Skip to main content

Privacy, Cybersecurity & Data Strategy

Arnold & Porter's Privacy, Cybersecurity & Data Strategy practice helps clients create risk-mitigated, global, scalable, and flexible privacy and cyber programs and data strategies for innovative data products, services and uses. We assist a wide range of industries in the challenging task of protecting data in line with the ever-growing and overlapping legal regimes. As traditional healthcare, life sciences, financial services, consumer products, and other companies become data companies, we have the insight and experience to help benchmark and prioritize resources, negotiate transactions, and evaluate potential business targets. When an attack happens, we quickly mobilize our investigation and litigation teams, which have successfully defended clients against data breach and privacy plaintiffs as well as the major data protection authorities, to contain the incident and minimize losses.

Experience Highlights

  • Medical device manufacturer in privacy and data security compliance counseling for a mobile health app in connection with global commercialization of app, data aggregation and integration with connected devices, including creating consent processes and procedures and overseeing HIPAA Security Rule and GDPR Article 32 cybersecurity risk assessments and related risk treatment and remediation.
  • Global media company in conducting data privacy and security due diligence in its definitive business combination agreement with a SPAC.
  • Companies in advising on the legal and policy aspects of internet, computer network and cyber operations, including guidance through national security, law enforcement and Homeland Security's legal authorities and processes.
  • Major restaurant franchisor in the investigation, litigation and favorable settlement of a New York Attorney General's lawsuit alleging the failure to protect consumer data security and privacy.
  • Medical device manufacturer in defending pending data breach class action litigation and obtaining dismissal of California Consumer Privacy Act claims.
  • Computer hard disk manufacturer and data storage company in providing legislative support and advocacy on Capitol Hill on data security issues associated with an autonomous vehicle authorization bill.
  • Multinational telecommunications company in an industry security practices investigation being conducted by the Bureau of Internet and Technology of the New York Attorney General's Office.
  • Financial services company in advising on consumer privacy, security incidents, the California Consumer Privacy Act, and other related requirements.
  • Automotive OEM in advising on California Consumer Privacy Act compliance issues related to data contracts.