Privacy, Cyber & Data Strategy Counseling

• Global medical device manufacturer in leading its data strategy vision and providing global data protection, privacy, and cybersecurity counseling, including with respect to the California Consumer Privacy Act, the Health Insurance Portability and Accountability Act, the General Data Protection Regulation, and the Chinese Personal Information Protection Law; and negotiating privacy and security terms of and agreements in connection with customer and vendor contracts.
• Fortune 100 technology manufacturer in performing due diligence into privacy practices of acquisition target, a fabless chipmaker.
• Major medical laboratory company in conducing privacy and security risk assessments under the Health Insurance Portability and Accountability Act.
• Fintech startup in developing privacy compliance program, including notices, policies, and contracting templates, under various laws, including the Gramm-Leach-Bliley Act.
• Arts-focused mobile app developer in contracting with U.S. school districts for compliance with the Family Educational Rights and Privacy Act and Children’s Online Privacy Protection Act.
• Global health and beauty supplier in assessing and supplementing privacy program and negotiation data processing agreements.
• Premium TV network and digital media content provider in privacy and data security compliance and design for its app, data risk management issues, and updating its privacy and security program and related documents.
• Global pharmaceutical company on global data protection issues, including with respect to patient-focused apps, related to compliance with the California Consumer Protection Act, the Health Insurance Portability and Accountability Act, and the General Data Protection Regulation.
• Global medical device and data companies in conducting due diligence and opining on risk of proposed mergers and acquisitions.
• Consumer mobile app developer; in developing global privacy program, including under the CCPA and GDPR, negotiating data protection agreements with licensees.

Privacy and Data Breach Litigation

• Publicly listed, nationwide consumer retail company in defending against data breach claims, including compelling claims to arbitration. (N.D. Cal.)
• Publicly listed, nationwide consumer retail company in defending against wiretapping claims arising from company’s alleged use of website cookies. (N.D. Cal.)
• Publicly listed, global technology company in defending against wiretapping claims arising from company’s alleged use of website tracking technologies. (N.D. Cal.)
• Publicly listed media company in Video Privacy Protection Act class action litigation relating to the use of data pixels. (S.D.N.Y.)
• Pharmaceutical manufacturer in defending privacy class action—including under the Confidentiality of Medical Information Act—relating to patient assistance program mailings. (California)
• Canon Business Process Services and General Electric, in defending data breach class action litigation. (S.D.N.Y.)
• Large, regional hospital system, in obtaining dismissal of data breach class action litigation relating to ransomware attack. (South Carolina)

Incident Response and Investigations

• Federal government subcontractor in investigating and responding to business email compromise incident, including reporting to federal contracting agency.
• Publicly listed, nationwide consumer retail company in responding to investigation by states attorneys general over vendor’s data breach.
• Medical laboratory company in managing response to investigation by U.S. Department of Health and Human Services.
• Publicly listed media company in incident response, crisis management and global breach notification management.
• Global medical device manufacturer in multiple incident response matters, which have included conducting HIPAA risk assessments and determining notification obligations in one instance and determining notification obligations and engaging with works council under the GDPR in another.