Practice

Privacy & Data Security

Dedicated to keeping you a step ahead

Foley Hoag’s attorneys can help you understand and maneuver through issues and manage risks inherent in the maintenance, protection, use and disclosure of sensitive data. We are dedicated to keeping you a step ahead, using practical experience to guide your business through every facet of the privacy and data security challenges it may face. Members of our Privacy & Data Security team are widely sought-after for their expertise and experience, and have spoken at numerous programs and provided insights to media outlets including Bloomberg, The Washington Post, The Wall Street Journal, Politico and Law360.

Our Privacy & Data Security practice group provides a comprehensive suite of services that address the myriad legal and policy challenges:
  • Complying with state, federal and international laws – including the CCPA, CPRA, SHIELD and GDPR – that govern information security, identity theft and surveillance
  • Complying with HIPAA, and the FTCs and GLBA privacy and security requirements
  • Assisting with state and federal investigations (including by the FTC, SEC and OCR)
  • Developing privacy and information security policies
  • Negotiating third-party data security agreements
  • Investigating, litigating and resolving security incidents, including competitive espionage and proprietary data leaks
  • Counseling on corporate governance
  • Advising clients on safeguarding company records, financial information and other valuable information assets
  • Providing data privacy specific due diligence in mergers and acquisitions

Areas of Focus

Our Privacy & Data Security practice provides a comprehensive suite of services that address myriad legal and policy challenges:
  • Privacy and information security policies
  • Third-party data security agreements
  • Security incidents including competitive espionage and proprietary data leaks
  • Corporate governance 
  • Company records, financial information and other information assets
  • Data privacy-specific due diligence in mergers and acquisitions

Experience

Privacy Compliance

  • Assisted multiple companies in the tech, start-up, life sciences and health insurance spaces, among others, with assessing and structuring data privacy compliance protocols, including drafting privacy policies and reviewing third-party contracts.Compliance work involves both U.S. privacy laws and the European Union’s GDPR.
  • Assisted technology and telecommunications company in crafting government-mandated security policy to protect against unique security threats.

Data Breach Investigation and Response

  • Represented start-up tech company with data breach response arising from third-party vendor security breach affecting individuals in multiple states and in EU countries.
  • Represented social media company with a data breach response affecting individuals globally.
  • Represented health care provider in response to ransomware attack.
  • Represented vendor (and HIPAA business associate) to health care providers in responding to data security incident.

Litigation and Government Investigations

  • Defended mid-stage technology company, large manufacturing company and large investment company from breach of contract claims arising from respective “man in the middle” attacks that resulted, in each case, in the fraudulent diversion of millions of dollars.
  • Represented life sciences company with data breach response that affected hundreds of thousands of individuals nationwide and implicated HIPAA, requiring law enforcement engagement, response notification, and responses to requests from government agencies.