Privacy, Cybersecurity, Data Ethics & Strategy

Faegre Drinker helps clients meet the challenges of the information age. Organizations collect, use and share ever-increasing amounts of data, raising privacy, security, information governance and other data ethics issues. Our team of attorneys and professionals helps clients build strong data governance programs that support compliance with applicable laws and agile responses to security incidents. 

We help organizations understand the array of laws and guidelines applicable to their data processing. This includes requirements concerning privacy (to what extent can individuals control the use and disclosure of information that relates to them), security (what safeguards are required to protect the confidentiality, integrity, and availability of data assets), transparency (to what extent do organizations need to be transparent about how they are collecting and using personal data), ownership (who owns personal data and information derived from personal data) and fairness (does the outcome of data analysis result in disparate impacts to a specific group of people in a way that causes harm). These issues have been a central part of “data protection” law for decades and are growing in importance as regulators struggle to address new, data-intensive technologies like artificial intelligence.

Faegre Drinker’s multidisciplinary privacy, cybersecurity, data ethics and strategy team assists organizations in understanding their information flows and creating compliant policies and procedures. We help clients close M&A deals and draft complex data agreements and security provisions. And when incidents threaten a client’s business reputation, we are here to help. We litigate class-action lawsuits, respond to data breaches, answer regulator inquiries, and deliver peace of mind when a crisis arises.

We advise organizations on a wide body of rapidly evolving data laws, regulations and standards, such as:

• U.S. state privacy laws, such as the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), Illinois Biometric Information Privacy Act (BIPA) and Washington My Health My Data Act.
• U.S. federal privacy laws, such as the Federal Trade Commission (FTC) Act, Telephone Consumer Protection Act (TCPA), Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA).
• UK and EU data protection and e-privacy laws, such as the General Data Protection Regulation (GDPR) and ePrivacy Directive.
• China’s Personal Information Protection Law (PIPL), Cybersecurity Law (CSL) and Data Security Law (DSL).
• Standards, such as the Payment Card Industry Data Security Standards (PCI DSS), International Organization for Standardization (ISO) 27001, and National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).
• Pending legislation, such as the EU AI Act and privacy bills at the U.S. state and federal levels.