Skip to main content

Privacy, Cybersecurity & Data Strategy

Arnold & Porter's Privacy, Cybersecurity & Data Strategy practice helps clients create risk-mitigated, global, scalable, and flexible privacy and cyber programs and data strategies for innovative data products, services and uses. We assist a wide range of industries in the challenging task of protecting data in line with the ever-growing and overlapping legal regimes. As traditional healthcare, life sciences, financial services, consumer products, and other companies become data companies, we have the insight and experience to help benchmark and prioritize resources, negotiate transactions, and evaluate potential business targets. When an attack happens, we quickly mobilize our investigation and litigation teams, which have successfully defended clients against data breach and privacy plaintiffs as well as the major data protection authorities, to contain the incident and minimize losses.

Takeaways from our Privacy, Perils & Protection Forum

» Watch video.
California's New Privacy Statute: Is It a US GDPR?

» Read advisory.
Cybercrime Is on the Rise: Will the Federal Government Require Companies to Report Cyber Attacks?

» Watch video.
"A smart, standout team; responsive, with lots of cybersecurity expertise."
Chambers USA 2020: Privacy & Data Security (Nationwide)

Experience Highlights

  • Medical device manufacturer in privacy and data security compliance counseling for a mobile health app in connection with global commercialization of app, data aggregation and integration with connected devices, including creating consent processes and procedures and overseeing HIPAA Security Rule and GDPR Article 32 cybersecurity risk assessments and related risk treatment and remediation.
  • Global media company in conducting data privacy and security due diligence in its definitive business combination agreement with a SPAC.
  • Companies in advising on the legal and policy aspects of internet, computer network and cyber operations, including guidance through national security, law enforcement and Homeland Security's legal authorities and processes.
  • Major restaurant franchisor in the investigation, litigation and favorable settlement of a New York Attorney General's lawsuit alleging the failure to protect consumer data security and privacy.
  • Medical device manufacturer in defending pending data breach class action litigation and obtaining dismissal of California Consumer Privacy Act claims.
  • Computer hard disk manufacturer and data storage company in providing legislative support and advocacy on Capitol Hill on data security issues associated with an autonomous vehicle authorization bill.
  • Multinational telecommunications company in an industry security practices investigation being conducted by the Bureau of Internet and Technology of the New York Attorney General's Office.
  • Financial services company in advising on consumer privacy, security incidents, the California Consumer Privacy Act, and other related requirements.
  • Automotive OEM in advising on California Consumer Privacy Act compliance issues related to data contracts.
Language - English

Focus Areas

Key Contacts

Kenneth L. Chernof
Kenneth L. Chernof
Washington, D.C.
+1 202.942.5940
Ronald D. Lee
Ronald D. Lee
Washington, D.C.
+1 202.942.5380
See All Related Professionals

Related Services


  • Chambers Global
    Privacy & Data Security: The Elite (USA) (2023)
  • The Legal 500 UK
    Risk Advisory: Data Protection, Privacy and Cybersecurity (2023)
  • The Legal 500 US
    Cyber Law (Including Data Privacy and Protection) (2022)
  • Chambers USA
    Privacy & Data Security: Highly Regarded (Nationwide) (2023)
    Privacy & Data Security: The Elite (Nationwide) (2022)
  • BTI Consulting Group
    BTI Cybersecurity/Data Privacy Leaders (2024)
    Honor Roll—Cybersecurity Law Firms (2017)
  • Cybersecurity Docket
    Named to "Incident Response 30" list