Companies are increasingly collecting and possessing a significant amount of customer and employee personal data.  How this data is collected and used brings with it the potential for crushing liability.  Shook’s Privacy and Data Security team helps our clients identify, understand, and minimize these risks.  What sets Shook apart from its competition is its willingness to think differently, understand our client’s business, listen, and innovate.

Shook’s Privacy and Data Security team provide proactive and reactive services.  Examples of our proactive work include:

  • Advising companies on compliance with HIPAA, GDPR, GLBA, COPPA, CAN-SPAM, FAR, FACTA, TCPA, biometric privacy laws, the New York Department of Financial Services Cybersecurity Requirements, and state online privacy laws;
  • Drafting privacy and data security agreements between our clients and their vendors;
  • Performing information security assessments under the direction of counsel to maximize the assertion of privilege;
  • Building global compliance programs that operationalize privacy and data security legal requirements in a way that work for our clients’ specific business needs;
  • Drafting privacy policies and consumer-facing notices;
  • Perform written privacy impact and privacy risk assessments;
  • Undertaking due diligence assessments as part of a merger or acquisition;
  • Preparing Written Information Security Plans; and,
  • Training our clients’ employees, officers, and boards of directors.

Examples of our reactive work include:

  • Directing complex breach response efforts (some of which have affected millions of individuals in hundreds of countries), which may include advising clients on their notification obligations, directing the forensic investigation, drafting notices to affected individuals and regulators, responding to media and regulatory inquiries, and working with law enforcement identify the perpetrator(s);
  • Representing companies in class action lawsuits arising from data breaches and privacy incidents; and.
  • Representing companies in responding to regulatory inquiries and enforcement actions following privacy and security incidents.

Within the Privacy and Data Security practice, Shook has developed “mini-teams” of experts who possess expertise in sub-niche areas such as incident response, biometric privacy, vendor agreement drafting, the GDPR, Latin American privacy law, artificial intelligence, and privacy and data security laws affecting specific sectors (e.g., healthcare, financial services, retail, manufacturing, and technology).

The highest priority for Shook’s Privacy and Data Security team is service.  We strive to ensure that our clients receive the best service a law firm can provide.  This means understanding our clients’ business, identifying trends and risks before our clients do, maximizing cost predictability, innovating with alternative fee arrangements, and exceeding every commitment we make.