The protection of data and personal information is of utmost importance to all organizations. Polsinelli recognizes this and has assembled a deep, diverse team whose sole focus is assisting organizations as they strive to protect the information, comply with ever-evolving privacy and security regulations, and respond to data incidents, regulatory investigations and litigation. Polsinelli’s privacy team includes:

• Attorneys with international backgrounds, qualifications, and experience who are equipped to counsel organizations on evolving international data protection regulations.
• Former in-house data privacy attorneys who understand not only the regulatory landscape but the logistical and business considerations associated with creating and maintaining privacy and cybersecurity programs.
• Incident response attorneys who are some of the most experienced in the country.
• Alumni of enforcement agencies charged with enforcing privacy and security regulations, such as the Department of Health and Human Services Office for Civil Rights.
• A deep bench of technology transaction attorneys with experience working on privacy and security issues for mid-market to Fortune 500 companies.

Privacy Counseling

Polsinelli takes an interdisciplinary approach to privacy and cybersecurity by teaming attorneys with both data privacy and industry-specific experience. Polsinelli attorneys counsel clients on state, federal and international privacy laws, including CCPA/CPRA and other emerging comprehensive state privacy laws, HIPAA, GLBA, CAN-SPAM, COPPA and FCRA.

Polsinelli’s privacy group also has deep experience in international privacy laws such as the EU General Data Protection Regulation (GDPR) and its UK equivalent, as well as the laws of other countries such as Brazil, Australia, Canada, India, and China.

Polsinelli attorneys also counsel clients on payment card processing (PCI) regulations, technology transactions and third-party data transfer, vendor and business associate agreements.

Our privacy team prides itself on providing practical, pragmatic advice using a risk-based approach that takes into account both the business and legal needs of our clients. Representative examples of our work include:

• Developing and implementing enterprise-wide privacy compliance programs to include GDPR, CCPA/CPRA, and other U.S. and international laws.
• Overseeing privacy and security risk assessments and gap analysis.
• Providing outside privacy counsel services including a dedicated privacy hotline.
• Undertaking data mapping assignments in order to assist clients with EU Records of Processing Activities and general data inventories as necessary under CCPA and other privacy laws.
• Formulating and implementing organization-specific policies and procedures.
• Advising on domestic and international cookie and web tracking regulations.
• Providing privacy and data security counseling and training.
• Developing data subject response policies and procedures.
• Conducting privacy due diligence in M&A-related transactions.
• Counseling on complex areas of privacy compliance in industries such as ad tech, use of clinical trials, machine learning, and artificial intelligence (AI).

Data Incident Response & Preparedness

Polsinelli attorneys have a long history of counseling clients impacted by data breaches and other cyber incidents. In fact, one of our shareholders handled one of the first data breach cases after California passed its breach notification law in 2003. Our attorneys collectively have handled more than two thousand data security incidents and have counseled clients through nearly every conceivable breach, from system-wide malware and ransomware attacks, network intrusions and misconfigurations, third-party/vendor breaches and business email compromises to misdirected emails. Our incident response team provides a full spectrum of services — from data breach response, internal investigations and litigation, to policy development and industry-specific compliance and regulatory counseling.

Our interdisciplinary approach encompasses all aspects of data and system security, both before and after an incident. When an incident occurs, we provide comprehensive assistance, including overseeing forensic investigations and crisis management activities, notifications to affected individuals, regulators and payment card issuers, responding to federal and state regulatory inquiries and litigation defense. Additionally, Polsinelli’s rapid response capability is augmented by the strong working relationships we have with other vitally important professionals that may be needed to respond to a breach, such as forensics, crisis management and public relations services, providers of identity theft protection services and call and mail centers.

Polsinelli attorneys have served a broad range of clients in multiple sectors, including consumer brands, franchise, banking and financial services, health care, pharmaceutical, technology, e-commerce, trade associations, for-profit and not-for-profit education, retail, manufacturing, life sciences, food and beverage, accounting, legal and other professional services. Our attorneys also have extensive litigation experience and have represented clients in a broad range of privacy, data security, technology and other cyber-related individual lawsuits and class actions in state and federal courts across the country.