Overview
In the current world of perpetual innovation and technological change, companies face unprecedented challenges in managing and safeguarding the personal data and other confidential information of their customers, employees, and other business associates.
With one of the largest and most experienced Intellectual Property and Information Technology practices in the Great Lakes Region, Calfee's attorneys are well-positioned to help companies respond to critical cybersecurity incidents and otherwise navigate the complex legal framework affecting the collection, use, protection, disclosure, and transfer of personal data and other confidential information.
Noteworthy
Chambers USA Leading Law Firm Rankings
Our Data Privacy & Cybersecurity attorneys are embedded in many of our other practice areas throughout the firm, and many are highly recognized by Chambers USA.
For nearly a decade, our Intellectual Property group has been ranked and recognized by Chambers USA in Band 1 in Ohio. A client interviewed by Chambers USA researchers was quoted saying, "The firm offers excellent value for its services. The team is dedicated and provides sophisticated legal services at an attractive cost."
Market commentators stated, "Calfee's IP attorneys are highly regarded; they are true experts, and they do excellent work for their clients. This is a power bench; the team works well together and supports each other well. Each individual is responsive and knowledgeable in their expertise and experience. This is definitely one of my favorite firms to work with."
Calfee's White-Collar Defense and Investigations practice is also ranked and recognized by Chambers USA in Band 2 in Ohio (2023). Chambers USA researchers stated, "Head of department Fritz Berckmueller is well regarded for his expertise in white-collar work. He acts for clients in a range of matters including FCA investigations, whistleblower claims, and investigations into bribery and corruption."
Calfee has also been recognized as a Leading Law Firm for Insurance: Policyholder in Ohio by Chambers USA, most recently in Band 1 in Ohio (2023). Calfee is one of only four law firms ranked in this practice in the state.
Chambers USA commentators note that "The team boasts an impressive reputation with decades of experience in policyholder insurance representation. Calfee is well known for its capabilities in risk mitigation and cost recovery strategies and provides representation in all aspects of insurance coverage policy disputes, including those surrounding M&A transactions. The firm has an impressive roster of clients that includes those in the academic, healthcare, and manufacturing sectors."
Professionals
Professionals
Services
Services
Incident Response
No matter how effective a company's information security program may be, data security incidents are a growing phenomenon, in both frequency and consequence. However, with advance preparation and a thoughtful incident response plan, followed by effective execution, catastrophic damage to an enterprise suffering a data breach is not inevitable. Our attorneys have broad experience assisting companies both during and in the aftermath of security incidents, helping them to understand and navigate potential liabilities, insurance coverage, regulatory issues, notice requirements, public relations, and related considerations, as well as helping to identify ways to improve their information security programs moving forward. Key components of such services may include:
- Working with in-house personnel and, as warranted, outside consultants, to determine and verify the occurrence of a breach or other data incident.
- Identifying various laws and regulations implicated by such incidents/breaches.
- Determining whether notice must be provided to regulators and affected individuals, including customers and company employees.
- Drafting notifications to affected individuals, regulators, customers, and employees consistent with applicable laws.
- Assisting with communications with external sources, including insurers, law enforcement, and potentially the media.
- Advising clients with respect to legal and public relations decisions regarding post-incident assistance to affected individuals.
- Assisting with the determination of whether insurance coverage exists, communicating with insurance companies to advocate for coverage, and preparing settlement agreements with insurance companies.
- Partnering with third-party cybersecurity experts to conduct diagnostic testing and direct investigations related to security breaches.
- Investigating and addressing criminal, employment, contractual, and other legal obligations involving the conduct of employees, vendors, or other business associates.
- Defending companies in state and federal regulatory investigations, including actions commenced by state attorneys general.
- Preparing for and defending companies in litigation that may arise from data security incidents.
Risk Assessment and Compliance
The most effective method for reducing the risk of a cyber incident affecting personal data, proprietary business information, or both is to prepare for it. Requirements for protecting such information continue to evolve, as its volume continues to grow exponentially. In the U.S., an ever-growing patchwork of state and federal laws and regulations requires companies to employ enterprise-level strategies to manage cyber risks. Our attorneys have broad experience helping companies across many industries assess such risks and develop comprehensive protection and mitigation policies and procedures to meet their legal obligations.
Key components of such risk assessment and compliance services may include:
- Advising companies regarding the collection, use, protection, disclosure, and transfer of personal data and other confidential information.
- Preparing and implementing comprehensive information governance directives, policies, and practices, with an enterprise-focused approach, including cybersecurity implementation plans, incident response plans, and vendor management programs.
- Counseling company management and directors on responsibilities regarding data privacy, cybersecurity, and related reporting obligations.
- Providing education and training to employees, officers, and directors relating to applicable privacy and information security obligations and responsibilities.
- Preparing and updating public- and user-facing privacy policies and website terms of use.
- Preparing and updating online agreements affecting data rights, privacy, and security, including website terms of service, Software-as-a-Service (SaaS) subscriptions, and end-user license agreements.
- Preparing employment-related privacy notices and job applicant privacy policies.
- Reviewing and negotiating contracts with third-party service providers and vendors having access to personal information, and assisting with due diligence related to vendors’ information security programs.
- Providing advice regarding the scope and application of cyber risk insurance policies, including negotiation of terms and conditions.
- Providing guidance on privacy and information security issues during the due diligence phase of merger and acquisition transactions and analyzing loss scenarios related to potential security breaches.
- Advising companies on strategies for complying with numerous federal and state laws regarding data rights, privacy and cybersecurity.
Privacy and Data Security Regulations
Calfee’s Information Technology practice group has advised clients in a variety of industries regarding numerous laws, regulations, security standards, and privacy frameworks, including:
- Federal Trade Commission Act (FTC Act)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Children’s Online Privacy Protection Act (COPPA)
- CAN-SPAM Act
- Electronic Communications Privacy Act (ECPA)
- Computer Fraud and Abuse Act
- Telephone Consumer Protection Act (TCPA)
- Fair Credit Reporting Act (FCRA)
- Fair and Accurate Credit Transactions Act (FACTA)
- Bank Secrecy Act (BSA)
- EU Data Protection Directive
- EU General Data Protection Regulation (GDPR)
- State privacy and breach notification laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), Colorado’s Privacy Act (CPA), and others.
Comprehensive and Collaborative Approach
Our experience cuts across numerous industries and multiple legal disciplines, including:
- Compliance Services
- Corporate and Finance
- Insurance Coverage and Insurance Recovery
- Information Technology
- Intellectual Property
- Labor and Employment
- Litigation
- White-Collar Defense
We strive to provide practical and actionable legal advice that allows clients to focus on achieving their business goals, knowing that their obligations regarding data rights, privacy, and cybersecurity are being addressed.
Global Reach
The ability to transfer customer information and other data around the world creates significant opportunities for businesses, both large and small. But with those opportunities comes risk in the form of ensuring compliance with the increasing number of privacy and information protection laws being enacted in other countries. In addition to our extensive experience with applicable U.S. federal and state data privacy laws and regulations, Calfee attorneys work with associates across the globe through our membership in Lex Mundi, the world's leading network of independent law firms with in-depth experience in more than 125 countries worldwide, in order to address data rights, privacy, and cybersecurity issues, including cross-border transfers of information.