Cybersecurity, Data Breach and Privacy

  • Holland & Knight’s Cybersecurity, Data Breach and Privacy Team offers the full range of solutions our clients need to operate in today’s data-driven marketplace. We have the sophisticated capability to understand the nuances of each client’s particular sector and the complicated risks that cybersecurity brings to each of them, an offering few other firms can demonstrate.
  • The team is comprised of lawyers and subject matter experts who offer broad experience managing all aspects of cybersecurity and privacy – legal, technical, litigation, privacy and cybersecurity program assessments, compliance and enforcement.
  • Holland & Knight is one of the few U.S. firms with a depth of experience in advising clients operating in critical infrastructure sectors.
  • For timely updates on cybersecurity and privacy issues, bookmark our Cybersecurity and Privacy Blog or follow us on Twitter (@HK_privacy).

Cybersecurity and privacy issues impact every industry and present ongoing challenges that must be clearly understood and addressed by executive management and at the board level. Holland & Knight’s Cybersecurity, Data Breach and Privacy Team works across sectors and practice areas to provide comprehensive and strategic counsel on these core business imperatives.

We offer experienced guidance regarding cybersecurity and privacy risks to clients, assistance on enterprise risk and compliance, cybersecurity and privacy program assessments and evaluations, data governance and mapping, in-depth understanding of what "Privacy by Design" and "Security by Design" mean to a public or private entity, proactive policy best practices, government affairs and lobbying support, cybersecurity exercises, tabletops and simulations, as well as emergency data breach coaching, response, investigation and assistance, liability mitigation and crisis communications.

Our team has the broad set of litigation, legislative, legal, compliance, crisis management and technical experience required to develop holistic, tailored solutions for our clients. We offer true one-stop shop capabilities with our full-service practice that addresses even the most complex cybersecurity and privacy issues.

Holland & Knight’s cybersecurity and privacy lawyers and professionals provide the services our clients need to understand, mitigate and manage risk and liability. We provide practical solutions that work, so our clients can focus on what they do best – successfully running their companies.

Cybersecurity for Critical Infrastructure and Key Sectors

Members of the Holland & Knight Cybersecurity, Data Breach and Privacy Team understand the nuances of each client's particular industry and how it affects cybersecurity and privacy issues. We are one of a few law firms in the U.S. to offer the full range and deep bench of cybersecurity advice and counsel integrated with the knowledge of day-to-day regulations for critical infrastructure sectors.

This includes deep and specific experience related to the 16 critical infrastructure sectors identified by the White House and the U.S. Department of Homeland Security (DHS) as vital to national security, as well a number of other key sectors and industries. We have experience helping companies of any size, nature and complexity. They are:

  • banking and financial services (including insurance)
  • chemicals 
  • commercial facilities 
  • communications 
  • critical manufacturing 
  • dams
  • defense
  • education
  • emergency services
  • energy
  • financial services
  • food and agriculture
  • government facilities
  • healthcare and public health
  • hospitality 
  • information technology (IT)
  • nuclear reactors, materials and waste
  • real estate
  • retail
  • transportation
  • water and wastewater

Incident Response and Crisis Management

We serve as trusted allies and coaches to clients going through a cybersecurity incident or data breach. In helping our clients respond, we offer a multidisciplinary approach to address the full range of legal, technical and public reputation challenges that arise. The team has extensive experience addressing inquiries and investigations from state, federal and international regulators, handling crisis management matters and public relations, defending class action suits, advising on insurance issues, and handling congressional inquiries and congressional investigations. Every step is coordinated to ensure the best possible response to a breach and to mitigate liability.

Regulatory Investigations and Enforcement

Our team has significant experience working closely with and in opposition to the leading regulators who are responsible for building and evolving the intricate web of federal and state laws and regulations implicated in cyber security and privacy matters. Our team has represented clients in significant matters before the FTC, SEC, FINRA, DOJ, Secret Service, FBI, state attorneys general and other state regulators (including insurance and banking regulators).

Security and Risk Assessments

Clients routinely call on our team to conduct cybersecurity and privacy program risk assessments for business lines or an entire enterprise. We work closely with senior management and companies' cybersecurity, privacy, compliance, business, marketing and legal departments to critically analyze cybersecurity and privacy organization and governance, policies and procedures, technology and controls. 

Because security and risk assessments conducted by other types of entities can be exorbitantly priced, we work at the outset of an engagement to ensure that the scope of the assessment and the nature of the deliverables are efficiently tailored to the client's needs. We also strive to have real, actionable recommendations that can be immediately deployed by members of the client's organization.

Breach Preparation and Exercises

There is no getting around the fact that breaches are inevitable and part of doing business in today's data-driven marketplace. Well-rounded preparedness and testing is crucial in responding properly and mitigating liability. We guide clients in conducting cybersecurity exercises, tabletops and simulations that provide valuable insights into what would happen in the wake of an actual breach. Based on this information, we then develop – and test – tailored response strategies that address the technical issues, expectations of regulators, and communications with shareholders, customers and the media.

Cyber Liability Insurance

Holland & Knight's cybersecurity lawyers and professionals have deep working knowledge regarding cyber liability insurance. We provide clients with insight and guidance on choosing policies, analyzing policy language and maximizing recovery in the case of a claim. Our in-depth capabilities on the nature and impact of a cybersecurity attack help clients understand what particular type of policy may be needed to provide coverage for cybersecurity impacts that may also include physical damages as well as other broader risks. The firm also advises clients on working with insurance companies when a breach occurs and questions that may arise as a result.

Litigation and Class Action Defense

Plaintiffs' class action litigation reaches across the entire privacy and data security landscape. At Holland & Knight, we have a tight-knit team comprised of nationally known, full-time litigators who work with members of our Cybersecurity, Data Breach and Privacy Team. In tech-focused cases, we draw on the insights of our HK Lab to give us the advantage of knowing the facts on the ground before the first filing in the case. This allows us to assess the strengths and weaknesses of the litigation, as well as develop effective strategies in a powerful and cost-effective way. 

Holland & Knight has defended putative privacy class actions involving, for example: Health Insurance Portability and Accountability Act (HIPAA), the Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act (CFAA), and the Telephone Consumer Protection Act to name a few. We have also defended clients against a wide variety of state law privacy and security breach law claims. 

Our lawyers have represented household names in the following areas, including these industries:

  • communications
  • financial services
  • healthcare
  • mobile games
  • retail