Privacy, Data & Cybersecurity

OVERVIEW

Information technology has become embedded in our lives and businesses. The resulting explosion of data has created opportunities and risks, so that responsible management of data, throughout the information lifecycle, is now critical.

Strasburger’s Privacy, Data and Cybersecurity team provides practical, forward-looking solutions that empower our clients to maximize and protect the value of their data in many industries, including financial services, technology, energy, food and beverage, manufacturing, retail, services, health care, and pharmaceuticals.

Our experience includes:

  • Privacy
  • Data Rights, Management and Value
  • Outsourcing, Development and Licensing
  • Cross Border Data Transfer
  • Due Diligence
  • Governance, Risk, and Compliance (GRC)
  • Data Security Assessments and Cybersecurity
  • Breach Investigations and Incident Response
  • “Cyber Torts” and Fraud
  • Litigation, Class Action Defense and Extraordinary Remedies
  • Financial Technology
  • E-discovery

To learn more about Strasburger’s Privacy, Data and Cybersecurity, please contact either of our co-chairs, Charles Hosch or Kathryne Morris.

PRIVACY
Strasburger advises clients on a broad range of U.S. and global privacy issues, including existing and emerging privacy laws and regulations and their impact on our clients’ businesses. Whether advising on compliance, preparing privacy policies and procedures, documenting full-enterprise data migrations to the Cloud, or handling cross-border data transfers, we help clients assess and negotiate contractual risk and understand the actual risk associated with their data.

This may include helping clients building privacy into their architecture and operations, or simply spot-checking particular issues related to website privacy policies, workplace privacy, financial privacy, medical privacy, educational privacy or others. We operate in many industries, online and across mobile devices and networks, and including Texas Public Information Act compliance.

DATA RIGHTS, MANAGEMENT & VALUE
Straburger helps clients search out, protect and optimize profitable uses of their data. Data can help calculate risk, filter risk, and ultimately support the difference between leveraging a strategic risk and taking a foolish one. We advise clients on handling, using, and protecting data, including issues related to data harvesting and analytics, access controls, rights management systems, and protection of trade secrets and confidential and proprietary business information, under Restatement regimes, state Uniform Trade Secrets Acts, and the federal Defend Trade Secrets Act.

OUTSOURCING, DEVELOPMENT & LICENSING
Whether migrating to the Cloud, outsourcing data technology services, creating technology-development agreements, or drafting and negotiating technology licenses, Strasburger collaborates with our clients to plan development wisely, to manage the risks posed by vendors and supply chains, and to maximize the value of our clients’ decisions to outsource.

CROSS-BORDER DATA TRANSFER
Strasburger provides legal advice for companies collecting, storing, processing and transferring data between their offices to the Cloud around the globe, including the new General Data Protection Regulation (GDPR) regulations in the European Economic Area and regulations in Asia.

DUE DILIGENCE
Strasburger understands business risk and the additional impact of regulatory scrutiny, and lead data-related due diligence in business transactions. Privacy and security policies should be continually updated and conscientiously followed. In mergers, acquiring companies should evaluate the security controls of target companies. We encourage adequate due diligence, and counsel our clients to confirm that their vendors, supply chain, and counter-parties maintain appropriate controls.

GOVERNANCE, RISK & COMPLIANCE (GRC)
Strasburger provides advice and guidance on GRC matters, including compliance with the Federal Trade Commission Act (FTC Act), the Electronic Communications Privacy Act (ECPA), the Child Online Privacy and Protection Act (COPPA), the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM-Act), the Health Insurance Portability and Accountability Act (HIPAA), and the European General Data Protection Regulation (GDPR) among many others.

DATA SECURITY ASSESMENTS & CYBERSECURITY
For many years, Strasburger has been deeply involved in third-party assessments and corrective-action plans across many frameworks including HITRUST, SOC 2, PCI-DSS, and others. We understand the nature of today’s threat environment and the difference between mere “compliance” and an active, dynamic, threat-informed approach.

BREACH INVESTIGATIONS & INCIDENT RESPONSE
Strasburger understands fast, effective, and ethical forensics investigations, as well as statutory, contractual, insurance-related, and industry-specific breach notification requirements. Our attorneys’ knowledge is complimented by our experience in working with the FBI, DOJ, and other governmental agencies. We guide companies through the incident-response procedures of complex, escalating breaches and investigations.

“CYBER TORTS” & FRAUD
Strasburger represents clients facing issues of fraud in many guises, including the newest “cyber torts” and scams. We partner with our clients to take on insider threats, social-media scams, ransomware, “phishing,” “spear-phishing,” as well as violations of the Computer Fraud and Abuse Act and myriad other federal and state, civil and criminal statutes.

LITIGATION, CLASS ACTION DEFENSE & EXTRAORDINARY REMEDIES
Strasburger is nationally known for its attorneys’ trial and appellate skills. We have defended class actions, and have brought, defended, arbitrated, and mediated technology-focused lawsuits for decades. We have long experience with extraordinary remedies, including TROs, preliminary injunctions, and ex parte searches and seizures.

FINANCIAL TECHNOLOGY
Strasburger is familiar with a broad array of financial technology (fintech), including blockchain, distributed ledgers, robo advice, and smart contracts, to name a few.

E-DISCOVERY
Strasburger helps clients craft the best e-discovery practices and procedures for their projects, no matter the size or complexity of the data. We are versed in deploying artificial intelligence (AI)—often called “technology assisted review” (TAR) in the e-discovery world—to provide cost-effective and expeditious document review solutions.

Our attorneys’ expertise allows us to guide clients through all stages of the e-discovery cycle, from data preservation, collection and processing, to document analysis, review, and production. Equipped with these advanced tools and expertise, our attorneys can help identify the critical information and documents efficiently and effectively to advise clients on the merits of their case.

EXPERIENCE

PRIVACY

  • Provided integrated privacy counsel to public and private companies
  • Advised clients regarding privacy policies and terms of use for websites and services
  • Structured internal privacy-protection policies for public and private clients
  • Family Educational Rights and Privacy Act counsel to school boards and colleges
  • Healthcare privacy counsel to many providers in the health care industry
  • Financial privacy counsel with GLB implications
  • Privacy counsel to housing and other public authorities
  • Protected data and confidentiality in bids for government contracts
  • Handled numerous Texas Public Information Act requests and responses

DATA RIGHTS, MANAGEMENT & VALUE

  • Analyzed and negotiated complex data analytics agreements, navigating among different vendors, types of information, combinations of data, and uses
  • Developed ranges of precautions to protect trade secrets, including physical, administrative, and technical safeguards
  • Negotiated agreements with data-owners for limited use for specific purposes
  • Analyzed new, unforeseen uses of anonymized information in databases
  • Drafted data-access and use agreement with police
  • Resolved disputes over data use and processing

OUTSOURCING, DEVELOPMENT & LICENSING

  • Data security and privacy counsel for major energy producer
  • Wrote the agreements for the leading tracking and vendor- and representative-verification company in the healthcare industry
  • Drafted and negotiated multiple in-licensing and out-licensing agreements for complex technologies in training, call center, help desk services, mesh telephone, water district, software, network administration, robotics, drug development, avionics, laptop development, product design, produce management, and many other industries
  • Drafted and negotiated multiple software development agreements, for developers and customers
  • Assisted in negotiation of Enterprise Resource Planning agreements
  • Negotiated prompt, smooth migrations to the Cloud
  • Negotiated PCI-DSS agreements and service agreements to establish payment portals

CROSS-BORDER DATA TRANSFER

  • Advised, negotiated, and conducted due diligence on multiple agreements including upcoming GDPR requirements

DUE DILIGENCE

  • Multiple purchase-and-sale contracts and technology-specific portions of contracts for business sales and acquisitions
  • Assisted in due diligence on technology issues in multiple contracts

DATAE SECURITY ASSESSMENTS & CYBERSECURITY

  • Wrote the agreements for the most commonly-used Framework for Cybersecurity assessments in the healthcare industry
  • Advised on assessor engagements

BREACH INVESTIGATION & INCIDENT RESPONSE

  • Immediately advised and assisted public authority with possible data breach
  • Immediately advised and assisted private entity with concern over possible data breach, including quiet forensics
  • Advised and assisted in multiple incidents of “spear-phishing”

“CYBER TORTS” & FRAUD

  • Prosecuted, defended, and resolved numerous claims of fraud
  • Resolved claim against agent who photo-shopped his clients’ signatures
  • Prosecuted and resolved claim of impersonating others over email
  • Suit to stop anonymous online attack
  • Resolved overseas piracy issue
  • Quickly resolved cybersquatting issue that posed serious threat to client

LITIGATION, CLASS ACTION DEFENSE & EXTRAORDINARY REMEDIES

  • Sitting “in every lawyer’s seat in the courtroom,” prosecuted, defended, and resolved numerous disputes over software development agreements — on behalf of developers as plaintiff and defendant; on behalf of customers as plaintiff and defendant; and as neutral mediator and arbitrator
  • Supervised many investigations of piracy, counterfeiting, and defamation
  • Prosecuted scores of cases involving intellectual property, including TROs, preliminary injunctions, and ex parte searches and seizures of contraband

FINANCIAL TECHNOLOGY (FINTECH)

  • Advised start-up company regarding the development of its electronic payment product
  • Advised prospective investor in the financial technology

E-DISCOVERY

  • Extensive e-discovery experience in litigation of various sizes and complexity, including multi-district litigation
  • Led management and production of voluminous data in large energy transactions
  • Regular use of technology assisted review (TAR) to streamline e-discovery

BLOG

NEWSLETTER

MEDIA

HONORS

Information technology has become embedded in our lives and businesses. The resulting explosion of data has created opportunities and risks, so that responsible management of data, throughout the information lifecycle, is now critical.

Strasburger’s Privacy, Data and Cybersecurity team provides practical, forward-looking solutions that empower our clients to maximize and protect the value of their data in many industries, including financial services, technology, energy, food and beverage, manufacturing, retail, services, health care, and pharmaceuticals.

Our experience includes:

  • Privacy
  • Data Rights, Management and Value
  • Outsourcing, Development and Licensing
  • Cross Border Data Transfer
  • Due Diligence
  • Governance, Risk, and Compliance (GRC)
  • Data Security Assessments and Cybersecurity
  • Breach Investigations and Incident Response
  • “Cyber Torts” and Fraud
  • Litigation, Class Action Defense and Extraordinary Remedies
  • Financial Technology
  • E-discovery

To learn more about Strasburger’s Privacy, Data and Cybersecurity, please contact either of our co-chairs, Charles Hosch or Kathryne Morris.

PRIVACY
Strasburger advises clients on a broad range of U.S. and global privacy issues, including existing and emerging privacy laws and regulations and their impact on our clients’ businesses. Whether advising on compliance, preparing privacy policies and procedures, documenting full-enterprise data migrations to the Cloud, or handling cross-border data transfers, we help clients assess and negotiate contractual risk and understand the actual risk associated with their data.

This may include helping clients building privacy into their architecture and operations, or simply spot-checking particular issues related to website privacy policies, workplace privacy, financial privacy, medical privacy, educational privacy or others. We operate in many industries, online and across mobile devices and networks, and including Texas Public Information Act compliance.

DATA RIGHTS, MANAGEMENT & VALUE
Straburger helps clients search out, protect and optimize profitable uses of their data. Data can help calculate risk, filter risk, and ultimately support the difference between leveraging a strategic risk and taking a foolish one. We advise clients on handling, using, and protecting data, including issues related to data harvesting and analytics, access controls, rights management systems, and protection of trade secrets and confidential and proprietary business information, under Restatement regimes, state Uniform Trade Secrets Acts, and the federal Defend Trade Secrets Act.

OUTSOURCING, DEVELOPMENT & LICENSING
Whether migrating to the Cloud, outsourcing data technology services, creating technology-development agreements, or drafting and negotiating technology licenses, Strasburger collaborates with our clients to plan development wisely, to manage the risks posed by vendors and supply chains, and to maximize the value of our clients’ decisions to outsource.

CROSS-BORDER DATA TRANSFER
Strasburger provides legal advice for companies collecting, storing, processing and transferring data between their offices to the Cloud around the globe, including the new General Data Protection Regulation (GDPR) regulations in the European Economic Area and regulations in Asia.

DUE DILIGENCE
Strasburger understands business risk and the additional impact of regulatory scrutiny, and lead data-related due diligence in business transactions. Privacy and security policies should be continually updated and conscientiously followed. In mergers, acquiring companies should evaluate the security controls of target companies. We encourage adequate due diligence, and counsel our clients to confirm that their vendors, supply chain, and counter-parties maintain appropriate controls.

GOVERNANCE, RISK & COMPLIANCE (GRC)
Strasburger provides advice and guidance on GRC matters, including compliance with the Federal Trade Commission Act (FTC Act), the Electronic Communications Privacy Act (ECPA), the Child Online Privacy and Protection Act (COPPA), the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM-Act), the Health Insurance Portability and Accountability Act (HIPAA), and the European General Data Protection Regulation (GDPR) among many others.

DATA SECURITY ASSESMENTS & CYBERSECURITY
For many years, Strasburger has been deeply involved in third-party assessments and corrective-action plans across many frameworks including HITRUST, SOC 2, PCI-DSS, and others. We understand the nature of today’s threat environment and the difference between mere “compliance” and an active, dynamic, threat-informed approach.

BREACH INVESTIGATIONS & INCIDENT RESPONSE
Strasburger understands fast, effective, and ethical forensics investigations, as well as statutory, contractual, insurance-related, and industry-specific breach notification requirements. Our attorneys’ knowledge is complimented by our experience in working with the FBI, DOJ, and other governmental agencies. We guide companies through the incident-response procedures of complex, escalating breaches and investigations.

“CYBER TORTS” & FRAUD
Strasburger represents clients facing issues of fraud in many guises, including the newest “cyber torts” and scams. We partner with our clients to take on insider threats, social-media scams, ransomware, “phishing,” “spear-phishing,” as well as violations of the Computer Fraud and Abuse Act and myriad other federal and state, civil and criminal statutes.

LITIGATION, CLASS ACTION DEFENSE & EXTRAORDINARY REMEDIES
Strasburger is nationally known for its attorneys’ trial and appellate skills. We have defended class actions, and have brought, defended, arbitrated, and mediated technology-focused lawsuits for decades. We have long experience with extraordinary remedies, including TROs, preliminary injunctions, and ex parte searches and seizures.

FINANCIAL TECHNOLOGY
Strasburger is familiar with a broad array of financial technology (fintech), including blockchain, distributed ledgers, robo advice, and smart contracts, to name a few.

E-DISCOVERY
Strasburger helps clients craft the best e-discovery practices and procedures for their projects, no matter the size or complexity of the data. We are versed in deploying artificial intelligence (AI)—often called “technology assisted review” (TAR) in the e-discovery world—to provide cost-effective and expeditious document review solutions.

Our attorneys’ expertise allows us to guide clients through all stages of the e-discovery cycle, from data preservation, collection and processing, to document analysis, review, and production. Equipped with these advanced tools and expertise, our attorneys can help identify the critical information and documents efficiently and effectively to advise clients on the merits of their case.

EXPERIENCE

PRIVACY

  • Provided integrated privacy counsel to public and private companies
  • Advised clients regarding privacy policies and terms of use for websites and services
  • Structured internal privacy-protection policies for public and private clients
  • Family Educational Rights and Privacy Act counsel to school boards and colleges
  • Healthcare privacy counsel to many providers in the health care industry
  • Financial privacy counsel with GLB implications
  • Privacy counsel to housing and other public authorities
  • Protected data and confidentiality in bids for government contracts
  • Handled numerous Texas Public Information Act requests and responses

DATA RIGHTS, MANAGEMENT & VALUE

  • Analyzed and negotiated complex data analytics agreements, navigating among different vendors, types of information, combinations of data, and uses
  • Developed ranges of precautions to protect trade secrets, including physical, administrative, and technical safeguards
  • Negotiated agreements with data-owners for limited use for specific purposes
  • Analyzed new, unforeseen uses of anonymized information in databases
  • Drafted data-access and use agreement with police
  • Resolved disputes over data use and processing

OUTSOURCING, DEVELOPMENT & LICENSING

  • Data security and privacy counsel for major energy producer
  • Wrote the agreements for the leading tracking and vendor- and representative-verification company in the healthcare industry
  • Drafted and negotiated multiple in-licensing and out-licensing agreements for complex technologies in training, call center, help desk services, mesh telephone, water district, software, network administration, robotics, drug development, avionics, laptop development, product design, produce management, and many other industries
  • Drafted and negotiated multiple software development agreements, for developers and customers
  • Assisted in negotiation of Enterprise Resource Planning agreements
  • Negotiated prompt, smooth migrations to the Cloud
  • Negotiated PCI-DSS agreements and service agreements to establish payment portals

CROSS-BORDER DATA TRANSFER

  • Advised, negotiated, and conducted due diligence on multiple agreements including upcoming GDPR requirements

DUE DILIGENCE

  • Multiple purchase-and-sale contracts and technology-specific portions of contracts for business sales and acquisitions
  • Assisted in due diligence on technology issues in multiple contracts

DATAE SECURITY ASSESSMENTS & CYBERSECURITY

  • Wrote the agreements for the most commonly-used Framework for Cybersecurity assessments in the healthcare industry
  • Advised on assessor engagements

BREACH INVESTIGATION & INCIDENT RESPONSE

  • Immediately advised and assisted public authority with possible data breach
  • Immediately advised and assisted private entity with concern over possible data breach, including quiet forensics
  • Advised and assisted in multiple incidents of “spear-phishing”

“CYBER TORTS” & FRAUD

  • Prosecuted, defended, and resolved numerous claims of fraud
  • Resolved claim against agent who photo-shopped his clients’ signatures
  • Prosecuted and resolved claim of impersonating others over email
  • Suit to stop anonymous online attack
  • Resolved overseas piracy issue
  • Quickly resolved cybersquatting issue that posed serious threat to client

LITIGATION, CLASS ACTION DEFENSE & EXTRAORDINARY REMEDIES

  • Sitting “in every lawyer’s seat in the courtroom,” prosecuted, defended, and resolved numerous disputes over software development agreements — on behalf of developers as plaintiff and defendant; on behalf of customers as plaintiff and defendant; and as neutral mediator and arbitrator
  • Supervised many investigations of piracy, counterfeiting, and defamation
  • Prosecuted scores of cases involving intellectual property, including TROs, preliminary injunctions, and ex parte searches and seizures of contraband

FINANCIAL TECHNOLOGY (FINTECH)

  • Advised start-up company regarding the development of its electronic payment product
  • Advised prospective investor in the financial technology

E-DISCOVERY

  • Extensive e-discovery experience in litigation of various sizes and complexity, including multi-district litigation
  • Led management and production of voluminous data in large energy transactions
  • Regular use of technology assisted review (TAR) to streamline e-discovery
Share
Share