Led by accomplished data privacy practitioners, including certified legal professionals in Privacy and Information Security Law, Womble Bond Dickinson's Privacy and Cybersecurity Team leverages deep knowledge and experience across the broad spectrum of privacy and cybersecurity legal issues.

Our transatlantic team of more than 40 attorneys provides privacy and cybersecurity legal guidance to clients in a broad range of sectors, including retail, financial services, healthcare, manufacturing, technology, education, telecommunications, government entities, and utilities. We counsel clients in the day-to-day privacy and cybersecurity issues affecting their businesses, and we also are trusted advisers should larger issues arise.

Core Services

  • Regulatory compliance and strategy. We help clients identify and meet state, federal and international privacy regulations. The scope of our compliance practice includes data privacy, cybersecurity, marketing and advertising, international data transfers, and internet and telecommunications. We provide guidance to clients on the EU GDPR and UK GDPR, as well as CCPA, CPRA, HIPAA, COPPA, FERPA, TCPA, and FCC compliance and privacy obligations, along with other state and federal privacy, security and data breach laws.
  • Risk mitigation and data optimization. We work to minimize legal and contractual exposure associated with these cybersecurity, data privacy and marketing restrictions and also help clients optimize data strategies and assist with IP licensing and data transactions. 
  • Data breach planning and response. We work with company leaders to craft response plans and train team members to respond to data breaches and other privacy-related crises. We also act as breach coach to entities suffering from data exposure incidents, ransomware attacks, wire fraud and/or other cyberattacks involving technology.
  • Government investigations. We help clients manage responses to regulatory or criminal inquiries.
  • Data privacy and security disputes. We protect our clients’ interests in court or before government agencies. We also advise clients on internet marketing, brand protection and complex domain name disputes.
  • Transactional data contracting and diligence. We analyze data use limitations and information protection in contracts and M&A diligence reviews.
  • Digital marketing and advertising compliance. We guide companies on social media issues, including use of influencers, text messaging, targeted advertising, giveaways and sweepstakes.

Areas of Focus

  • Data Collection and Governance
  • Data Breach and Cybersecurity Risk
  • Privacy by Design and Data Analysis
  • EU GDPR, UK GDPR and Cross-Border Data Transfer Issues
  • HIPAA, COPPA, CAN-SPAM and Other Federal Privacy Compliance
  • CCPA, CPRA and Similar State Compliance Issues
  • Student and Children’s Privacy
  • Financial Privacy and Digital Payment Data
  • Healthcare Privacy
  • Corporate Deals and Commercial Contracts
  • Online Privacy and Digital Advertising
  • Cybersecurity and Privacy Dispute
  • Cybercrime and Government Investigations
  • Communications and Marketing

Retail

Privacy and cybersecurity issues are particularly vital to the retail sector, as retailers face a myriad of potential problems in every customer transaction. Many established retail companies turn to Womble Bond Dickinson to guide them through this critical aspect of conducting business.

Our privacy and cybersecurity services cover a wide range of retail and consumer legal issues, including local, federal, and global privacy regulatory compliance, implementing privacy-related best practices, and privacy-related dispute resolution. We also counsel retail clients through cybersecurity issues, incident response and government investigations.

Representative Experience 

  • Negotiated with card companies and regulators over fines to regional retailer for consumer data exposures.
  • Advised Heartland Payment Systems in minimizing damage from the exposure of more than 100 million credit card data sets, working with state attorneys general, card companies and federal investigators.
  • Updated online privacy policy and terms of use to reflect changes in US state laws for an e-commerce company.
  • Advise one of the world's largest big box retailers, a national office supply retail chain, a national chain of shoe stores, and a women’s apparel boutique franchise chain, among others, in privacy and cybersecurity matters. 

Financial Services

Few areas of the law are as highly regulated as financial services. As part of our full-scale service to financial industry clients (ranging from community banks to some of the world’s largest financial institutions), we help guide these clients in their privacy and cybersecurity needs, including keeping personal customer data safe. Our clients include three of the top ten banks in the US.

FinTech is also an area of focus for Womble Bond Dickinson. These efforts are led by Ted Claypoole, who has more than 30 years of experience providing privacy and data security guidance to companies that operate at the intersection of financial services and technology.

Our specific privacy and data security services to banks and other financial services clients include:

  • Communicating with regulators and other agency authorities on privacy compliance matters, data breach inquiries or other investigations.
  • Preparing privacy and data security-related policies, practices and procedures for banks and other financial services clients.
  • Helping financial services companies comply with GLBA and data reviews under the FFIEC IT Examination Handbook.
  • Negotiating machine learning contracts from both the vendor and customer side, as well as providing AI development training.
  • Negotiating FinTech partnerships on behalf of both financial institutions and FinTech providers. We help plan and build compliance regimes for data analytics of all types, including identified data, anonymized data and aggregated data.
  • Counseling payment processors through data breach incidents (including one of the largest losses of credit card data in US history).
  • Advising corporate boards and leadership teams of consumer financial services companies on cybersecurity and data privacy obligations and policies.

Representative Experience 

  • Analyze and negotiate ATM network agreements for financial institutions and retailers.
  • Plan strategy and negotiate vendor and customer agreements for payment units of large financial institutions.
  • Represent merchant services organizations within banks.
  • Negotiate electronic payment system agreements with technology companies on behalf of financial institutions.
  • Perform purchaser diligence review on payments systems of acquisition target companies. 
  • Work with lenders on data compliance and protection programs.

Healthcare

In addition to assisting with general privacy and data security, Womble Bond Dickinson’s Privacy and Cybersecurity team works closely with our Healthcare attorneys to guide hospitals, health systems, physicians and other providers through issues specific to the healthcare industry.

For example, our lawyers help our healthcare and life sciences industry clients develop best practices for HIPAA and HITECH Act compliance as well as state privacy and security law compliance. We also guide healthcare entities through related investigations and disputes regarding the alleged compromise of confidential patient, customer and employee data.

Our specific services to healthcare clients include:

  • Leading privileged third-party HIPAA security assessments, risk analyses, and technical assessments (e.g., pen testing, vulnerability scanning);
  • Supporting all aspects of HIPAA compliance program development and implementation, such as drafting or updating policies, procedures and forms; participating in table top exercises to test incident response plans; conducting internal gap assessments and risk assessments; and providing privacy and data security training for traditional and non-traditional healthcare entities;
  • Conducting due diligence and advising on privacy and data security factors in mergers and acquisitions or the development, acquisition or deployment of new software applications, digital platforms or other health-tech innovation;
  • Assisting with breach response and forensic investigation, analysis and data breach notification activities under state and federal laws;
  • Communicating with the Office for Civil Rights and other federal or state authorities pertaining to governmental requests or inquiries; and
  • Developing and supporting vendor management programs to address risk management and HIPAA and other data privacy and security laws.

We also assist clients with privacy and security considerations related to connected devices, artificial intelligence, and other innovative technologies throughout the healthcare sector.

Manufacturing

Because manufacturing companies don’t typically handle customer data, some sector leaders may feel privacy and cybersecurity is not a critical concern for manufacturing. But perhaps because it is seen as a “soft target,” manufacturing actually is a leading target for cybercrime. 

In fact, IBM’s Cyber Security Index 2016 found that manufacturing ranked second only to healthcare in the number of data hacks. The ominously named Operation Ghoul is one example of a highly organized, multinational spear phishing campaign targeting industrial trade secrets and other valuable data. The rise of the Internet of Things (IoT) means the potential for future cyber incidents has increased exponentially for manufacturers.

Womble Bond Dickinson can help. We regularly work with manufacturing clients on protecting private data and defending against cyberattacks.

Representative Experience 

  • Building a data security program for compliance in Europe, UK, Canada and the US for a public international manufacturer.
  • Assist public manufacturing company with all aspects of a data privacy and security program including vendor management, state law rights request regime, data breach guidance, and data governance.
  • Serving as breach counsel for major US manufacturer during and after ransomware attack.

Technology

We guide fast-moving tech industry clients in the rapidly evolving fields of information technology, privacy, cybersecurity and data protection. We regularly advise tech sector clients in:

  • Data protection, including conducting privacy and security assessments, workplace policies and procedures and employee training.
  • Procurement and licensing of IT enterprise systems and services.
  • Privacy and data protection strategies in cloud-based solutions and software-as-a-service (“SaaS”) arrangements.
  • eCommerce, online services and associated privacy-related regulatory compliance.
  • Managing privacy risks in technology acquisition and partnering, including M&A, joint venture, and licensing transactions.
  • Communications network cybersecurity compliance planning and support. This includes counseling communications providers on cybersecurity best practices and developing procedures for handling cyber incidents, breach recovery and response protocols that are designed to limit fall-out damages post-incident.
  • FinTech industry privacy and data security issues (advising both tech providers and financial institutions).
  • Insurtech privacy and data security concerns related to peer-to-peer networks, telematics, cyber insurance and other technology-related insurance products.
  • Digital media issues.
  • Artificial intelligence (AI) and biometrics-related privacy concerns.

Representative Experience 

  • Examined cyber insurance options for an international manufacturer of information technology hardware and software, and helped select the best way to mitigate data security risk.

Womble Bond Dickinson’s highly talented team of data privacy and cybersecurity lawyers are dedicated to providing legal assistance to companies across a range of sectors that are struggling to manage data security compliance responsibilities. Chaired by a certified legal specialist in Privacy and Information Security Law, our privacy and cybersecurity team leverages deep knowledge and experience across the broad spectrum of legal issues faced by clients. 

Find an attorney

Need legal advice and guidance in Privacy and Cybersecurity?
Our team is able to help provide solutions to you and your organization. Browse through our lawyers and professional staff to find the right attorney near you.

Our Privacy and Cybersecurity Attorney Services

Using our background of considerable experience of data law across a range of data privacy issues, our multidisciplinary team of attorneys are on hand to advise clients in the ever-changing and heavily-regulated areas of privacy, cybersecurity and data protection. Our data protection lawyers regularly provide privacy and cybersecurity legal guidance on both contentious and non-contentious matters to clients from  sectors including:

  • Retail
  • Financial services
  • Healthcare
  • Manufacturing
  • Technology
  • Education
  • Telecommunications
  • Government entities.

Fully informed of European data protection laws and U.S. data privacy laws at all levels of local and national governance, including the Privacy Shield program of the United States Department of Commerce and the European Union, our team has the knowledge required to ensure clients remain compliant with complex, often overlapping cybersecurity laws on a global scale. Our attorneys are on-hand to advise clients on the best practices of cybersecurity, how to manage risks and protect business, offering data solutions and SaaS agreements.

Data Privacy and Security Core Services

Our team of attorneys offer privacy and cybersecurity legal guidance specific to each client’s location and industry, allowing them to collect data, safeguard information and, ultimately, protect their reputation. Helping clients throughout all stages of business from the day-to-day privacy and cybersecurity issues affecting their businesses, to any larger issues that may arise, our trusted advisers offer a variety of services including:

  • Data security compliance planning and supportive strategies. We help clients identify and meet state, federal and international privacy regulations on all matters of  data privacy including,cybersecurity, marketing and advertising, international data transfers, and internet and telecommunications.
  • Data protection law adherence on a global scale, with key areas of focus spanning, EU  and UK GDPR, as well as CCPA, CPRA, HIPAA, COPPA, FERPA, TCPA, and FCC compliance and privacy obligations, along with other state and federal privacy, security and data breach laws. It is a complex field that requires regular revisions and updates, all of which our lawyers ensure is met by businesses in order to retain a compliant status. 
  • Risk mitigation and data optimization. We work to minimize legal and contractual exposure associated with these cybersecurity, data privacy and marketing restrictions. As well as helping clients to optimize data strategies and assist with IP licensing and data transactions including, analyzing any data contracting and M&A diligence reviews.
  • Cybersecurity risk planning and data breach response. Working with company leaders and delivering appropriate training to team members, we are able to effectively respond to data breaches and any other privacy-related crises such as; data exposure incidents, ransomware attacks, wire fraud and/or other cyberattacks involving technology.
  • Government investigations and privacy disputes. We help clients manage responses to regulatory or criminal inquiries that may occur in the aftermath of cybercrime. We protect our clients’ interests as our key focus when in court or before government agencies, covering a range of potential disputes over internet marketing, brand protection,complex domain name disputes and more.
  • Digital marketing and advertising compliance. We guide companies on social media issues, including use of influencers, text messaging, targeted advertising, giveaways and sweepstakes, ensuring cyber security protection throughout use.

Data protection is the core focus of our cybersecurity lawyers when devising data security compliance plans and completing day-to-day administration with clients. We conduct privacy and security assessments to assess workplace policies and procedures, carry out employee training and develop comprehensive data security plans.

If you’re looking for legal support in managing data collection or privacy protection regulations, get in touch with our team today to find out how we can help you. Browse through our data privacy and cybersecurity lawyers to learn more about the legal data security services we provide