Data Privacy Defense and Response Team
Benesch understands that for many of our clients, business is done online. With the growth of the online marketplace comes a new and constantly unfolding web of best practices, regulations, and legislation meant to manage the privacy and cybersecurity risks associated with the collection, use, and disclosure of personal information. We have more computers, mobile applications, 24/7 connectivity, and evolving security threats than ever before, while being subject to more stringent legal requirements and security standards. Additionally, certain industries, such as health care, financial services, and e-commerce, have evolved such that data security and privacy have taken on extra significance. This complex, evolving landscape makes it more important than ever for clients to have access to experienced data security and data privacy professionals.
Why Benesch?
Benesch’s Data Privacy Defense and Response Team has the specialization, business acumen, and technical knowledge to help businesses navigate and respond to data privacy and cybersecurity compliance issues. With Benesch, you’ll have access to an interdisciplinary team of lawyers who focus on privacy, data protection, information security, internet and computer law, e-commerce, consumer protection, outsourcing, competitive intelligence, intellectual property, trade secrets, information management, and records retention—and who can quickly and efficiently respond to data incidents, including cybercrimes and network intrusions.
Benesch’s Data Privacy Defense and Response Team has you covered across every part of the data life cycle.
Benesch’s interdisciplinary team recognizes the importance of specialized representation when it comes to data incidents. For example, the Data Privacy Defense and Response Team specializes in helping clients respond to and recover from data incidents:
Our team regularly works with global, federal, and state data privacy and security rules and regulations, including the following:
- The EU General Data Protection Regulation (GDPR)
- The California Consumer Privacy Act (CCPA)
- The Federal Trade Commission Act
- The California Online Privacy Protection Act (CalOPPA) and Do-Not Track laws
- Blockchain & smart contracts
- BYOD policies
- The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
- The Children’s Online Privacy Protection Act (COPPA)
- The Fair Credit Reporting Act (FCRA)
- The Family Educational Rights and Privacy Act (FERPA)
- The Gramm–Leach–Bliley Act (GLBA)
- The Health Insurance Portability and Accountability Act (HIPAA)
- The FTC’s Telemarketing Sales Rule (TSR)
- The FTC’s Fair Information Practice Principles (FIPPs)
- The Telephone Consumer Protection Act (TCPA)
- The Video Privacy Protection Act
- The Defend Trade Secrets Act (DTSA)
- Various state laws, including workplace privacy statutes, antispam statutes, AG enforcement actions, and other privacy protection statutes
Experience
- Provided counsel to clients with respect to the E.U.-U.S. Privacy Shield framework.
- Negotiated on behalf of clients various privacy and data security contractual provisions into technology agreements.
- Drafted and reviewed various client Website Privacy Policies and Terms of Use.
- Conducted a company-wide Data Security and Privacy assessment for a transportation and logistics client.
- Advised clients regarding compliance with Payment Card Industry–Data Security Standards, HIPAA/HITECH/NIST privacy and security standards, ISO privacy and security standards, and the privacy and data security standards arising under state law (including Massachusetts, California, Utah, and Nevada).
- Advised clients in comprehensive compliance projects under the privacy and data security laws of the member nations of the European Union, Switzerland, and Canada.
- Advised clients regarding a 50-state data breach response and notification for a national Ohio-based financial institution with respect to breached credit card and other personal data.
- Represented several data analytics companies in connection with legal obligations involving data collection and aggregation, data storage, data transmissions, and the ownership, transferability and monetization of data.
