Skip to content

Data Privacy and Cybersecurity

In today’s information-driven economy and changing regulatory environment, companies need cohesive strategies to manage data privacy and cybersecurity risk

Our multidisciplinary team has the experience to help your organization address these risks, risks such as developing data privacy compliance programs, preparing for and responding to data breaches, and handling public policy and legislative issues. Varnum’s Data Privacy and Cybersecurity Team assists organizations large and small with development of sound data privacy and security practices, along with real-time advice to address the evolving regulatory environment.

We advise clients on a wide range of matters, including:

  • State privacy laws, including the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Delaware Personal Data Privacy Act (DPDPA), the Montana Consumer Data Privacy Act (MCDPA), the Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA), the Oregon Consumer Privacy Act (OCPA), the Tennessee Information Protection Act (TIPA), the Texas Data Privacy and Security Act (TDPSA), the Utah Consumer Privacy Act (UCPA) and the Virginia Consumer Data Protection Act (VCDPA), as well as state privacy laws in Indiana, Iowa and New Jersey
  • Europe’s General Data Protection Regulation (GDPR)
  • Data privacy policies and consumer-facing statements
  • Data licensing agreements, terms of use and other data-related agreements
  • Drafting and negotiating contracts consistent with company policies and best practices
  • E-commerce issues
  • Mobile apps
  • Public policy and legislative advocacy and counsel
  • Data security breach preparedness and compliance that also includes working with forensic companies and insurers as well as developing internal and external communications
  • Data breach response and assessment
  • Privacy-related claims and disputes
  • Employee privacy and data handling training
  • Health care privacy, including Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) and Protected Health Information (PHI) data breach responses
  • Investigations and e-discovery privacy management
  • Cybersecurity guidance and internal policy development
  • Due diligence and warranty negotiation for mergers and acquisitions as well as cross-border data transfers
  • Records management and data retention policies

“Varnum always has an expert to offer sound advice and guidance for any issue we bring to them.”

Client, US News – Best Lawyers® Best Law Firms

Sign up to be the first to access our leading legal insights.

The link you have selected will redirect you to a third-party website located on another server. We are offering the link for your convenience. Varnum has no responsibility for any external websites and makes no express or implied warranties about any external websites.

Please be aware that contacting us via e-mail does not create an attorney-client relationship between you and the firm. Do not send confidential information to the firm until you have spoken with one of our attorneys and receive authorization to send such materials.