Notable Representations, Key Contacts
Drawing on the experience of our corporate governance, intellectual property and technology practices, among others, Weil works strategically with each of the critical players with responsibility for oversight of a company’s cybersecurity and data risks. Whether counseling the Board with respect to the company’s Cyber Incident Response Plan, working with the General Counsel to mobilize a data breach response or teaming with the Chief Technology and Chief Information Officers to conduct a privacy audit of the company’s vendors, we have the capabilities necessary to provide companies with tailored or full-service primary advice, while maintaining the continuity of their operations amidst evolving cyber-threats and a complex regulatory landscape.
Additionally, recognizing that a cyber- or privacy-related development can expand to encompass a number of other significant legal issues, our group works hand-in-glove with attorneys in our White Collar Defense, Regulatory and Investigations, Securities Litigation, Complex Commercial Litigation, Business Finance & Restructuring and Employment Litigation practices, among others, to address subsequent risks such as government or regulatory inquiries, shareholder, consumer, or employee class action litigation, trade secrets theft, funding or financial issues, and disputes with vendors, service providers and other third parties.
Finally, we maintain excellent working relationships with insurance carriers and brokers, public relations and communications firms and other cyber-first responders and forensic experts, so that our clients have one-stop access to all of the resources necessary to swiftly address and resolve a crisis situation, should one develop.
Backed by all of these resources, Weil works with clients to:
- Develop cybersecurity and privacy Incident Response Plans;
- Draft privacy and data protection policies;
- Investigate potential acquisitions and revise privacy policies for newly-acquired companies;
- Counsel on legal compliance with U.S. federal and state privacy and information management requirements – including the Gramm-Leach-Bliley Act, HIPAA, the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, CAN-SPAM, state and federal security breach notification laws, and the Payment Card Industry Data Security Standard – as well as compliance with international data protection laws, including the EU Data Protection and Telecommunications Privacy Directives and the Canadian Personal Information Protection and Electronic Documents Act;
- Advise on cybersecurity insurance issues;
- Draft and negotiate vendor contractors and information use and distribution agreements;
- Conduct privacy audits of companies and of third party vendors;
- Negotiate cloud computing agreements;
- Address data protection issues in the context of outsourced arrangements, including global HR databases;
- Defend class action litigation on privacy and data security issues;
- Work with internal and external public relations staff to mitigate reputational damage;
- Liaise and negotiate with cyber first-responders and other vendors;
- Coordinate data breach response and recovery efforts on a nationwide basis;
- Develop employee training and compliance programs;
- Develop and implement employee policies, including “Bring Your Own Device” (BYOD);
- Aid compliance with email and telemarketing regulations;
- Conduct internal investigations on privacy and Foreign Corrupt Practices Act issues;
- Aid regulated entities in cybersecurity regulatory examinations conducted by the Securities Exchange Commission’s SEC Office of Compliance Inspections and Examinations (OCIE), Financial Industry Regulatory Authority (FINRA), and the Federal Deposit Insurance Corporation (FDIC);
- Coordinate privacy issues in conjunction with e-discovery;
- Advise on specific EU data protection issues, including those relating to cookies;
- Counsel on data protection issues arising out of use of social media platforms;
- Counsel on cross-border compliance; and
- Create strategies for international data transfers, including Binding Corporate Rules, safe harbor clauses, and model clauses.
- Weil has counseled on data privacy issues in hundreds of high-value, high-profile technology transactions, including advising:
- Verizon Communications Inc. in its agreement to purchase AOL Inc. for approximately $4.4 billion, in a deal that will further drive Verizon’s LTE wireless video and OTT (over-the-top video) strategy;
- Facebook in connection with privacy issues in its $16 billion acquisition of WhatsApp, a provider of a cross-platform mobile messaging application that allows a client to exchange messages without having to pay for SMS;
- Yahoo! in all technology and IP aspects of its $4.5 billion sale of its operating business to Verizon Communications Inc.;
- Yahoo! in connection with IP and privacy matters in its $1.1 billion acquisition of popular blogging site Tumblr, and its $240 million acquisition of Flurry Analytics;
- eBay on its acquisition of Shutl, the UK-based technology start-up connecting retailers with a network of local same-day carriers to provide a “super-fast” delivery service for consumer goods; and
- Twilio Inc., a cloud communications provider of application programming interfaces (APIs) for communications apps, in its acquisition of Authy, Inc., a provider of Authentication-as-a-Service for large-scale Web and mobile applications.
- In these and other transactions, Weil has advised on data privacy issues across a broad range of technologies, from high tech (Internet of Things (IoT), Global Positioning Systems (GPS), big data and analytics) to the highly-regulated (financial services, consumer credit, and health care), and everything in between (consumer goods, news aggregators, and online music services).
- Weil advised a major NASDAQ-listed media company on privacy issues arising out of its international whistle blowing policy.
- Weil advised a major international investment bank on BYOD issues and related data privacy implications.
- Weil advised Yell.com in the UK on data protection issues.
- Weil advised a major electronics and technology company on privacy issues relating to collection of television viewing data.
- Weil advised a provider of shipping and energy services on the implementation of a compliant employee monitoring policy and procedure. Our advice related to the monitoring of emails and internet usage and concerned employees located in the United Kingdom as well as a number of foreign jurisdictions where local law advice was provided.
- Weil advised a major financial institution on the data protection consideration applicable to a “Bring Your Own Device” scheme, including the recommendation of a number of practical and commercial steps to minimize the risk of a data security breach or other breach of law.
- Weil represents First Data Corp. in a dispute in federal court relating to a credit card payment processing agent’s liability in connection with cyberattacks.
- Weil obtained the dismissal of all claims brought against MovieTickets.com based on allegations that email confirmations sent to customers following their on-line purchase of movie tickets from MovieTickets.com violated the FACT Act by including a credit card expiration date.
- Weil represents Houghton Mifflin in a putative class action in the Southern District of New York alleging violations of the Telephone Consumer Protection Act (TCPA). The plaintiff, a religious entity, alleges that Houghton Mifflin distributed thousands of fax advertisements throughout New York State that were unsolicited and that lacked proper opt-out notices; the plaintiff purports to represent three sub-classes of individuals who received such faxes during a four-year window. The matter is pending.
Cybersecurity Pop Quiz
Click here for the quiz.
Weil Data Privacy Podcast: Episode 1
Security Breach Notification Laws - Data Privacy Survey 2016
Click here for the survey.