisitions and divestitures) of data-centric companies for two publicly held U.S. financial services companies.
• Data breach response and mitigation for a publicly held U.S.-based steel fabrication company.
• Gramm-Leach-Bliley compliance for the financing subsidiary of a global U.S.-based polymer company.
• Document-retention compliance for a major U.S.-based transportation and logistics company.
• IP and technology issues for a U.S.-based vendor of smart-grid technology, including in connection with its acquisition by a major strategic acquirer.
• Privacy and security compliance for a global U.S.-based consumer products manufacturer.

Benesch's Healthcare+ Practice

Updates to HIPAA have rippled throughout the healthcare industry to now directly regulate vendors and other service providers to the healthcare industry (“business associates”), along with hospitals, health plans, doctor’s offices, and others within the industry, who must take special care in managing information about patients and their care. One of the most noticeable trends in the industry is the movement to electronic medical records and use of electronic tools to manage care.

Benesch understands the technology and regulations shaping the healthcare landscape. Our team members offer diverse perspectives, specialized knowledge, and experience that provide an insider’s viewpoint and deep understanding to each engagement.

Service Examples:

• Business associate agreements
• Technology vendor selection and implementation
• Privacy policies and data security systems
• Data management, sharing, and disclosure
• Experience serving physician organizations, health systems, long-term care and senior living facilities, behavioral health providers, diagnostic imaging enterprises, durable medical equipment manufacturers and suppliers, pharmaceutical retailers, wholesalers, distributors and manufacturers, and more.

Benesch's Labor & Employment Practice

Employers face major regulatory challenges from HIPAA, the Fair Credit Reporting Act (FCRA), the Americans with Disabilities Act (ADA), and others. Management of the resulting data is critical, which has put a premium on the increased use of technology for data storage, sharing and security.

In today’s workplaces, it is important to have a partner who helps ensure the proper processes, policies and tools are in place to protect the sensitive information that belongs to your business, your employees, and your customers.

Benesch has experience providing training to privacy officers to maintain compliance with data security regulations, and we work with companies to prevent data loss or to help mitigate a data breach. In addition, the team is able to offer pragmatic advice on how to reduce the risk of employee data theft. An expansion of HIPAA has created compliance needs for companies doing business with entities in the healthcare industry. Additionally, more companies are moving to self-funded health plans, which require data security and compliance on par with what is expected of traditional health insurers.

Service Examples:

• Noncompete agreements and trade secret rights
• Employer policies on Internet use, email, mobile devices, voicemail, and social media
• Counsel for HIPAA, FCRA, and ADA compliance
• Security measures for third-party providers
• Employee privacy issues, including searches of employee property and drug and alcohol testing
• Employee nondisclosure obligations for confidential and proprietary information
• Securing, maintaining, and enforcing cyber insurance policies
• Negotiation of new system implementations with European work councils

Benesch's Data Privacy Defense and Response Team

Our Data Privacy Defense and Response Team combines our vast experience in the litigation of commercial disputes with our experience in data security and privacy law to create a focused litigation defense capability in the data security and privacy area.  Our Data Privacy Defense and Response Team is national in nature with the capability of handling complex litigation arising from governmental enforcement actions, private actions, and class actions in courts across the United States under the new and growing body of data security law that is emerging within the United States.  Working closely with our 3iP, Healthcare, and Labor and Employment teams, our Data Privacy Defense and Response Team ensures that clients have sophisticated counsel in connection with disputes that arise in this burgeoning and risk-laden area. 

Working together, our team provides insightful counsel and deep experience in how to protect your business.  

Assessing Enterprise Risk

Finding areas where your business is at risk is the first step to protecting it. We have developed standard methodologies and tools to perform comprehensive gap analyses and assess the risk of noncompliance based on the major U.S. and global cybersecurity and data privacy requirements. We take a holistic approach, working with leading cybersecurity and data privacy technology consultants to assess not only legal risk but also technical risk. We have years of experience reviewing our clients’ risk management plans, including their cybersecurity and data privacy insurance coverages. We also counsel boards of directors, given their increasing role in monitoring and effectively mitigating enterprise cybersecurity and data privacy risk.

Developing and Implementing Compliance Programs

We have extensive experience developing compliance programs related to cybersecurity and data privacy, including the essential element of employee education. We work with security experts to identify security vulnerabilities, and help our clients prepare, adopt, and implement response plans. If a potential privacy or security breach occurs, we routinely assist in assessing the situation and determining the appropriate response.

Managing Breach Response and Defending Cyber Liability Claims

Because rapid response is essential if a cybercrime, network intrusion, or other data incident occurs, our 24/7/365 Data Breach Hotline instantly connects our clients to an experienced attorney on the team. We work closely with other trusted professional service providers to assist them in handling incident response, crisis management, and breach mitigation.

Our 3iP practice, Data Privacy Defense and Response Team, and white-collar defense and corporate investigations practice work together to both defend and assist our clients to pursue and enforce their rights, working closely with law enforcement agencies as warranted when a cybersecurity or data privacy event occurs.

Incorporating Cybersecurity and Data Privacy into Transactions

Unlike most general practice firms, our data security and privacy practice is fully integrated into our IP and technology transactions practices. As a result, we bring extensive experience in how to incorporate cybersecurity and data privacy into every transaction. Our team works on the most sophisticated, high-value technology and M&A deals and has helped companies in a variety of industries (manufacturing, IT, financial services, medical devices, health services, and more) in connection with their most significant “bet the company” technology transactions. We have prepared and negotiated hundreds of license agreements, and an extensive array of privacy policies and records retention policies across a variety of industries. We have helped clients close over $1 billion in deal value of data-centric M&A deals in the last several years.

Reviewing & Negotiating Third-Party Contracts

We regularly review and negotiate third-party IP vendor and outsourcing contracts to assure adequate protections for confidential and proprietary information. We have handled these matters opposite some of the largest and most well-known third-party vendors in the world, including numerous engagements representing corporate clients in transactions with the leading IP vendor outsourcing vendors, including IBM, SAP, Oracle, Salesforce.com, Accenture, Deloitte Consulting, PwC, KPMG, Tata Consultancy, Wipro, Cognizant, Verizon, Amazon Web Services, Microsoft Azure, and many other national and international vendors. All of these  involve complex data-centric transactions, including business process outsourcing (SaaS, IaaS, PaaS), and include comprehensive confidentiality, data security, and privacy provisions for both on-shore and off-shore outsourcing deals.

Advising On Data Localization Requirements and Cybersecurity Best Practices

We actively assist our clients on data localization matters and requirements, particularly within the U.S., Mexico, Central and South America, Europe, and Asia, and in terms of cybersecurity best practices. We regularly provide guidance on best practices and compliance requirements in connection with the collection, storage, and transmission of personal data and cross-border data transmissions.