Cybersecurity, Privacy & Data Protection
Information security & data strategy have never been more critical. Public and private sector clients alike are tackling novel privacy and data management issues in an ever-evolving regulatory environment. Against this backdrop, Akin helps clients navigate the intersection of regulation, technology and risk.
Our global, cross-disciplinary cybersecurity, privacy & data protection group is one of the nation’s most experienced teams—comprised of market-leading practitioners advising on existing and emerging data privacy regulations and statutes. For decades, we have helped to shape cybersecurity policy and guided clients through complex legal and technical challenges during every phase of the incident lifecycle and beyond.
We provide data strategy counseling and advise on the full scope of cybersecurity, privacy & data protection matters across regulatory compliance and due diligence, investigations and disputes, board and policy advisory work, and data breach preparedness and response.
Market Leaders
Bringing backgrounds in government, trade associations and the private sector, our lawyers have a great depth of practice and unparalleled technical expertise.
Our cybersecurity, privacy & data protection group includes lawyers and former top-ranking officials who have received the highest industry honors, including the following distinctions:
- Practice ranked in Band 1 and partners individually ranked by Chambers USA in the nationwide privacy and data security category.
- Partner named to Cybersecurity Docket’s Incident Response 50, the world’s 50 best data breach response lawyers.
- Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) Framework.
- Former Special Assistant to the Assistant Secretary for Infrastructure Protection, Department of Homeland Security and current member of the Council on Foreign Relations.
- Former general counsel and chief privacy officer at the International Association of Privacy Professionals (IAPP), and holder of IAPP certifications in Certified Information Privacy Professional/Europe (CIPP/E), CIPP/US and Certified Information Privacy Manager (CIPM).
- Former counsel for a major electric utility company.
- Winner of Global Data Review’s Women in Data award and the Daily Journal’s Top Cybersecurity/Artificial Intelligence (AI) Lawyer honor.
- Winner of The Daily Journal’s award as one of California’s top cyber/AI lawyers since 2018.
- Former Chairman of the House Committee on Science, Space and Technology, who was the first member of Congress to hold a hearing on AI.
- Former Senior Counsel in the U.S. Securities and Exchange Commission (SEC) Division of Enforcement, who led numerous investigations.
Experience Across Industries & Technologies
Our experience spans industries & technologies, including investment management & private equity, financial services, government contracts, health care & life sciences, retail, energy & infrastructure, transportation, insurance, software, telecommunications, professional sports, media & entertainment, AI, e-commerce, data aggregation and data-sharing platforms, biometrics, autonomous vehicles, smart cities, Internet of Things (IoT), and digital assets, cryptocurrency & blockchain.
We routinely advise on the regulatory landscape involving connected devices, the use of AI in governments and the private sector and cybersecurity risks via the supply chain. In addition, we assist clients with first-in-class digital health products, privacy-by-design digital marketing solutions and unique cybersecurity products targeting heavily regulated markets.
Services In-Depth
Preparedness & Incident Response
Incident response, data strategy and critical infrastructure protection are the hallmarks of our practice. Our team has handled hundreds of incidents, including some of the largest data breaches in history. We help clients proactively and strategically implement plans that speed the response time and mitigate risk. Clients rely on Akin to prepare comprehensive responses to rapidly evolving cybersecurity risks and threats, including ransomware and other cyber attacks.
Akin is the first call for clients when an incident occurs. We have boots on the ground, engaging prominent consultants to perform privileged forensic investigations, to review regulatory and contractual reporting obligations and to report to the board of directors. We help them to become board ready by drawing on our decades of experience preparing, briefing and advising corporate boards navigating breaches and other cyber risks.
We routinely partner with boards of directors and C-suite level executives, and work shoulder to shoulder with our clients’ internal teams to develop efficient cybersecurity compliance programs. Akin develops data breach exercises testing incident response plans to identify and address any weaknesses, and help companies prepare for new and evolving threats. To that end, we bring together cross-functional teams to address regulatory compliance, communications, public relations, reputational risk, crisis management and other pressing issues.
Recognized for our interdisciplinary approach, we work seamlessly across the firm with colleagues in our regulatory, lobbying & public policy, government contracts, national security, investment management & private equity, mergers & acquisitions (M&A) and corporate, insurance, litigation & investigations, state attorneys general and white collar defense practice groups, among others.
Compliance & Counseling
Our information security compliance & privacy counseling experience encompasses cybersecurity, AI regulatory and data privacy. Leveraging our deep knowledge of state, federal and global privacy and data protection laws, combined with expertise in emerging technologies, we offer full support to clients facing complex issues around investments, transactions and disputes.
On behalf of domestic and multinational companies and global asset managers, we provide privileged enterprise-wide cybersecurity and privacy risk assessments and compliance reviews, and we help develop fully compliant cybersecurity and privacy programs.
Our board advisory work encompasses due diligence in mergers, acquisitions, restructurings and other transactions and presentations to financial services firms, investment funds and boards of directors on compliance oversight programs, including for recently acquired portfolio companies.
We facilitate privileged cybersecurity tabletop exercises and security assessments, and we engage independent forensic consultants to test clients’ networks, including through privileged penetration tests and incident simulations. From advising global tech and defense companies on developing compliant policies to providing advice to private equity firms on lessons learned from recent breaches, we help clients establish fulsome privacy and cyber programs, policies, procedures and governance.
Our advice also covers the issues impacting national security, public policy, international trade and government contracts. Notably, Akin has some of the most experienced government contracts lawyers in the nation and the team has handled many of the largest FCA settlements ever recorded. We assist government contractors and their supply chains in complying with cybersecurity and privacy regulations.
Investigations, Enforcement & Litigation
We have successfully represented a broad array of corporate and investment fund clients in litigation, enforcement and government investigations involving cybersecurity and data privacy.
Our firm is a trusted partner for global internal investigations concerning cybersecurity, privacy & data protection matters. We have led hundreds of data breach and privacy-related investigations, as well as investigations of potential employee misconduct with regard to data, potential corporate espionage and other issues.
Our renowned class action litigators defend companies in jurisdictions nationwide. We counsel clients on how to mitigate liability with regard to privacy and data protection issues and defend them in related litigation and in regulatory and congressional investigations.
Full Range of Regulations
We advise clients on the full range of cybersecurity, privacy & data protection regulations and programs, including the:
- Biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA), Texas Biometric Privacy Law and Washington Biometric Privacy Protection Act
- California Fair Debt Collection Practices Act (Rosenthal Act)
- California Invasion of Privacy Act (CIPA)
- California Shine the Light Law (STLL)
- Children’s Online Privacy Protection Act (COPPA)
- Computer Fraud and Abuse Act (CFAA)
- Cybersecurity Maturity Model Certification (CMMC) Program
- Data breach notification laws
- Defense Federal Acquisition Regulations (DFAR)
- Electronic Communications Privacy Act (ECPA)
- EU General Data Protection Regulation (GDPR)
- Fair and Accurate Credit Transactions Act (FACTA)
- Fair Credit Reporting Act (FCRA) and state credit reporting laws
- False Claims Act (FCA)
- Federal Acquisition Regulations (FAR)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
- Song-Beverly Credit Card Act
- State privacy regulations, such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Connecticut Data Privacy Act (CTDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA) and Virginia Consumer Data Protection Act (CDPA)
- Telemarketing Sales Rule and the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
- Telephone Consumer Protection Act (TCPA) and state telemarketing laws
- U.S.-EU Privacy Shield
- Video Privacy Protection Act (VPPA).
Data Dive Blog
Written and curated by a multidisciplinary group of attorneys, Data Dive delivers key insights on cybersecurity, privacy and other data-related topics impacting organizations across the globe. Visit here.
