Data Security and Privacy

Barnes & Thornburg's Data Security and Privacy attorneys help companies analyze and mitigate risks related to the collection, storage, use and distribution of data. We work to help you establish risk management policies, business continuity procedures, and data breach responses. By putting together effective contractual provisions with vendors and comprehensive cyber insurance policies with insurance providers, we help your company better manage and, where appropriate, transfer the risk of cyberattacks and data breaches. We keep abreast of the constantly changing federal and state laws and regulations governing specific industries as well as businesses in general.

But more than just dealing with the legal risks of data breaches, our attorneys also help clients cope with the public relations and reputation management aspects of cyber attacks. From our wide-ranging work in regulatory, technology, health care, insurance coverage and security issues for some of the largest companies in the world, our attorneys identify data security and privacy issues and advise clients on ways to improve their procedures and business positions.

Barnes & Thornburg attorneys counsel and represent clients in cybersecurity matters across industries on:

• Regulatory compliance with privacy and data security regulations across industries
• Data security policies and preparedness and measures to reduce related risks 
• The gathering, storing, use and commercialization of external personal information 
• Litigating data security-related lawsuits involving intellectual property, trade secrets, privacy violations disclosures of personally identifiable information, and other data breach claims 
• Defending clients before enforcement agencies 
• Reviewing, negotiating and drafting contracts and service level agreements in areas that impact privacy and data security, such as vendor agreements, cloud computing services and HIPAA business associate agreements 
• Insurance coverage for privacy and data security issues, including counseling at the time of policy purchase and litigation after wrongful claim denials or refusals to provide full coverage for claims 
• Negotiating provisions of merger and acquisition agreements related to privacy and cybersecurity

We have assisted large global companies and organizations with evaluating a breach, researching notification requirements, preparing breach notice letters to employees in various countries, advising on the required government agency notices and preparing internal messaging memos. Our attorneys have also defended class actions after a data breach, assisted with the investigation of hacking incidents and advised on data transfer between the U.S. and Canada. We also work with emerging technology companies to help implement policies and procedures to prevent and minimize the risk of data breaches or privacy violations that could otherwise destroy your company's growth strategies.

Barnes & Thornburg attorneys have broad experience helping clients obtain millions of dollars of insurance coverage for losses related to data breaches under cyber insurance, general liability and commercial crime policies. Companies also turn to our experienced attorneys for guidance on insurance coverage and policy selection, litigated coverage issues and litigated broker malpractice.