Privacy and Cybersecurity

Overview
In-Depth
- Letter
- A4

Cyberattacks and data breaches have increased dramatically in recent years, making it critical for companies worldwide to understand the privacy-related legal risks they face in the course of doing business. Sidley has been at the forefront of cyberlaw for decades. The firm’s Privacy and Cybersecurity practice comprises a global team of more than 70 lawyers focused on cybersecurity preparedness, confidential information and intellectual property, incident and data breach response, consumer protection, information security law and risk mitigation. From Fortune 100 corporations to emerging startups, our cyberlaw lawyers guide companies through data security crises of all sizes, and help them respond to rapidly evolving global threats to data assets.

Sources note the firm’s “very rare combination of legal subject matter experts and business partners who understand the need to create solutions within the parameters of sound legal strategy.”
Chambers USA 2020

Webinar Series

Data Protection in Financial Services Week 2021

February 1 - 4, 2021

Publications

Part 2: Revised to Match the EU General Data Protection Regulation — or Almost

Sidley CCPA Monitor – What You Need to Know Now

Resources

Sidley GDPR Monitor – What You Need to Know Now

Sidley Blogs

Data Matters - Sidley's Insights on Cybersecurity, Privacy, Data Protection, Internet Law and Policy

Contacts

John M. Casanova

Partner

jcasanova@sidley.com +44 20 7360 3739

London
William RM Long

Partner

wlong@sidley.com +44 20 7360 2061

London
Alan Charles Raul

Partner

araul@sidley.com +1 202 736 8477

Washington, D.C.

View Professionals

As a top-tier global privacy and cybersecurity law firm, we assist clients with cybersecurity compliance and governance programs, data security litigation and investigations, and multi-jurisdictional regulatory, law enforcement and policy issues. Our lawyers have deep experience in the rapidly developing areas of information security, cyber and technology, advising clients on cutting-edge issues related to the Internet of Things, big data analytics, artificial intelligence (AI), adtech, data governance, data ethics and other innovative business applications. We also work with C-suite executives and corporate boards to address their public disclosure obligations and fiduciary responsibilities to shareholders and other stakeholders.

Few other privacy and cybersecurity law firms can match the depth and breadth of Sidley’s global cyberlaw platform. We bring value to clients in the following ways:

Integrated Services: We leverage the firm’s vast network of resources and cross-servicing opportunities for our clients, working across offices and disciplines to ensure they benefit from our collective experience. Our cyberlaw team works closely with colleagues from the firm’s Banking and Financial Services, Life Sciences, Litigation, International Trade, Technology and IP Transactions, Telecom and Internet Competition, and Government Strategies practices to provide seamless advice on complex privacy and cybersecurity law issues.
Cyber Investigations and Litigation: We represent clients on the full scope of investigation, enforcement and litigation arising from cybersecurity incidents. We conduct confidential internal investigations for a diverse range of businesses, often advising on corporate governance issues and compliance programs. Our lawyers have achieved victory in several high-profile class action cases.
International Regulatory Insight: Members of our team have been involved in the development of cyberlaw regulation and enforcement, having formerly served in senior government roles. We are active in Washington, D.C. with respect to investigations and guidance by the FTC, the expanding cybersecurity agenda of the SEC, state attorneys general and the new White House privacy framework. Our lawyers have in-depth knowledge of EU and UK regulations and have developed strong relationships with a number of European regulators. Lawyers in the group also advise clients regarding privacy law requirements and developments in the Asia Pacific region.
Industry Advocate: Our privacy and cybersecurity lawyers remain on the leading edge of cyberlaw with innovative thought leadership. In addition to frequent speaking engagements, news alerts, webinars and publications, we keep clients abreast of emerging issues through our industry-leading blog: Data Matters and through organizing many industry privacy and cyber networks and roundtables including Women in Privacy and dplegal. We also provide frequent insights and developments on the California Consumer Privacy Act and the General Data Protection Regulation.

A Strategic Approach to Cyberlaw

INCIDENT PREPAREDNESS AND RESPONSE PLANS

Design incident response plans and “play books” in light of a variety of GDPR, CCPA, and other U.S. and international regulatory regimes
Pre-secure statements of work from forensic providers, PR agencies and credit monitoring providers
Partner with forensic firms to conduct technical reviews of IT systems and vulnerability mitigation
Serve as “stand-by” cybersecurity counsel

DATA GOVERNANCE

Conduct internal cybersecurity governance legal assessments and due diligence on behalf of boards
Design and implement data governance systems (such as “ethical stewardship” of data) for operational and innovative data use, including risk mitigation for AI deployments
Design data governance architecture that classifies information by sensitivity and significance
Deliver operational and board-level training on cybersecurity matters

TABLETOP TESTING

Develop custom tabletop scenarios based on client’s business needs
Conduct on-site incident scenario exercise working with stakeholders to assess decision points
Debrief the client and provide observation, gaps and recommendations
Team up with forensic firms to provide an added layer of complexity by engaging the IT department

CRISIS MANAGEMENT AND DATA BREACH INCIDENT RESPONSE

Respond to complex multi-jurisdictional data breaches worldwide, including advanced persistent threats
Assess legal obligations under various EU, U.S. and international regulations and contractual commitments
Engage and manage forensic service providers and other service providers
Liaise with regulators and law enforcement agencies in the EU, U.S. and internationally

CYBERSECURITY INVESTIGATIONS AND LITIGATION

Defend companies in class, representative or group litigation arising out of data breach incidents
Respond to enforcement actions brought by EU data protection authorities, the FTC and state attorneys general
Assist in responding to EU, U.S. and international law enforcement agencies
Conduct internal investigations on behalf of board of directors with respect to the company’s breach response

CYBERSECURITY IN FINANCIAL SERVICES — CONFIDENTIALITY AND BANK SECRECY

Advise on cybersecurity obligations under EU and UK financial services laws, including under EU’s Market Abuse Regulations and UK’s Financial Conduct Authority rules and Takeover Code
Counsel on the U.S.’s Fair Credit Reporting Act and FATCA, the Gramm-Leach-Bliley Act and the Right to Financial Privacy Act, as well as numerous state privacy, data security and data breach statutes

PHARMACEUTICAL, HEALTHCARE AND DIGITAL HEALTH AND WELLNESS

Provide counsel on cybersecurity obligations under EU laws, including those applicable to clinical trials and UK’s National Health Service
Advise on cybersecurity requirements under the U.S. HIPAA and HITECH, state and EU data protection requirements for health information

PUBLIC POLICY AND GOVERNMENT STRATEGIES

Engage with the FTC, Secret Service, Department of Homeland Security, elements of the intelligence community and state attorneys general
Interact with the European Data Protection Board and data protection authorities in various EU Member States
Communicate with the UK’s ICO, the National Cybersecurity Centre and the Serious Fraud Office