Data Security Counseling and Breach Response
Cyber risks affect every business. Protecting personal data and recovering from a breach are not just business imperatives, but an increasing focus of state and federal laws, regulations, and litigation.
Perkins Coie is not a newcomer to cybersecurity and breach response. For more than 20 years, our lawyers have worked with clients on incidents, developing deep, hands-on experience across industries.
We advise clients regarding data security and breach response, addressing legal requirements and legal, reputational, and commercial risks. Our clients range in size from public Fortune 100 companies and retailers with international operations and customers, to local nonprofits, school districts, and small private companies, and our expertise includes local, state, and federal requirements across heavily regulated industries like energy, healthcare, communications, and government contracting.
We assist clients with developing comprehensive, best-in-class data security programs to comply with evolving legal requirements and better prepare them for network attacks, intrusions, lawsuits, and regulatory inquiries. We work with clients at all levels of maturity, from building programs from the ground up to consulting on improvements to existing programs. We plan and participate in tabletop exercises, helping clients develop customized internal resources and knowledge, including spotting issues to escalate to counsel or handling breach analysis and notifications in house.
How we help clients
- Full range of breach response services.
- Incident response planning across the organization.
- Security compliance programs and data security practices.
- Tabletop exercises.
- Regulatory guidance and investigations.
- Individual, class action, and contract litigation.
- Cyber enforcement.
How we help
Network Intrusions and Data Breaches
Perkins Coie lawyers routinely handle security incidents in the United States and around the world. With a team that includes former U.S. Department of Justice national security officials and cybercrime prosecutors, the practice has amassed a significant body of hands-on work in response to network intrusions.
While not every breach triggers notification requirements, every breach requires attention and an individualized response tailored to the facts and nature of the breach, and an evaluation of how processes can be improved to minimize the risk of future breaches. Features of our service include:
- An efficient approach that includes triaging the initial breach; minimizing legal risk; identifying notification and disclosure obligations; and providing notice to affected individuals, regulators, insurance carriers, and others where necessary.
- Deep understanding of legal requirements across state and federal law, plus expectations from regulators, stakeholders, and the public.
- Experience working with numerous forensics firms, breach notification providers, and law enforcement and infrastructure assurance officials, as warranted by the size or nature of the breach.
Our lawyers maintain a comprehensive chart that summarizes state laws regarding security breach notification. The chart is for informational purposes only and aims to clarify state-specific security breach notification requirements.
Security Compliance in a Changing Landscape
The quantity and sophistication of cyberattacks have grown, and more attempted and completed attacks have caused real-world impacts. To meet this threat, federal agencies and jurisdictions across the country have imposed cybersecurity requirements on companies across industries, from critical infrastructure enterprises to innovative medical and financial startups. Our lawyers integrate these emerging requirements into comprehensive security programs and policies tailored to your organization.
Regular review and practice are key. We highlight emerging trends and legal changes for clients, and design and advise on the regular training and tabletop exercises required to meet evolving regulations.
Cyber Enforcement
Our cyber enforcement lawyers work with clients to protect their websites, internet, and mobile services, and keep their users safe from abuse. We advise clients on enforcement strategies that may include referrals to regulatory agencies or law enforcement, as well as filing civil lawsuits against the wrongdoers. We adapt our services to meet client needs. Enforcement actions can range from sending a single cease-and-desist letter and following up to managing complex, multiyear programs where a company outsources its enforcement work to our dedicated team of internet enforcement lawyers.