Data privacy and cybersecurity

Overview

Over the past 17 years, the national Data Privacy and Cybersecurity team at McDonald Hopkins, comprised of 54 attorneys, has counseled clients in nearly every industry through more than 18,500 data breaches and privacy incidents – 2,400 of those in the last year alone – and have successfully navigated organizations through thousands of complex regulatory investigations.

NetDiligence Platinum Breach Coach Seal McDonald Hopkins is a Platinum Breach Coach^® Law Firm with nationally-recognized and award-winning privacy attorneys.

We believe in a comprehensive approach to data privacy and cybersecurity. Our robust team of attorneys, solely focused in data privacy and cybersecurity, have a wealth of knowledge and specializations. We are able to tackle whatever your business may need, from preventing and protecting your organization’s assets with our CyberSavvy^® pre-breach services, responding to an active privacy incident or cyber attack, providing regulatory defense, or leading your organization through privacy litigation.

McDonald Hopkins Data Privacy and Cybersecurity Services

Experience

Defended a transcription company in a class action involving patients’ Protected Health Information visible on the Internet. We were successful on a Motion for Summary Disposition based on lack of standing which dismissed our client from the still pending lawsuit.
Advising several colleges and universities on appropriate data breach response, including compliant notification to students, alumni and faculty throughout the United States and around the world. We are also managing regulatory investigations for these colleges and universities, from state attorneys general and the Office for Civil Rights.
Defended a professional service provider in litigation involving a stolen laptop. The laptop contained a large database of information related to the customers of the professional service provider’s customer. The action was filed in state court, but was resolved prior to the commencement of discovery.
Represented a large financial institution in a putative class action filed in federal court stemming from the theft of computer hardware containing customers’ personal and confidential information. We filed a motion to dismiss the lawsuit on the grounds that the plaintiff alleged only “identity exposure,” not “identity theft,” and therefore lacked standing as a matter of law. The federal court granted our motion, and the lawsuit was dismissed with prejudice. Tod R. Kidman v. Wells Fargo & Co., et al., United States District Court for Northern District of Ohio, Case No. 1:07 CV 3685.
Acted as a breach coach to several large and elite colleges and universities. In addition, we have assisted them in complying with applicable state and federal privacy statutes.
Counsel some of the largest medical groups in the country on the HIPAA Privacy, Security and Notification Rules, including investigations, breach coaching, incident notification, and investigations by the Office for Civil Rights.
Investigated a scheme run on a multi-billion dollar publicly traded company in which a third party impersonated the company’s CEO or CFO to obtain materials on credit charged to the company. The third party had access to, and used in furtherance of the scheme, the company’s D&B number, FEIN, Bank relationships (including individual names) among other things.
Prosecuted third party vendors for indemnification due to vendors’ negligence resulting in data breaches.
Acted as counsel to a publicly traded company whose confidential and non-public information was inadvertently left in an airport.
Represented a software company when a software vendor advised the client that it had uncovered a security issue in its supplied software which could allow a security breach to end users (large retailers) of the client’s software. We advised the client regarding liability issues, notifications, indemnifications, and other related matters.
Counsel for one of the largest data security and erasure providers, providing advice and counsel to it, and its clients related to data storage and erasure best practices, post data breach obligations and loss mitigation. We also counseled and advised on lost and stolen laptops and hard-drives which were improperly erased resulting in exposure of confidential and proprietary information.
Investigated a pornographer spoofing a client’s server and sending emails purporting to be the client to the client’s customers containing a link to pornography. We were able to immediately shut down the linked website and advised with respect to the required interaction with the relevant government agencies.
Advise clients on compliance with Massachusetts Data Privacy Standards.
Drafts and implements Written Information Security Programs and Incident Response Plans for numerous businesses and organizations.
Coordinate training of employees on organizations’ data security programs and policies.
Conducted an investigation on behalf of a public technology sector company in relation to a foreign based email purchasing scheme utilizing the company’s identifying information, and developed and implemented responsive countermeasures.
Advised numerous clients on website privacy policies and practices.
Broad experience in internet and technology litigation and investigations.
Counseling on handbook provisions for employees of a client in the credit card processing industry relating to preserving security.
General counsel to a leading provider of data security, data erasure and IT Asset Retirement. In that role, we counsel our client and its clients as to best practices and liability relating to data security and data erasure.