Cybersecurity and Privacy

  • Holland & Knight’s Cybersecurity and Privacy Team offers the full range of solutions our clients need to operate in today’s data-driven marketplace. We have the sophisticated capability to understand the nuances of each client’s particular sector and the complicated risks that cybersecurity brings to each of them, an offering few other firms can demonstrate.
  • The team is comprised of lawyers and subject matter experts who offer broad experience managing all aspects of cybersecurity and privacy – legal, technical, policy, regulatory, litigation, privacy and cybersecurity program assessments, compliance and enforcement.
  • We are also the only law firm in the United States with an in-house Data Privacy Testing Lab that helps clients identify potential issues before they become a problem.
  • Holland & Knight is one of the few U.S. firms with a depth of experience in advising clients operating in critical infrastructure sectors.
  • For timely updates on cybersecurity and privacy issues, bookmark our Cybersecurity and Privacy Blog or follow us on Twitter (@HK_privacy).

Cybersecurity and privacy issues impact every industry and present ongoing challenges that must be clearly understood and addressed by executive management and at the board level. Holland & Knight’s Cybersecurity and Privacy Team works across sectors and practice areas to provide comprehensive and strategic counsel on these core business imperatives.

We offer experienced guidance regarding cybersecurity and privacy risks to clients, assistance on enterprise regulatory risk and compliance, cybersecurity and privacy program assessments and evaluations, data governance and mapping, in-depth understanding of what "Privacy by Design" and "Security by Design" mean to a public or private entity, assessments and advice on the impacts of global cybersecurity and privacy regulations, proactive policy best practices, government affairs and lobbying support, cybersecurity exercises, tabletops and simulations, as well as emergency data breach coaching, response, investigation and assistance, liability mitigation and crisis communications.

Our team has the broad set of policy, regulatory, litigation, legislative, legal, compliance, crisis management and technical experience required to develop holistic, tailored solutions for our clients. We offer true one-stop shop capabilities with our full-service practice that addresses even the most complex cybersecurity and privacy issues.

Holland & Knight’s cybersecurity and privacy lawyers and professionals provide the services our clients need to understand, mitigate and manage risk and liability. We provide practical solutions that work, so our clients can focus on what they do best – successfully running their companies.

Cybersecurity for Critical Infrastructure and Key Sectors

Members of the Holland & Knight Cybersecurity and Privacy Team understand the nuances of each client's particular industry and how it affects cybersecurity and privacy issues. We are one of the only law firms in the U.S. to offer the full range and deep bench of cybersecurity advice and counsel integrated with the knowledge of day-to-day regulations for critical infrastructure sectors.

This includes deep and specific experience related to the 16 critical infrastructure sectors identified by the White House and the U.S. Department of Homeland Security (DHS) as vital to national security, as well a number of other key sectors and industries. We have experience helping companies of any size, nature and complexity. They are:

  • banking and financial services (including insurance)
  • chemicals 
  • commercial facilities 
  • communications 
  • critical manufacturing 
  • dams
  • defense
  • education
  • emergency services
  • energy
  • financial services
  • food and agriculture
  • government facilities
  • healthcare and public health
  • hospitality 
  • information technology (IT)
  • nuclear reactors, materials and waste
  • real estate
  • retail
  • transportation
  • water and wastewater

Strategic U.S. and International Regulatory and Compliance Advisors

We guide companies in creating proactive privacy and cybersecurity compliance strategies to address the evolving – and often conflicting – patchwork of state, local, federal and international regulatory environments.

Our team has extensive experience from having served in the U.S. government as both regulators and negotiators, in addition to the deep experience of our private-sector practitioners. The Holland & Knight team helps clients navigate the Privacy Shield, the EU NIS Directive and the EU General Data Protection Regulations (GDPR), as well as global efforts for data localization and nation-specific cybersecurity and privacy requirements. We guide and advise companies on cybersecurity, privacy and cross-border data transfer issues in various G7 and G20 trade negotiations that will impact them, as well as other U.S. bilateral and multilateral negotiations such as the Trans-Pacific Partnership (TPP) and Transatlantic Trade Investment Partnership (TTIP).

Incident Response and Crisis Management

We serve as trusted allies and coaches to clients going through a cybersecurity incident or data breach. In helping our clients respond, we offer a multidisciplinary approach to address the full range of legal, technical, regulatory and public reputation challenges that arise. The team has extensive experience addressing inquiries and investigations from state, federal and international regulators, handling crisis management matters and public relations, defending class action suits, advising on insurance issues, advocating on public policy, and handling congressional inquiries and congressional investigations. Every step is coordinated to ensure the best possible response to a breach and to mitigate liability.

Regulatory Investigations and Enforcement

Our team has significant experience working closely with and in opposition to the leading regulators who are responsible for building and evolving the intricate web of federal and state laws and regulations implicated in cyber security and privacy matters. Our team has represented clients in significant matters before the FTC, SEC, FINRA, DOJ, Secret Service, FBI, state attorneys general and other state regulators (including insurance and banking regulators).

Security and Risk Assessments

Clients routinely call on our team to conduct cybersecurity and privacy program risk assessments for business lines or an entire enterprise. We work closely with senior management and companies' cybersecurity, privacy, compliance, business, marketing and legal departments to critically analyze cybersecurity and privacy organization and governance, policies and procedures, technology and controls. 

Because security and risk assessments conducted by other types of entities can be exorbitantly priced, we work at the outset of an engagement to ensure that the scope of the assessment and the nature of the deliverables are efficiently tailored to the client's needs. We also strive to have real, actionable recommendations that can be immediately deployed by members of the client's organization.

In-House Data Privacy Testing Lab

Holland & Knight is the only law firm in the U.S. with its own in-house Data Privacy Testing Lab. The lab assesses, at the technical level, the "behind-the-scenes" data collection and third-party sharing by websites and network-aware products and services, such as medical devices, fitness gear, video streaming boxes and smart TVs, to name a few. We have done technical testing for Fortune 500 companies in the following areas:

  • child-directed games and content
  • communications
  • education and publishing
  • financial services and insurance
  • health, wellness and medical
  • media and entertainment
  • retail
  • video (traditional and OTT)

Learn more about our Data Privacy Testing Lab Services.

Breach Preparation and Exercises

There is no getting around the fact that breaches are inevitable and part of doing business in today's data-driven marketplace. Well-rounded preparedness and testing is crucial in responding properly and mitigating liability. We guide clients in conducting cybersecurity exercises, tabletops and simulations that provide valuable insights into what would happen in the wake of an actual breach. Based on this information, we then develop – and test – tailored response strategies that address the technical issues, expectations of regulators, and communications with shareholders, customers and the media. Learn more about our collaborative data breach services.

Cyber Liability Insurance

Holland & Knight's cybersecurity lawyers and professionals have deep working knowledge regarding cyber liability insurance. We provide clients with insight and guidance on choosing policies, analyzing policy language and maximizing recovery in the case of a claim. Our in-depth capabilities on the nature and impact of a cybersecurity attack help clients understand what particular type of policy may be needed to provide coverage for cybersecurity impacts that may also include physical damages as well as other broader risks. The firm also advises clients on working with insurance companies when a breach occurs and questions that may arise as a result.

Litigation and Class Action Defense

Plaintiffs' class action litigation reaches across the entire privacy and data security landscape. At Holland & Knight, we have a tight-knit team comprised of nationally known, full-time litigators who work with members of our Cybersecurity and Privacy Team – including the Data Privacy Testing Lab. In tech-focused cases, we draw on the insights provided by our in-house Lab to give us the advantage of knowing the facts on the ground before the first filing in the case. This allows us to assess the strengths and weaknesses of the litigation, as well as develop effective strategies in a powerful and cost-effective way. 

Holland & Knight has defended putative privacy class actions involving, for example: Health Insurance Portability and Accountability Act (HIPAA), the Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act (CFAA), and the Telephone Consumer Protection Act to name a few. We have also defended clients against a wide variety of state law privacy and security breach law claims. 

Our lawyers have represented household names in the following areas, including these industries:

  • communications
  • financial services
  • healthcare
  • mobile games
  • retail