Cybersecurity, Data Privacy & Information Management

Weil’s Cybersecurity, Data Privacy & Information Management practice leverages the experience of its practitioners in the United States and Europe to provide comprehensive counseling on the full spectrum of data privacy and security matters. We have extensive experience advising on compliance and risk management, performing due diligence, assessing risk in transactions, assisting in product development, guiding cybersecurity efforts, responding to data security incidents, and defending bet-the-company litigation.

Notable Representations, Key Contacts

We partner with our clients to develop holistic and tailored strategies to mitigate and address business and legal risks in connection with advising on the privacy and data security aspects of the full range of corporate transactions (in close partnership with Weil’s Private Equity and M&A practice and Technology and IP Transactions practice), defending government investigations and other privacy-related proceedings, counseling with respect to compliance with a broad array of jurisdiction- and sector-specific privacy and data security laws, and coordinating urgent first-responder assistance in the event of a breach.

Recognizing that a cyber- or privacy-related development can expand to encompass a number of other significant legal issues, our practitioners work closely with attorneys in our White Collar Defense, Regulatory and Investigations, Securities Litigation, Complex Commercial Litigation, Restructuring and Employment Litigation practices, among others, to address all aspects of privacy-related risks, including those related to trade secrets theft, funding or financial issues, and disputes with vendors and other third parties.

We also maintain excellent working relationships with public relations and communications firms and other cyber-first responders and forensic experts, as well as insurance carriers and brokers, so that our clients have one-stop access to all of the resources necessary to swiftly address and resolve a crisis situation, should one develop.

Specifically, Weil lawyers routinely work with clients in the following areas:

  • Conducting due diligence, drafting and negotiating transactional documents in the context of mergers, acquisitions, and private equity transactions.
  • Counseling clients on the data protection and privacy aspects of contemplated or active bankruptcy filings and restructuring, and representing clients in related proceedings.
  • Providing comprehensive and/or targeted counseling on compliance with laws governing data privacy and information management, including:
    • EU General Data Protection Regulation (GDPR);
    • California Consumer Privacy Act (CCPA);
    • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA);
    • U.S. sector-specific data privacy laws, regulations and guidelines, including the Fair Credit Reporting Act (FCRA), Health Insurance Portability and Accountability Act (HIPAA), Children’s Online Privacy Protection Act (COPPA), Illinois Biometric Information Privacy Act (BIPA) and other laws related to biometric data, and the Payment Card Industry Data Security Standard (PCI-DSS);
    • U.S. marketing laws, such as the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act and the Telephone Consumer Protection Act (TCPA); and
    • The full range of state and federal data breach notification laws.
  • In connection with compliance counseling, providing services that include:
    • Developing data protection and privacy policies and plans;
    • Developing and conducting employee training and compliance programs;
    • Advising on the implementation of data access and deletion request processes;
    • Drafting and negotiating agreements with vendors and suppliers in accordance with laws governing the disclosure and transfer of personal information;
    • Addressing data protection issues in the context of outsourced arrangements, including cloud providers and global HR databases; and
    • Creating, reviewing and advising clients regarding strategies for international data transfers, including Standard Contractual Clauses, Binding Corporate Rules, and compliance with internationally recognized frameworks such as the EU-U.S. and Swiss-U.S. Privacy Shield Programs.
  • Mobilizing and guiding responses to data breaches or other security incidents involving personal information, including working with all stakeholders in connection with internal and external investigations, vulnerability mitigation, notification, and mitigation of reputational damage.
  • Representing clients in potential or active adverse postures related to privacy and data security issues, including in government investigations and consumer class action litigations;
  • Advising clients regarding privacy issues that may arise in connection with conducting corporate diligence and with undertaking e-discovery in the litigation context (i.e., ensuring compliance with applicable privacy laws is maintained in the population and use of data rooms and e-discovery platforms).

Selected Representations

Technology Acquisitions


Employment Data Privacy


Key Contacts

Michael A. Epstein

Michael A. Epstein


New York

Randi W. Singer

Randi W. Singer


New York, Silicon Valley

See list of lawyers globally

Shortcut Links

Weil Data Privacy Podcast: Episode 1

Listen to the podcast.

Speaking Engagements, Latest Thinking, Firm News & Announcements

Speaking Engagements

View all

Latest Thinking

View all

Firm News & Announcements

View all