Skip to content

Cybersecurity & Data Privacy

There have been dramatic changes in the way businesses interact with customers, brought about by a proliferation of new IT capabilities, and a rapidly changing landscape of interconnected systems and services. Against this backdrop, cyberattacks and data security breaches can result in serious legal consequences and reputational damage for companies, often more complex than those associated with traditional breaches of corporate data. Managing cybersecurity requires businesses to bring together cross-functional knowledge from business, technical, and legal personnel.

V&E provides customized teams of transactional and litigation attorneys, who use their decades of experience to assist clients in identifying, managing, and mitigating risks, from early planning and assessment to managing incident responses and beyond.  We help clients by understanding their data privacy protection and notification obligations, addressing and minimizing related legal and business risks, implementing comprehensive information security programs, conducting internal investigations, leading emergency responses to data breaches, and managing post-breach litigation, governmental actions and remedial measures. We provide strategic advice to clients by developing and revising data use and privacy policies to confirm that those policies are congruent with our clients’ practices and legal obligations. These services are available for a fixed fee.

Our clients benefit from V&E’s established working relationships with data protection authorities, third-party security service providers, public relations firms, and law enforcement, as well as our experience appearing before domestic and international legislative and regulatory bodies. Our clients also benefit from our strategic advice in developing data-use and privacy policies and extensive experience negotiating information technology and outsourcing agreements. V&E is a full-service provider, able to help clients understand what to expect and how to navigate the cybersecurity landscape.

A Global Firm for Global Data

A global law firm with offices around the world – including Europe, the Middle East, and Asia Pacific, we have the resources and know-how to handle complex cross-border cybersecurity and data privacy issues, including data sharing and compliance with federal agencies, such as OFAC, CFIUS and the FTC. For example, V&E lawyers bring the skill set necessary to help clients when confronted with CFIUS questions regarding the cybersecurity risk to government installations or critical infrastructure of foreign direct investment.

Experience Highlights

  • Advising major airline with responses to multiple instances of data breaches and attendant notices to affected employees in multiple states

  • Advising international flight planning and flight support services provider for business aviation on the development of a plan (and model notices) to inform employees and/or client in the event of a data breach involving personal information 

  • Multiple presentations on employee data privacy matters, including providing overviews of cross-border requirements for sharing employee information

  • Negotiating various agreements for penetration testing, security assessment, vulnerability management and other information security services for digital media client

  • Advising digital media, energy, and aviation clients on data privacy obligations, including content of privacy policies and addressing privacy obligations in vendor agreements

  • Acting for a UAE client in relation to the alleged hacking of their computers by a contractual counterparty

  • Acting in the English courts for defendants alleged to have stolen electronic data, including responding to “search and seizure” orders

  • Advising international companies on the transfer of personal data between European countries and the U.S.

  • Designing data protection programmes for international clients to be compliant with UK and EU data protection regimes 

  • Represented several U.S. and non-U.S. companies before CFIUS in transactions that raised cyber security concerns

  • Led the buyer’s side on CFIUS, U.S. export control and DSS issues of an acquisition by a foreign-owned entity of a Big Data software company and established a mitigated entity approved by DSS, allowing the company to continue to perform its full array of government contracts and subcontracts 

Related Insights

View More