Cybersecurity, Data Privacy & Information Management

Weil’s Cybersecurity, Data Privacy & Information Management group partners with clients to develop holistic strategies for mitigating business and legal risks associated with the aggregation, use, dissemination and storage of information and data, and, in the event of an incident involving that data, address any regulatory inquiries or investigations, and defend against shareholder, consumer, employee and other litigation.

Notable Representations, Key Contacts

Drawing on the experience of our corporate governance, intellectual property and technology practices, among others, Weil works strategically with each of the critical players with responsibility for oversight of a company’s cybersecurity and data risks. Whether counseling the Board with respect to the company’s Cyber Incident Response Plan, working with the General Counsel to mobilize a data breach response or teaming with the Chief Technology and Chief Information Officers to conduct a privacy audit of the company’s vendors, we have the capabilities necessary to provide companies with tailored or full-service primary advice, while maintaining the continuity of their operations amidst evolving cyber-threats and a complex regulatory landscape.

Additionally, recognizing that a cyber- or privacy-related development can expand to encompass a number of other significant legal issues, our group works hand-in-glove with attorneys in our White Collar Defense, Regulatory and Investigations, Securities Litigation, Complex Commercial Litigation, Business Finance & Restructuring and Employment Litigation practices, among others, to address subsequent risks such as government or regulatory inquiries, shareholder, consumer, or employee class action litigation, trade secrets theft, funding or financial issues, and disputes with vendors, service providers and other third parties.

Finally, we maintain excellent working relationships with insurance carriers and brokers, public relations and communications firms and other cyber-first responders and forensic experts, so that our clients have one-stop access to all of the resources necessary to swiftly address and resolve a crisis situation, should one develop.

Backed by all of these resources, Weil works with clients to:

  • Develop cybersecurity and privacy Incident Response Plans;
  • Draft privacy and data protection policies;
  • Investigate potential acquisitions and revise privacy policies for newly-acquired companies;
  • Counsel on legal compliance with U.S. federal and state privacy and information management requirements – including the Gramm-Leach-Bliley Act, HIPAA, the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, CAN-SPAM, state and federal security breach notification laws, and the Payment Card Industry Data Security Standard – as well as compliance with international data protection laws, including the EU Data Protection and Telecommunications Privacy Directives and the Canadian Personal Information Protection and Electronic Documents Act;
  • Advise on cybersecurity insurance issues;
  • Draft and negotiate vendor contractors and information use and distribution agreements;
  • Conduct privacy audits of companies and of third party vendors;
  • Negotiate cloud computing agreements;
  • Address data protection issues in the context of outsourced arrangements, including global HR databases;
  • Defend class action litigation on privacy and data security issues;
  • Work with internal and external public relations staff to mitigate reputational damage;
  • Liaise and negotiate with cyber first-responders and other vendors;
  • Coordinate data breach response and recovery efforts on a nationwide basis;
  • Develop employee training and compliance programs;
  • Develop and implement employee policies, including “Bring Your Own Device” (BYOD);
  • Aid compliance with email and telemarketing regulations;
  • Conduct internal investigations on privacy and Foreign Corrupt Practices Act issues;
  • Aid regulated entities in cybersecurity regulatory examinations conducted by the Securities Exchange Commission’s SEC Office of Compliance Inspections and Examinations (OCIE), Financial Industry Regulatory Authority (FINRA), and the Federal Deposit Insurance Corporation (FDIC);
  • Coordinate privacy issues in conjunction with e-discovery;
  • Advise on specific EU data protection issues, including those relating to cookies;
  • Counsel on data protection issues arising out of use of social media platforms;
  • Counsel on cross-border compliance; and
  • Create strategies for international data transfers, including Binding Corporate Rules, safe harbor clauses, and model clauses.

Selected Representations

Technology Acquisitions


Employment Data Privacy


Key Contacts

Michael A. Epstein

Michael A. Epstein


New York

Randi W. Singer

Randi W. Singer


New York, Silicon Valley

See list of lawyers globally

Shortcut Links

Cybersecurity Pop Quiz

Pop Quiz

Click here for the quiz.

Weil Data Privacy Podcast: Episode 1

Security Breach Notification Laws - Data Privacy Survey 2016

Data Privacy Survey 2016
Click here for the survey.

Speaking Engagements, Awards and Recognition, Latest Thinking, Firm News & Announcements

Speaking Engagements

View all

Latest Thinking

View all

Firm News & Announcements

View all