The protection of data and personal information is of utmost importance to all educational institutions and organizations. Polsinelli recognizes this and has assembled a deep, inter-disciplinary team whose sole focus is assisting organizations as they strive to protect information, comply with ever evolving privacy and security regulations and respond to data incidents, regulatory investigations and litigation.

Polsinelli’s Education Technology team is comprised of a cross-functional group of lawyers with a deep bench of experience in the EdTech sector, including data privacy and cybersecurity experts, corporate and compliance specialists, regulatory experts and, when needed, a deep bench of litigation and dispute resolution talent.

Our clients include public and private educational institutions, research hospitals, colleges and universities across a wide spectrum of geographies and demographics.

Polsinelli’s team includes:

  • Incident response attorneys who are some of the most experienced in the country

  • Alumni of enforcement agencies charged with enforcing privacy and security regulations, such as the Department of Health and Human Services Office for Civil Rights

  • Attorneys with international backgrounds who are equipped to counsel organizations on evolving international data protection regulations;

  • Former in-house data privacy attorneys who understand not only the regulatory landscape but the logistical and business considerations associated with creating and maintaining privacy and cybersecurity programs

  • A deep bench of technology transaction attorneys with experience working on privacy and security issues for clients of all sizes.

Privacy and Cybersecurity Counseling

Polsinelli takes an inter-disciplinary approach to privacy and cybersecurity by teaming attorneys with both data privacy and industry-specific experience. In data incident response matters, and related data privacy and cybersecurity engagements, we have represented elementary and secondary schools, school districts, school employee benefit plans and retirement systems, colleges and universities, research institutions and teaching hospitals. Polsinelli attorneys counsel clients on federal privacy laws, including the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA), as well as numerous state privacy laws and the EU General Data Protection Regulation (GDPR).

Polsinelli attorneys counsel clients on technology transactions and third party data transfer, vendor and business associate agreements. Polsinelli attorneys also assist in the acquisition, management, use and disposition of data by performing the following services:

  • Overseeing privacy and security risk assessments

  • Formulating and implementing organization-specific policies and procedures

  • Developing data breach response plans and conducting mock tabletop exercises

  • Providing privacy and data security counseling and training

Data Incident Response and Preparedness
Polsinelli attorneys have a long history of counseling clients impacted by data breaches and other cyber incidents. In fact, one of our shareholders handled one of the first data breach cases after California passed its breach notification law in 2003. Our attorneys collectively have handled over one thousand data security incidents and have counseled clients through nearly every conceivable breach, from system-wide malware attacks and network intrusions to missing laptops and misdirected emails.
Our incident response team provides a full spectrum of services—from data breach response, internal investigations and litigation, to policy development and industry-specific compliance and regulatory counseling. Our interdisciplinary approach encompasses all aspects of data and system security, both before and after an incident. When an incident occurs, we provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, notifications to affected individuals, regulators and payment card issuers, responding to federal and state regulatory inquiries and litigation defense.
Additionally, Polsinelli’s rapid response capability is augmented by the strong working relationships we have with other vitally important professionals that may be needed to respond to a breach, such as forensics, crisis management and public relations services, providers of identity theft protection services and call and mail centers.
Polsinelli attorneys have served a broad range of clients in multiple sectors, including for-profit and not-for-profit education, banking and financial services, health care, pharmaceutical, technology, e-commerce, trade associations, retail, manufacturing, life sciences, food and beverage, accounting, legal and other professional services. Our attorneys also have extensive litigation experience and have represented clients in a broad range of privacy, data security, technology and other cyber-related individual lawsuits and class actions in state and federal courts across the country.
  • Served as breach counsel to university following brute-force password attack resulting in compromise of personally identifiable information (PII) of over 60,000 students, alumni and employees residing in more than 40 states and several foreign countries

  • Served as breach response counsel for website/e-commerce hosting services provider that sustained a malware attack impacting hundreds of third party companies that used client’s hosting services as well as thousands of those companies’ customers

  • Served as breach counsel for academic health system in connection with an incident arising out of a threat actor’s deletion and attempted extortion for the return of the ePHI of approximately 80,000 patients residing across the U.S. and in multiple foreign jurisdictions