Privacy, Cyber Risk & Data Security

Businesses face increasingly complex and difficult challenges associated with collecting, using, disclosing, and securing information and data systems. Security breaches and other cyber attacks are a constant risk and have attracted heightened regulatory scrutiny at the federal and state level in the U.S. and in countries around the globe. Buckley provides privacy, cyber risk, and data security legal counsel that not only safeguards the interests of clients, but also mitigates future risk.

Our attorneys are well-versed in the federal privacy and security laws, including the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), the Electronic Communications Privacy Act (ECPA), the Computer Fraud and Abuse Act (CFAA), and the CAN-SPAM Act, as well as the myriad of state laws and regulations on security breach notice, information security and cybersecurity. We navigate clients through related issues such as the USA Patriot Act and the Office of Foreign Assets Control (OFAC) requirements. We are attuned to the increasingly stringent European Union privacy and security requirements and those of other nations that have followed the European model and we advise clients on cross-border information sharing requirements, including issues in criminal and civil investigations.

Our attorneys perform gap analyses and risk assessments, design comprehensive privacy and security policy sets, craft privacy notices, and advise on the structure of privacy and security programs employee education and training materials. We are involved in devising solutions to permissibly share information within and outside an enterprise. Our team drafts and revises agreements with third parties to ensure compliance with regulatory requirements, as well as shields our clients from the pitfalls associated with information sharing and use. We analyze the privacy and security risks for mergers, acquisitions, spin-offs, and restructurings.

We work with our clients on incident response plans and investigations, including customer service and media strategies. Our team negotiates with law enforcement agencies and regulators, and draft breach notice letters and customer service center call scripts. We have deep experience in working with federal and state regulators and attorneys general on inquiries, examinations and enforcement actions involving privacy and security issues and our practice includes a former state attorney general. Our litigators defend globally individuals charged with data privacy violations.

Noteworthy matters include:

• Advising many companies in investigating, addressing, and meeting compliance obligations relating to security incidents and breaches. Incidents have ranged from local to global in nature, from targeted attacks to widespread incidents impacting millions, and from inadvertent disclosure to hacking
   
• Working with clients in responding to civil investigative demands from federal financial regulators involving privacy and information security practices, particularly for companies in the fintech space
   
• Assisting nonfinancial companies in sectors such as telecommunications, energy and technology in offering financial products or services while meeting the regulatory requirements and business partner expectations