Our Privacy and Cybersecurity Team provides practical and comprehensive counseling and litigation solutions to address the privacy and data security concerns and compliance issues that companies must grapple with today. In light of the California Consumer Privacy Act (CCPA), which affects many companies in and outside of California, we help companies fulfill data disclosure,  handling, and protection requirements, create critical data breach mitigation strategies and pre-incident response plans, and comply with applicable state and federal laws governing data breach incidents.

Data Breach Strategy and Response

In the event of a suspected or actual data security breach, we provide companies with strategic advice and counsel not just to comply with applicable legal requirements, but to help protect their finances and business reputations to the extent possible despite any such incident. We assist companies on all aspects of their responses to incidents, including securing any available insurance coverage, coordinating the forensic investigation, evaluating what notices are required or prudent, assisting with the preparation and sending of notices, and addressing any related potential liability issues and/or litigation.

CCPA Compliance and Litigation

Farella’s CCPA litigation team helps our clients comply with the requirements of the Act and other data privacy legislation, and are prepared to deal with any litigation arising under such laws. In the event of a suspected or actual data security breach, we provide companies with strategic advice not just to comply with applicable legal requirements, but to help protect their finances and business reputations in the short and long term. Our comprehensive approach includes securing available insurance coverage(s), coordinating forensic investigations, evaluating and effectuating all required (or otherwise prudent) notices, and addressing any related potential liability issues and litigation.

Our Multi-Practice Team Provides:

  • Privacy attorneys that review and draft privacy and information security policies, and assist with communication and implementation strategies, including training regarding maintaining reasonable security procedures and practices.
  • Insurance recovery attorneys and an insurance risk management consultant who advise clients on the placement of cyber insurance policies, draft captive insurance “Tech E&O” and stand-alone cyber insurance policies, and work with our clients’ insurance brokers in negotiating the broadest possible coverage in the purchase or renewal of their cyber insurance policies, as well as traditional insurance that may apply to cyber and “Internet of Things” risks (e.g., property, general liability, errors and omissions liability, and directors and officers liability). We handle insurance claims arising out of alleged data breaches, security incidents and privacy violations.
  • White collar defense and government investigations attorneys who help clients handle government reporting and inquiries following a breach, including in some cases, investigation of the incident by government authorities. We also help guide clients through any follow-on enforcement scrutiny and litigation that may focus on the client’s breach response.
  • Intellectual property and technology litigators who have deep familiarity with the latest cloud computing and security/encryption technologies, and have litigated numerous patent cases involving these technologies. Our attorneys also have significant experience handling the types of copyright and trade secret issues that can follow a data breach, and are a valuable resource in the midst of a cybersecurity crisis that can threaten our clients’ businesses and brands.
  • Class action litigators who have tried cases across the nation and will vigorously defend clients when data breaches, and/or other alleged violations under privacy laws, result in private litigation. We are well positioned to take on major class actions and multidistrict litigation, which often follow high profile data breaches or other unauthorized disclosures of personal information.

Firm Highlights

Publication

Cybersecurity Regulation: Key Takeaways From an Unusual FTC Order That Will Follow CEO for a Decade

The FTC recently issued a proposed order that would settle an enforcement action against Drizly, LLC and its co-founder and CEO, James Rellas, arising from data breaches in 2018 and 2020 that affected over...

Read More
Publication

Nonprofit Websites and Terms of Use - Best Practices and Common Pitfalls

Welcome to EO Radio Show – Your Nonprofit Legal Resource . Happy New Year, everyone!  In episode 26, Cynthia Rowland and her guest Nate Garhart discuss websites and terms of use and the legal concepts...

Read More
Publication

Maximizing Your Insurance Coverage for Data Privacy Liability

With news of massive data breaches making headlines in recent years, the handling of personal data has become a focus for legislators and regulators around the world. Compliance with data privacy regulations such as the...

Read More
Publication

Employee Data under the CCPA: Expiration of Employer Exemptions Requires Compliance as of January 1, 2023

Since the California Consumer Privacy Act (“CCPA”) was passed in 2018, employers have been watching carefully to see how the law will apply to data collected and maintained about their employees. Up until now, ...

Read More
Publication

California Passes Landmark Privacy Protections for Children With Big Implications for Online Providers

Governor Newsom recently signed into law AB 2273 , the California Age-Appropriate Design Code Act (CA AADCA), making California the first state to pass broad privacy protections for children. The CA AADCA is modeled...

Read More
Publication

Using Multi-Factor Authentication as a Prerequisite to Cyber Liability Coverage

Multi-factor authentication (MFA) is more than an annoying popup or text message when logging onto a company’s website or platform. Not only is using MFA a sound security practice and good business, it is frequently...

Read More
Publication

Uber’s Former Chief Security Officer Found Guilty of Obstruction For Coverup of Data Breaches

On October 5, 2022, after a monthlong jury trial, former Uber Chief Information Security Officer Joseph Sullivan was found guilty of obstructing proceedings of the Federal Trade Commission (FTC) and misprision of a felony...

Read More
Publication

California AG Signals Enforcement of the Global Privacy Control Under the CCPA

As companies prepare for the provisions of the California Privacy Rights Act (“CPRA”) to come into effect in January 2023, California Office of Attorney General (“OAG”) has signaled that companies should not wait to...

Read More
Publication

Caught in the Crossfire — How Will the War Exclusion Affect Commercial Policyholders?

The war exclusion has received a lot of attention over the past year, particularly since Russia invaded Ukraine in February. Policyholders’ concern that insurers will assert the exclusion as a basis to deny coverage...

Read More
Publication

Privacy Policy Best Practices for Nonprofits

Welcome to EO Radio Show – Your Nonprofit Legal Resource . I’m happy to have my colleague Nate Garhart back for a discussion on privacy laws and how they affect website content development and online...

Read More