As the information economy becomes the data economy, and networks and software become more sophisticated, companies need experienced counsel to protect key data, ensure multi-jurisdictional regulatory compliance, and safeguard employee and customer privacy. Whether drafting enterprise-wide privacy policies, participating in privacy and security audits, advising on regulatory compliance, responding to a data breach, or defending against class action or other breach-related litigation, Polsinelli attorneys have the legal breach experience combined with the technical know-how to meet and exceed clients’ needs.

Our data privacy and security team is experienced in industries ranging from health care to banking, and telecommunications to retail. Our lawyers advise clients on internal vulnerabilities and compliance, and regularly assist with vendor management, cybersecurity insurance evaluation, and employee education and compliance training initiatives. Polsinelli’s team includes former software and systems engineers, network administrators, and information privacy professionals certified by the International Association of Privacy Professionals. Whether ensuring appropriate data security standards in a vendor agreement or ensuring compliance with the European Union’s Data Protection Directives, Polsinelli provides practical and timely advice tailored to a company’s specific data privacy needs.

Compliance and Security Counseling

Polsinelli’s data privacy and security team monitors legislative and governmental enforcement developments, and regularly advises clients on industry and regulatory compliance. Our lawyers assist with the drafting, assessment, and revision of privacy and security policies, and the application of best practices for data encryption, edge security in accordance with payment card industry (PCI), ISO, and National Institute of Standards and Technology (NIST) standards. Clients in highly regulated industries, including the healthcare, financial services, and telecommunications sectors, rely on Polsinelli to provide strategic and actionable intelligence to harden their networks, improve security in cloud services and mobile apps, and monitor intercompany data flows to ensure privacy and information protection. Our attorneys also assist companies in the creation and assessment of rapid response teams to ensure strategic and tactical readiness in the event of any breach.

For companies with business operations having connections in Europe, attorneys in the practice have created a self-assessment checklist to address readiness for the European Union's General Data Protection Regulation (GDPR).  If you are interested in receiving a copy of this self-assessment, please click here.

Transactional Support

Whether analyzing potential privacy or security vulnerabilities in a vendor transaction, obtaining cybersecurity insurance or licensed security services and technology, advising on related company data flows, or assisting with diligence in mergers and acquisitions, Polsinelli’s data privacy and security team is able to assist. We regularly draft, review, and negotiate data privacy and security terms used in a wide array of policies and contracts, and we advise clients on inbound and outbound technology licensing, healthcare information technology, vendor and supply-chain management, R&D and joint development issues, technology transfer, and other similar deals in which data privacy and security considerations arise.

Data Breach and Rapid Response

There is no substitute for preparation when it comes to any data breach incident. Polsinelli attorneys assist clients with data breach planning and preparedness, and advise on best practices for the creation, exercising, and deployment of multi-disciplinary enterprise-wide rapid response teams. We are experienced in assisting and advising clients, large and small, in response to actual and potential data breaches in industries ranging from healthcare to telecommunications, and retail to banking. Polsinelli maintains policy and procedure guides related to regulatory requirements for data breaches occurring in all 50 states, as well as pursuant to the European Union’s Data Protection Directive. Our responsive, flexible, and scalable team provides timely and actionable advice and counsel when clients need it most.

Breach Litigation and Counseling

Should a breach occur, Polsinelli’s data privacy and security team assists clients with both pre-litigation counseling and defense of claims. Before a case is brought, Polsinelli assists clients in analyzing their respective contractual and indemnification rights, assesses potential liability, defense costs, and potential loss of reputation, and advises clients on appropriate remedial or regulatory actions that may be available to limit any potential exposure. While litigation avoidance is always the goal, should breach litigation ensue, Polsinelli has litigators ready to defend privacy and security breach cases. We have handled all stages of technology litigation and utilize Polsinelli’s vast technical and regulatory experience to collaboratively tackle even the most severe data breaches. Polsinelli’s technology litigation team has consistently enforced and defended clients’ interests in courts and other dispute resolution forums throughout the country, and excels at simplifying and explaining complex concepts and regulations to courts and juries to effectively mitigate the impact that any data breach may pose.
  • Performed comprehensive regulatory compliance and privacy audit of a Fortune 500 company with internal and external data flows spanning dozens of countries around the world. 
  • Drafted and revised approximately 15 enterprise-wide internal privacy, security, access, and technology use policies for a well-known large cap technology company. 
  • Advised client regarding response obligations, agency and public notice, and best practices to quickly and effectively identify, contain, and remedy a data breach involving PII and PHI. 
  • Counseled a Fortune 500 company on breach analysis and potential obligations related to theft of encrypted laptops and mobile devices. 
Recent News