Cybersecurity and Privacy


Today, every business could be called an information management company. Whether managing sensitive employee and customer data or connecting to the ever-growing Internet of Things, the information that companies collect, create, and manage is becoming an increasingly valuable business asset. However, the risks that arise out of the gathering, maintenance, dissemination, and disposal of information are nearly as great as the benefits such data provides. To effectively address these challenges, companies must take proactive measures to handle and protect these sensitive assets and still enable optimal business performance.

Protect Corporate Information and Reduce Risk

Honigman’s Cybersecurity and Privacy practice—together with our Technology Transactions team—focuses on managing risks without impeding business growth. We advise clients on how to develop comprehensive programs to ensure that potential threats are identified and addressed, information collection and use adheres to compliance and regulatory frameworks, and information assets are protected. Our attorneys have extensive experience advising clients on all aspects of managing corporate information, and several of our attorneys are Certified Information Privacy Professionals, a gold standard certification from the International Association of Privacy Professionals, the world’s largest and most comprehensive global information privacy organizations. Honigman is also a corporate member of the IAPP.

In addition to creating effective mechanisms for managing information, we also have extensive experience navigating through the complexities of data breaches and security incidents. In partnership with our Data Security and Privacy Litigation practice team, we help clients prepare for, defend against, and respond to data breach and security incidents.

How We Help

We take a preventive approach to helping clients minimize information risks. Our core areas of capability include:

  • Cybersecurity and privacy programs. Effective information management requires a careful balance of proper use, protection and risk reduction policies and procedures. We help clients ensure that information use adheres to necessary legal and regulatory requirements without unduly burdening the business. We regularly offer guidance in the following:
    • Developing a corporate strategy for information collection and use
    • Creating internal programs and processes for managing information, such as privacy impact assessments, vendor due diligence, privacy by design, and internal training
    • Drafting necessary privacy policies, including website privacy notices, terms and conditions, and written information security policies (WISP)
    • Assessing privacy risks and developing associated mitigation plans
    • Evaluating cybersecurity programs and remediating gaps
  • Regulatory compliance. Numerous cybersecurity and privacy regulatory and legal frameworks govern the collection, use, disclosure, storage, and destruction of information, both domestically and internationally. Navigating these often-complex regimes can prove challenging. We routinely advise clients on how to best manage their compliance efforts, including the following:
    • Advising on various privacy obligations under domestic and international regulations such as HIPAA, Gramm-Leach-Bliley Act, and General Data Protection Regulation
    • Understanding the priorities of domestic and international regulators and responding to enforcement actions emanating from the U.S. Federal Trade Commission, European Data Protection Authorities, and other bodies
    • Developing adequate cross-border data transfer mechanisms, including self-certifying with EU-U.S. Privacy Shield, the implementation of the European Commission’s standard contractual clauses, and/or binding corporate rules
  • Intellectual property. Information, particularly intellectual property, plays an expanding role in corporate transactions, from vendor contracts and e-commerce agreements to mergers and acquisitions. We help clients understand how to protect their intellectual property in these transactions, regularly assisting clients in the following ways:
    • Negotiating licensing, distribution, technology transfer, and other agreements
    • Licensing and acquiring computer software and hardware
    • Managing e-commerce businesses in compliance with intellectual property, privacy, and commercial codes
    • Drafting and negotiating e-commerce agreements, including website hosting and development, content licensing, advertising and marketing, and fulfillment services
    • Litigating domain name, trademark, copyright, and patent infringement matters
    • Managing intellectual property issues during mergers, acquisitions, and dispositions, including technology and intellectual property ownership
  • Cyber insurance. The proliferation of threats to corporate information and technology systems necessitates adequate protection, including insurance coverage. Our experienced policyholder attorneys represent clients on a wide array of cyber-insurance matters, including the following:
    • Advising clients on coverage issues in the event of a data breach or related loss
    • Maximizing coverage and reimbursement from the insurer in the event of a loss
    • Representing insureds in coverage litigation when it becomes necessary or inevitable
    • Counseling insureds on understanding the coverage they are purchasing
    • Understanding how best to protect their companies before, during, and after a security or privacy incident
  • eDiscovery and information management. Most privacy principles stress the importance of retaining information only as long as necessary, and effective information and records management practices ensure companies meet these requirements. Our attorneys routinely assist companies in integrating information management practices into privacy programs and practices, including the following:
    • Developing records retention schedules and records management policies
    • Advising on the records retention and privacy implications of changes in technology use
    • Assisting in the development of comprehensive records destruction practices
  • Data breach response. Many companies will experience some type of data security incident or loss, and managing the response to such an event is often complex and burdensome. We have extensive experience helping clients prepare for and respond to data breach and security incidents, including the following:
    • Identifying and remediating possible data security and data breach risks
    • Developing a data breach response plan
    • Investigating the scope and cause of data breaches
    • Coordinating data breach response efforts
    • Defending data breach litigation, including class actions

News & Resources