Skip to main content
Home
Home

Data Security Counseling and Breach Response

privacy related image

Data Security Counseling and Breach Response

Lost, stolen, or inadvertently disclosed electronic or physical records containing the personal information of users, customers, or employees—not to mention trade secrets and intellectual property—implicate a web of state and federal laws and regulatory interest.

Perkins Coie is not a newcomer to cybersecurity and breach response. Our attorneys began performing network-intrusion work 20 years ago, first as federal computer crime prosecutors and more recently in private practice.

The current legal climate includes complex, evolving, and nuanced rules governing the collection, use, storage, and disposal of information that vary by jurisdiction. We work closely with our clients to help them stay abreast of national and international regulatory and statutory changes and industry initiatives related to mobile applications, online and mobile advertising, means of capturing location information, and cloud computing.

We have advised clients regarding data security and breach response within a broad range of sectors, including energy companies, retailers, communications infrastructure providers, and defense contractors. Our clients range in size from public Fortune 100 companies and retailers with national operations and customer bases to local nonprofits, school districts, and small private companies. All are addressing legal requirements and their legal, reputational, and commercial risks.

We assist clients in developing comprehensive, best-in-class data security programs to comply with evolving legal requirements and better prepare them for network attacks and intrusions and from lawsuits and regulatory inquiries. We work with clients at all levels of maturity, from building programs from the ground up, to consulting on improvements to existing, developed programs. We plan and participate in tabletop exercises, and help clients develop customized internal resources and knowledge, whether that is spotting issues to escalate to counsel or handling breach analysis and notifications in house.

How we help clients

  • Breach response.
  • Compliance programs.
  • Cyber enforcement.
  • Emerging threats.
  • Public company disclosures.
  • Regulatory guidance.

Our Privacy & Security attorneys partner with industry and sector experts to help clients establish and maintain an appropriate cyber defense posture and to satisfy legal requirements for security and incident reporting.

Network Intrusions and Data Breaches

Perkins Coie’s Privacy & Security attorneys routinely handle security incidents in the United States and around the world. With a team that includes former U.S. Department of Justice (DOJ) national security officials and cybercrime prosecutors, the practice has amassed a significant body of hands-on work in response to network intrusions.

While not every breach involves a type of personal information that requires notification or disclosure, every breach requires attention and an individualized response tailored to the facts and nature of the breach, and an evaluation of how processes can be improved to minimize the risk of future breaches. Features of our service include:

  • An efficient approach that includes triaging the initial breach, minimizing legal risk, identifying notification and disclosure obligations, and providing notice to affected individuals, regulators, insurance carriers and others where necessary
  • Capabilities to tap into existing relationships with forensics firms, breach notification providers, and law enforcement and infrastructure assurance officials when the size or nature of the breach warrants
  • Addressing publicly traded companies' need for disclosures in security filings pursuant to the U.S. Securities and Exchange Commission’s (SEC) guidance on disclosing cybersecurity risks

Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding state-specific security breach notification requirements.

Developing Threats and Emerging Legal Requirements

The quantity and sophistication of cyber attacks has grown, and more attempted and completed attacks cause real-world impacts. From ransomware attacks that can halt operations to indictments of actors with the ability to cause potentially catastrophic physical results, malicious cyber activity is no longer just a threat to information. To meet this threat, the U.S. government has enacted legislative and regulatory cybersecurity requirements for critical infrastructure enterprises and other companies—and has emphasized that government efforts alone will not be sufficient to safeguard those assets. Rather, the private sector will have to demonstrate cybersecurity leadership.

Cyber Enforcement

Our cyber enforcement attorneys work with clients to protect their websites, internet, and mobile services, and keep their users safe from abuse. We advise clients on enforcement strategies that may include referrals to regulatory agencies or law enforcement, as well as filing civil lawsuits against the wrongdoers. Adapting our services to meet client needs, enforcement may mean a single cease-and-desist letter and follow up, to multifaceted, multiyear programs in which a company outsources its enforcement work to our dedicated team of internet enforcement attorneys.

Home
Jump back to top