• Mumbai ,New Delhi ,Jaipur, Ahmedabad ,Allahabad, Patna, Bangalore , Hyderabad ,Chennai, Ranchi, Kolkata , Berlin ,Princeton, New York, Dubai , Harare, Moscow, Australia

Data Privacy and Cyber Security Practice

Regulations protecting data privacy are continuing to evolve, as the amount of such information grows exponentially. Every company collects, stores, and uses personal data, and it is critical that you act carefully to comply with the evolving, and often conflicting, laws, regulations, and standards worldwide.

We offer the full spectrum of data protection, privacy, and cyber security legal services with a truly global network to support you. We advise clients on the full life-cycle of data management and protection, from the conception of a project or product, involving the collection of personal information, through its handling, disclosure, transfer, and deletion.

We regularly advise on data protection laws and regulations in India, the U.S., and Europe. We can assist you in achieving compliance with data protection regulations on a national and international scale, including recent laws such as the Indian data privacy laws, (GDPR), California Consumer Privacy Act (CCPA), and California Privacy Rights Act (CPRA),

In particular, we regularly advise on a wide range of privacy and security issues under the

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA), state privacy laws, and applicable international privacy laws, such as the EU General Data Protection Regulation (GDPR),
  • IT-related applicable laws such as the Information Technology Act, of 2000,
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011,
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021,
  • Information Security standards under BIS, ISO and Digital Personal Data Protection Bill, 2022 in case of processing of digital personal data.

Our lawyers can help you:

  • Implement and evaluate enterprise-wide data protection and cyber security policies and procedures, including training and systems testing
  • Support enterprise-wide cyber security and data breach function, including the preparation of incident response manuals, engaging forensics investigators, reviewing and advising on forensics reports, advising on notification requirements globally, meeting with state and federal regulators, and training related to the same.
  • Advise on legal considerations for the use of data in analytics, product development, and marketing
  • Analyze, document, and support the international transfer of personal data
  • Review and revise all aspects of agreements involving the exchange of data, including vendor and contractor agreements, data processing agreements, digital advertising agreements, and agreements with advertising agencies
  • Conduct data inventories or audits and advise clients on the compliance measures required as a result of a gap assessment
  • Review and prepare employee notices and conduct related data privacy training
  • Evaluate security processes and procedures and work with internal teams to establish and document “reasonable security” as required by laws
  • Respond to actual and potential data and cyber security incidents involving personal data, including data breaches, other incidents involving loss of data, and ransomware and other extortion events
  • Defend data and technology-related actions, including class action litigation and regulatory enforcement
  • Negotiate cyber-liability coverage, advise on privacy-related risks and associated coverage terms in transactions, and assist with insurance coverage claims.