In the face of heightened public attention, government scrutiny and private litigation risks, data privacy and cybersecurity considerations should be front of mind for management, directors and shareholders of businesses in all sectors. These issues will only grow in prominence as the financial value of personal data and other types of information continues to increase and cyber threats continue to proliferate and evolve in sophistication.
With an interdisciplinary approach that draws on the strengths of our world-class practices across the firm, Davis Polk’s data privacy and cybersecurity team is well positioned to support our clients through all phases of their business models and in any circumstances that arise. Our team is composed of lawyers from a range of corporate, regulatory and litigation practices, and includes many with significant government tenure – including at the Securities and Exchange Commission, Federal Trade Commission, Department of Justice and FBI.
We provide our clients with comprehensive data privacy and cybersecurity counseling on a range of issues, including:
- Advising on the applicability of, and compliance with, relevant laws, rules and regulations relating to the collection, use, retention, protection, disclosure, destruction and other processing of personal data under the evolving patchwork of U.S. federal and state legislation and regulation, including the California Consumer Privacy Act, the New York SHIELD Act and the New York State Department of Financial Services’ cybersecurity regulations, as well as under the EU’s General Data Protection Regulation
- Advising on the implementation of privacy and cybersecurity programs, including third party oversight and internal and external privacy policies
- Advising boards of directors and senior management on data privacy and cybersecurity corporate governance
- Advising on the impact of privacy and cybersecurity laws and regulations on product development from inception through launch
- Structuring, drafting and negotiating data licenses, pooling arrangements, vendor agreements and international data transfers
- Advising on data privacy and cybersecurity diligence, risk allocation and transaction structuring implications in connection with mergers and acquisitions and other commercial transactions
- Drafting data privacy and cybersecurity disclosures in connection with IPOs and other capital markets offerings and ongoing reporting obligations
- Providing policy advice and representation before federal and state legislatures on pending bills and other privacy-related issues
- Advising companies on data access requests by government agencies
- Providing strategic advice to clients before, during, and after cybersecurity incidents such as data breaches and ransomware attacks
- Leading internal investigations and responding to regulatory inquiries from the SEC, FTC, CFTC and other federal and state regulators
- Representing clients in civil litigation concerning data privacy and cybersecurity issues