Data Privacy Testing Lab: Overview

  • Businesses are under pressure to comply with a burgeoning array of data privacy regulations, and can be "outed" by technology firms, regulators and media organizations for technical privacy and security flaws. In addition, more and more data is considered personal and in need of protection.
  • To help our clients protect their interests in this new environment, Holland & Knight created a Data Privacy Testing Lab – possibly the only such in-house lab at an Am Law 100 law firm.
  • Holland & Knight's Data Privacy Testing Lab conducts technical tests and reviews of websites, apps, devices and network-aware products to help companies identify potential data privacy issues before they become a problem. Significantly, we provide both technological and legal counsel under the attorney-client privilege to the greatest extent permitted by law.
  • Review all of the Lab's technical services.


Companies face a new threat model, one in which independent researchers testing websites, apps, devices and products are looking for technical privacy and security flaws. Technologists – who are often allied with, and in some cases hired by, regulators and members of the media – routinely outflank businesses by using cutting-edge software and networking environments to "out" privacy and security practices. Targeted companies can then find themselves investigated by the Federal Trade Commission or state attorneys general, named as defendants in class action litigation or written about unfavorably by prominent news organizations. In addition, the definition of "personal information" companies must protect has grown, as has its volume.

As a result, Holland & Knight has built a data privacy testing lab – possibly the only in-house testing lab at an Am Law 100 law firm – to perform technical tests and reviews of websites, apps, devices and network-aware products. Our tests – which include capturing and analyzing all network traffic, third-party communications and examination of local storage – are designed to identify a company's potential privacy and security issues before they become a problem. Companies work with Holland & Knight to help put them in the driver's seat when it comes to compliance.

Using Our In-House Lab to Level the Playing Field

To our way of thinking, the only way a law firm can provide valuable privacy compliance advice is to really understand what is happening with your company's network communications, whether online or mobile. 

Our lab intercepts network traffic from test devices and uses the results to evaluate the nature and extent of data collection and sharing. We compare our findings to company disclosures – all under attorney-client privilege. By doing our own testing on websites, mobile apps, network aware products, we are able to determine exactly what is occurring with your data, what your company should disclose and which choices to provide to end-users.

Holland & Knight's Data Privacy Testing Lab not only shows your company how to keep from running afoul of privacy and security regulations, but also how to safely enhance monetization efforts, with a minimum of exposure, from the data you collect. Through our lab, we offer both technical and legal guidance to companies across a wide range of industries — including retail, transportation, healthcare and life sciences, and finance — in five key areas:

  • Privacy Risks and Compliance Testing. Growing efforts by regulators, news media and other parties to find ways that companies violate privacy and data security laws have resulted in the crowd-sourcing of privacy and data security requirement enforcement. This places companies at a severe disadvantage and can result in large monetary penalties, 20-year consent decrees, expensive class action settlements and brand-damaging headlines. We are a countervailing force. Our job is to use a wide array of technical tools and testing environments to level the playing field and reduce these risks. 
  • A More Effective Compliance Method. At Holland & Knight, we believe the only way to provide clients with accurate privacy and security compliance advice is to lift up the hood ourselves. Most attorneys employ what we call the "checklist method," asking a series of questions (such as what type of information is collected, for what purpose and how is it shared) and then recommending disclosure language. This rarely works. One reason is that companies move quickly and changes often occur without the appropriate parties involved in the decisions. Another is that there is often a disconnect concerning privacy risks in the dialogue between Legal, Compliance and Privacy on the one hand, and IT, Info Security and Marketing on the other. We turn the model on its head and provide objective, tech-driven observations and insights that help shape our legal guidance. 
  • Attorney-Client Privilege. When reviewing a company's risk profile, the issue of protecting advice is of the utmost importance. Tech vendors are not able to provide legal risk assessments under the protection of privilege. Our analysis of testing data, which includes legal advice regarding the extent of potential liability, proposed changes to disclosures and suggested feature modifications, are protected from disclosure to regulators and plaintiffs' counsel to the greatest extent permitted by the laws governing privilege.   
  • Data Monetization. The flip side of managing privacy risks is enabling your business to make the most use of your data — and do so in a way that does not materially increase your company’s exposure. We help you maximize your monetization of data while aggressively managing risk. We also identify cost savings opportunities by pointing out overlap and redundancies in data collection practices. We not only indicate what is wrong; we also aim to help you build your business and save money.   
  • Data Security Enhancement. As for more in-depth issues involving cyber security and other threats, we have ongoing relationships with trusted partners with whom we work to provide a wide range of security solutions, risk management options and legal advice.

Our Approach

In the Holland & Knight Data Privacy Testing Lab, we turn the commodity paradigm squarely on its head, using a combination of open source, commercial and proprietary tools. We also tailor our testing tools and approach to each company's unique technological footprint and situation. Although we do use a number of automated tools, they are just one small part of a varied yet highly specific, targeted approach.

Potential Cost Savings

In conducting our website and mobile app reviews, we identify and catalogue all third-party traffic. We are often able to identify redundancies or other cost-savings opportunities with respect to a company's Web or mobile footprint. 

Representative Matters

Our lab has helped numerous Holland & Knight clients steer clear of data privacy problems – for example:

  • conducting a website privacy review for a national retail chain
  • reviewing mobile apps for a large, international app developer
  • conducting an application programming interface (API), platform and data-sharing review for a global publishing company
  • reviewing a mobile medical app for an international life sciences company

Our Testing Lab Services

Click here to learn more about the services provided by Holland & Knight's Data Privacy Testing Lab.