Overview
Amundsen Davis's Data Privacy and Security Practice is comprised of a multidisciplinary team of lawyers, who understand that companies, large and small, are constantly trying to navigate the legal implications of data, or cyber security and data privacy. Our attorneys counsel clients, in a variety of industries and sectors, on privacy matters, which can include data mapping and privacy audits and the tailoring of both internal and outward facing policies. We partner with our clients on risk mitigation; data security and PCI compliance; GDPR compliance; HIPAA and HITECH compliance; CCPA compliance; BIPA compliance; employee privacy requirements; record retention and electronic discovery assessments; click-wrap agreements; and compliance with consumer statutes that include the CAN-SPAM Act and the TCPA.
At the same time, we are trusted advisers for incident response plans and serve as breach coaches in the wake of data incidents. Our team has collectively spent years helping clients prepare for, respond to and litigate data breaches. We have built up a network of forensic experts and privacy professionals to ensure that we not only advise our clients on developing vulnerabilities, tactics and cyber threats but also counsel on how to respond to data incidents swiftly, efficiently and with an eye toward getting the business back up-and-running securely. We understand that while data incidents, like ransomware attacks, happen at an alarming pace, the experience for our clients is personal and a chief concern can be preserving your brand post-incident.
We also counsel our clients on cyber incidents that aren’t cyber attacks but rather internal, employee missteps that can harm the company financially and/or trigger notification requirements because a mistake in sharing information could mean “unauthorized access.” Our team has handled virtually all types of incidents across diverse industries including health care, financial services, public companies, nonprofits, technology support services and small to mid-size organizations.
Our team also defends businesses in high stakes situations, from class action lawsuits grounded in alleged violations of federal, state and local statutes, to claims of breach within the health care industry, and alleged failure to comply with HIPAA and HITECH.
Our team has a global network of privacy professionals, which allows us to develop effective, widespread strategies for addressing cybersecurity, data, and privacy matters worldwide.
A sample of our background includes:
- Defense of clients against class action data breach litigation based on alleged unauthorized releases of data and misuse of data based upon alleged breaches.
- Review and revision of current security policies and procedures in connection with data collection and data review. We evaluate vulnerabilities and ensure compliance with applicable laws and regulations.
- Assistance in the development of internal policies and procedures that are consistent with consumer protection regulations, data privacy practices, notification requirements, state and federal privacy laws and whistleblower laws to navigate the best methods for the collection and storage of company data.
- Assistance in consumer facing policies and agreements to reflect the cyber-hygiene practices of the company, as required by law, and developing mechanisms for obtaining necessary opt-in and consent for collection of data.
- Audit existing procedures and practices consistent with industry standards and legal requirements to reduce the risk of a data breach.
- Serving as a breach coach: coordinating and implementing the incident response plan or data breach plan, which includes a team of forensic, security, public relations and insurance professionals.
- Crafting a data incident response tailored to our clients’ needs and brand, including notifying affected customers, employees, business partners and regulators in accordance with state and federal laws.
Professionals
- Partner
- Partner
- Associate
- Of Counsel
- Partner
- Associate
- Partner
- Partner
- Partner
- Partner
- Partner
- Associate
- Partner
Experience
Related Services
Areas Of Concentration
Insights
Firm News
In the Media
Alerts
Events
Published Works
Blog Posts
Education on Demand
During this presentation Molly Arranz and John Ochoa will review data privacy and security concerns for employers, including concerns related to the Biometric Privacy Act and the Genetic Information Privacy Act. They will review best practices and policies employers should have in place to avoid legal pitfalls.
The Biometric Illinois Privacy Act (BIPA) was enacted over 12 years ago and many questions are still being battled in court as employers and employees continue to navigate this biometric privacy law.
- Don’t Gamble With Your Cybersecurity and Incident Response Plan: Lessons Learned from the Las Vegas Ransomware AttacksDon’t Gamble With Your Cybersecurity and Incident Response Plan: Lessons Learned from the Las Vegas Ransomware Attacks
Typically, we beat the drum of the need to prepare for a data incident—anything from a full-blown ransomware attack to an employee accidently sharing data with the wrong person—by having your Incident Response Plan developed and at your fingertips. Companies may view this advice through the lens of concern over loss of personal data to threat actors.
- Ready, Set, BIPA! Missouri Among States Considering Biometric Information Privacy LegislationReady, Set, BIPA! Missouri Among States Considering Biometric Information Privacy Legislation
Earlier this year, the Missouri legislature proposed its own Biometric Information Privacy Act (HB 1047), joining the growing list of states eager to enact and implement laws governing biometric data. Biometric data or information includes a person’s fingerprint, handprint, retina scan, and facial geometry.
- "Pixels" and "Cookies," Charming Terms for Tracking Technology, Can Lead to Ugly Data Privacy Headaches"Pixels" and "Cookies," Charming Terms for Tracking Technology, Can Lead to Ugly Data Privacy Headaches
In Molly Arranz and Sofia Valdivia's article, ""Pixels" and "Cookies," Charming Terms for Tracking Technology, Can Lead to Ugly Data Privacy Headaches," they give you some background on tracking technology and what key things you should be doing to protect your company from class action lawsuits.
- BIPA’s Discretionary Damages in Practice: BNSF Gets Its Shot to Reduce a Historic $228 Million JudgementBIPA’s Discretionary Damages in Practice: BNSF Gets Its Shot to Reduce a Historic $228 Million Judgement
The Illinois Biometric Privacy Act (BIPA) provides that a prevailing party “may” recover liquidated damages for a violation of the statute. Addressing the potential for “annihilative liability” in White Castle, the Illinois Supreme Court provided a (small) break in the clouds for Illinois businesses. The Illinois court explained that a trial court “would certainly possess the discretion to fashion a damage award that (1) fairly compensated claiming class members and (2) included an amount designed to deter future violations, without destroying defendant’s business.”