Practice

Privacy + Cyber

Our integrated team provides legal, technical/forensic, and compliance services that transcend typical law firm offerings.

For decades, Troutman Pepper Locke has represented leading global, as well as emerging technology and life sciences companies. Our team, recognized by Chambers USA and The Legal 500 as one of the top privacy practices in the U.S., includes privacy and cybersecurity thought leaders and pioneers in emerging issues relating to implementation and compliance, litigation, regulatory investigations, and incident response. Our experience leading some of the most high-profile litigation matters and regulatory enforcement actions uniquely positions us to address emerging privacy and cyber issues that the world — and the law — have never had to confront before.

A Collaborative 360-Degree Approach.

Our Privacy + Cyber team extends the range of privacy and cyber services traditionally offered by law firms, drawing upon our unique combination of global expertise in keys areas such as privacy program creation and implementation, licensing, financing and M&A transactions, incident response, litigation, and regulatory investigations and enforcement.

Areas that truly differentiate our Privacy + Cyber practice:

In addition to our experienced attorneys, our team includes prominent former industry CPOs, CISOs, and consulting/audit experts, as well as individuals who have worked for — or as experts on behalf of —the FTC, HHS OCR, CFPB, SEC, and state attorneys general. In addition to responding to investigative inquiries and claims made by these regulators and others, we handled one of the first data breach putative class actions in 2006, and have successfully defended hundreds of privacy and cyber-based complaints before and after that case. As a result, our integrated team extends beyond the range of legal, technical/forensic, and compliance services offered by most law firms, allowing us to share ideas and experiences beyond typical law firm practice boundaries.

We have considerable experience advising clients in all aspects of business tort claims, including interference with contract or prospective business relations, business disparagement and defamation, unfair competition, theft of trade secrets, breach of fiduciary duty, fraud and deceptive business practices, and trade libel. Clients also depend on us for matters involving injunctive relief, high-exposure extra-contractual damages and attorneys’ fees.

While other firms may serve clients in one or a few of the following spaces, Troutman Pepper Locke is among the only firms with deep strength and experience serving all four:

Technology: Matters include IoT/AI/machine learning, analytics/big data, mobile/geolocation data, connected cars, fraud detection and prevention, government and law enforcement tools, telematics and other insurance innovations, payment technologies, digital/behavioral advertising, social media, cloud/outsourcing, global data transfers, and local compliance for innovative data uses.

Digital Health and Pharma: We address clinical research, health analytics/AI, global compliance and breach matters for leading Big Pharma, dental, biotech, and clinical research companies, as well as many new health care information and delivery disruptors.

Financial Services/Fintech and Cryptocurrency/Blockchain: We are active in the technology transformation in financial services, and advise Fortune 500 financial institutions, insurance/reinsurance, blockchain and cryptocurrency startups, online lending platforms, and other companies developing novel financial services and solutions.

Consumer Products/Services: We act as “outside product/service counsel,” advising on privacy and security risk issues as well as industry best practices on data usage and value maximization as part of the product and service development process.

Our Privacy + Cyber team includes a mix of globally recognized privacy and cybersecurity attorneys, former industry privacy and security officers, and management consultants. Our frontline experience with numerous leading companies across industries allows us to provide industry-specific benchmarking, practical, risk-based advice, and a range of services that goes beyond those traditionally offered by law firms, including partnering with our clients to:

  • Build foundational privacy program building blocks (e.g., privacy policy, data subject, data protection and transfer impact assessments, records of processing, contract/data processing addendum templates, and training);
  • Develop and roll out compliance documents to address global requirements; and
  • Advise clients on all privacy, security, and data use aspects of innovative technology and privacy-related licensing, M&A, financing, and other transactions.

Our Incident Response (IR) attorneys lead clients through all phases of the incident prevention, response, and recovery processes. From the onset of ransomware, malware, wire transfer fraud, or other incidents to the regulatory and litigation maelstrom that may follow, we have led the response to thousands of security incidents involving some of the largest retail, health care, banking, and government agencies, which collectively have impacted more than 1 billion people. Our experience includes a number of high-profile breaches impacting technology/security, life sciences, health care, and consumer products and services. While our experience in this space is substantial, what really sets our firm apart is our people.

Our IR attorneys take a holistic approach to incident response. The team is a unique combination of former privacy and security officers, compliance specialists, transactional attorneys, litigators, and former U.S. attorneys — all of whom bring a unique perspective and experience to IR, and, with our deep litigation and regulatory experience, understand why the decisions made during the IR process matter.

Learn more about our Incident Response and Cybersecurity capabilities.

Our national privacy and data security Litigation team works collaboratively with our Compliance, Incident Response, and Regulatory teams to provide clients with the expertise and resources needed to address the complex challenges they face with regard to their data management and information security. From the time we are engaged, our experienced litigators are available to assist clients with:

  1. Risk reduction advice;
  2. Strategies for protecting privilege and work product;
  3. Responding to requests for information;
  4. Preparing communications related to incident response; and
  5. Handling any litigation that may arise.

Our litigators have handled hundreds of litigations and arbitrations throughout the United States involving federal and state privacy statutory, tort, contract, UDTPA, and other theories that address the collection, security, use, and dissemination of personal information, including class action, single-plaintiff, and qui tam cases. Our experience includes representing diverse and heavily regulated businesses in financial services, health care and life sciences, education, energy, automotive, construction, education, and retail merchants for both controllers (businesses) and processors (service providers). It also includes representing businesses that deal in security, data aggregation and analytics, mobile applications, payment processing, de-identification/anonymization, correlation of data from multiple connected devices, and consumer-reporting systems.

How a company managed its information security before an incident, and how it responded during the incident itself, directly impacts any ensuing regulatory investigations and enforcement actions. At any stage — before, during, or after an incident — we know how to best protect and position our clients to prevail in this high-stakes environment. We have resolved investigations and enforcement actions by the U.S. Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR), Securities and Exchange Commission (SEC), and state attorneys general nationwide.

Our firm’s comprehensive legal tracking service is designed to help financial institutions stay current with regulatory and legislative changes in three key areas:

  • Debt Collection
  • Privacy + Data Security
  • Consumer Reporting + FCRA Case Law

Delivered directly to your inbox, these trackers include an overview of the most important changes and analyses on the potential impact to your business. A subscription to one or more trackers includes a monthly one-hour call with our attorneys, who will provide additional insights and be available to answer your questions.

Please click here to learn more about and subscribe to this service.

Our highest goal? Achieving yours.

Exceptional results are our best practice

Find your professional