Data Privacy & Cybersecurity

Practice

We are a top choice for companies wrestling with evolving data privacy rules and the latest cybersecurity threats.

Clients rely on us for comprehensive data privacy and cybersecurity advice, including implementation of internal programs and policies and compliance with the patchwork of international and U.S. federal and state data privacy rules.

Companies call upon us to structure, draft and negotiate data licenses, pooling arrangements, vendor agreements and international data transfers. We also provide advice in connection with business combinations and capital markets offerings.

When companies experience cybersecurity incidents such as data breaches and ransomware attacks, our cross-disciplinary team is a trusted partner and resource for strategic advice. Clients turn to us to head up internal investigations and respond to inquiries from the SEC, FTC, CFTC and other federal and state regulators. We also represent clients in civil litigation concerning data privacy and cybersecurity issues.

Our work in cyber law, including data privacy and data protection, is recognized by Legal 500 U.S.

Featured experience

June 1, 2021 Experience

Multiple companies in SEC investigation of the SolarWinds cyber breach

We are advising multiple public companies in the SEC investigation of the compromise of SolarWinds software

July 1, 2021 Experience

COVID-era employment-related cyber incidents

We have assisted multiple clients facing a surge of employment-related cybersecurity incidents during the pandemic

March 31, 2020 Experience

Resolution of ransomware-related claims against forensic service provider

We achieved a favorable pre-litigation resolution of claims over losses from crippling ransomware incidents

October 15, 2021 Experience

Cybersecurity and data-privacy disclosure advice to multiple clients

We assist numerous clients on disclosures in public filings and private-placement memoranda

See more experience

Our team

Insights

March 21, 2023

Client Update

SEC proposes sweeping new package of cybersecurity requirements for regulated market participants

The SEC proposed a broad suite of new cybersecurity rules for many market participants, including policies and procedures ...

February 22, 2023

Client Update

Chinese Ministry of Commerce places two companies on its Unreliable Entity List for the first time

On February 16, the Ministry of Commerce of the People’s Republic of China announced its first ever use of the Unreliabl...

News

May 31, 2023

Speaking Engagement

Data Privacy & Cybersecurity

Featured experience

Multiple companies in SEC investigation of the SolarWinds cyber breach

COVID-era employment-related cyber incidents

Resolution of ransomware-related claims against forensic service provider

Cybersecurity and data-privacy disclosure advice to multiple clients

Our team

Greg D. Andres

Matthew J. Bacal

Robert A. Cohen

James W. Haldin

Insights

SEC proposes sweeping new package of cybersecurity requirements for regulated market participants

Chinese Ministry of Commerce places two companies on its Unreliable Entity List for the first time

News

Jamie Haldin speaks at the 2023 Global GRC, Data Privacy & Cyber Security ConfEx

Davis Polk lawyers speak at HKSI’s 2023 Data Security program

Robert Cohen quoted in Cybersecurity Law Report on the SEC’s proposed cyber rules

Robert Cohen quoted in Cybersecurity Law Report on the SEC’s proposed incident mandate

Davis Polk elects nine new partners