Pryor Cashman’s Data Privacy + Cybersecurity attorneys specialize in providing comprehensive legal advice focused on data protection, privacy compliance, and cybersecurity. We serve businesses of all sizes, from startups to multinational corporations, helping them navigate the complex landscape of data privacy laws and regulations.

What We Do

In today’s digital ecosystem, businesses face unprecedented challenges in mitigating privacy and cybersecurity risks associated with the collection, use, and disclosure of personal information pertaining to their customers and employees. Pryor Cashman’s Data Privacy + Cybersecurity attorneys possess an intricate knowledge of our client’s business applications and the evolving data privacy landscape that ensures clients navigate today’s data-driven economy effectively and in compliance with applicable laws.  Our attorneys have extensive experience navigating the patchwork U.S. state and federal data privacy law landscape, including state consumer data privacy laws (e.g., California Consumer Privacy Act [CCPA]/California Privacy Rights Act [CPRA]), sector-specific privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA), and laws designed to safeguard the personal information of minor children such as the Children’s Online Privacy Protection Act (COPPA).  With the proliferation of artificial intelligence (AI) technology, our attorneys’ data privacy knowledge further serves to assist clients in ensuring they are considering the ethical and legal issues surrounding the use of AI technologies in handling personal information.

Our Services

Policy Development

  • Draft and implement data privacy policies and procedures tailored to organizational needs in compliance with applicable data privacy laws.
  • Create privacy notices and consent forms.
  • Draft and negotiate data processing agreements.

Compliance Audits

  • Conduct thorough assessments of data collection, storage, and disclosure practices to ensure adherence to applicable data privacy laws.
  • Identify vulnerabilities and recommend strategies for remediation.
  • Prepare data mapping deliverables designed to identify, categorize, and visualize the flow of data within organizations to ensure compliance with applicable data privacy laws, improve data governance, and enhance overall data management practices.

Corporate Support

  • Work closely with corporate clients, private equity firms, and other stakeholders to address data privacy and cybersecurity issues during all stages of mergers and acquisitions (M&A), from initial due diligence through post-transaction integration.
  • Provide guidance on assessing data privacy risks and structuring transactions to minimize liabilities in M&A and other corporate acquisitions.

Incident Response and Breach Management

  • Assist in the preparation of incident response plans for data breaches.
  • Provide legal support during breaches, including notification compliance and risk assessment.

International Data Transfers

  • Advise on cross-border data transfer mechanisms, including Standard Contractual Clauses (SCCs) and the Trans-Atlantic Data Privacy Frameworks.
  • Ensure compliance with international data privacy laws including, without limitation, Europe’s General Data Protection Regulation (GDPR) and UK GDPR.

Litigation Support

  • Assist clients in data privacy and cybersecurity-related matters in litigation and regulatory investigations as well as related settlement negotiations.