Overview
Amundsen Davis's Data Privacy and Security Practice is comprised of a multidisciplinary team of lawyers, who understand that companies, large and small, are constantly trying to navigate the legal implications of data, or cyber security and data privacy. Our attorneys counsel clients, in a variety of industries and sectors, on privacy matters, which can include data mapping and privacy audits and the tailoring of both internal and outward facing policies.
We collaborate closely with our clients in risk mitigation and ensuring compliance with a range of standards including PCI, GDPR, HIPAA and HITECH, CCPA compliance and BIPA. Our services extend to managing employee privacy requirements, record retention and electronic discovery assessments, click-wrap agreements, and adherence to consumer statutes such as the CAN-SPAM Act and the TCPA.
Our role as trusted advisers includes developing incident response plans and serving as breach coaches in the wake of data incidents. With years of experience, our team assists clients in preparing for, responding to and litigating the aftermath of data breaches. We leverage our network of forensic experts and privacy professionals to provide advice on emerging vulnerabilities, cyber threats but also counsel on how to respond to data incidents swiftly, efficiently and with an eye toward getting the business back up-and-running securely. We understand that while data incidents, like ransomware attacks, happen at an alarming pace, the experience for our clients is personal and a chief concern can be preserving your brand post-incident.
Beyond cyber attacks, we address internal challenges such as employee errors that can lead to significant financial repercussions or trigger notification obligations due to unauthorized information sharing. Our extensive experience spans diverse sectors, including health care, financial services, public entities, nonprofits, technology support services, and small to mid-size firms.
We also defend businesses in critical situations, handling everything from class action lawsuits based on federal, state, and local statute violations to specific industry claims, such as breaches in the health care sector or failures in HIPAA and HITECH compliance.
Our global network of privacy professionals enables us to develop broad-based strategies for addressing cybersecurity, data, and privacy issues worldwide.
Our capabilities include:
- Defense of clients against class action data breach litigation based on alleged unauthorized releases of data and misuse of data based upon alleged breaches.
- Review and revision of current security policies and procedures in connection with data collection and data review. We evaluate vulnerabilities and ensure compliance with applicable laws and regulations.
- Assistance in the development of internal policies and procedures that are consistent with consumer protection regulations, data privacy practices, notification requirements, state and federal privacy laws and whistleblower laws to navigate the best methods for the collection and storage of company data.
- Assistance in consumer facing policies and agreements to reflect the cyber-hygiene practices of the company, as required by law, and developing mechanisms for obtaining necessary opt-in and consent for collection of data.
- Audit existing procedures and practices consistent with industry standards and legal requirements to reduce the risk of a data breach.
- Serving as a breach coach: coordinating and implementing the incident response plan or data breach plan, which includes a team of forensic, security, public relations and insurance professionals.
- Crafting a data incident response tailored to our clients’ needs and brand, including notifying affected customers, employees, business partners and regulators in accordance with state and federal laws.
At Amundsen Davis, we commit to safeguarding your business's data, privacy, and overall operational integrity through our comprehensive legal services.
Meet Amundsen Davis's Cybersecurity & Data Privacy Service Group:
Professionals
- Partner
- Partner
- Associate
- Associate
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Partner
- Associate
- Partner
- Partner
Experience
Related Services
Areas Of Concentration
Insights
Firm News
In the Media
Alerts
Events
Published Works
Blog Posts
Education on Demand
Join Amundsen Davis’s Cybersecurity & Data Privacy Service Group attorneys Molly Arranz, practice group chair, and John Williams, partner, for a timely Cybersecurity Awareness Month discussion on how to keep your organization safe.
During this presentation Molly Arranz and John Ochoa will review data privacy and security concerns for employers, including concerns related to the Biometric Privacy Act and the Genetic Information Privacy Act. They will review best practices and policies employers should have in place to avoid legal pitfalls.
The Biometric Illinois Privacy Act (BIPA) was enacted over 12 years ago and many questions are still being battled in court as employers and employees continue to navigate this biometric privacy law.
Podcasts
In this episode of Litigation Nation, co-hosts Danessa Watkins and Jack Sanker dive into two significant legal stories that highlight the intersection of technology, ethics, and the law. Join us as we unpack these complex issues and their far-reaching consequences in today's society.
Data Privacy Attorney, John Ochoa, joins the show to discuss a recent lawsuit of a beverage giant under Illinois Genetic Privacy Law, and a Texas judge says drag shows aren’t always protected by First Amendment, citing the “history and tradition” test, as the legal standard for his ruling.
In this episode of Litigation Nation, we covered three significant legal developments. We discuss a case in New York where a woman was awarded $30 million in a revenge porn lawsuit against her ex-boyfriend, a cyber attack in Fulton County, Georgia, where hackers threatened to release sensitive court documents related to the Trump election case, and explore a U.S. Supreme Court decision regarding the removal of presidential candidates from state ballots.
Massachusetts Supreme Judicial Court rules adults younger than 21 cannot be sentenced to mandatory life without parole, New York judge rejects law firm fee petition for using ChatGPT to justify its costs, and Silicon Valley battles states over new online privacy & safety laws for children.
- The Rise of the Genetic Information Privacy Act: What Businesses Need to Know to Avoid LitigationThe Rise of the Genetic Information Privacy Act: What Businesses Need to Know to Avoid Litigation
Join John Ochoa, partner in the Cybersecurity & Data Privacy Service Group, as he discusses what employers, insurance companies, and other businesses that collect health- and genetic-related information need to know to mitigate the risk of litigation.
- John Ochoa Mentioned By Bloomberg Law in Genetic Privacy ArticleJohn Ochoa Mentioned By Bloomberg Law in Genetic Privacy Article
John Ochoa offered his input in the Bloomberg Law article, "Genetic Privacy Suits Rise as Employers Probe Medical Histories," stating that so far many workers have gotten favorable decisions under GIPA because they have forced employers to settle quickly based off of fear of facing "astronomical statutory damages."
- Two of the Biggest Threats to Your Company’s Cybersecurity: The Cyber Hygiene Practices of Your Third-Party Service Providers and Your EmployeesTwo of the Biggest Threats to Your Company’s Cybersecurity: The Cyber Hygiene Practices of Your Third-Party Service Providers and Your Employees
Join Amundsen Davis’s Cybersecurity & Data Privacy Service Group attorneys Molly Arranz, practice group chair, and John Williams, partner, for a timely Cybersecurity Awareness Month discussion!
- Advancements in In-Cab Technology Leads to Privacy Concerns and LitigationAdvancements in In-Cab Technology Leads to Privacy Concerns and Litigation
Employers have long used in-cab cameras for a variety of concerns, including protecting the driver and the public from accidents resulting from inattentive driving. Reviewing the recordings serves as a valuable training tool and can provide key evidence after a collision. However, with the advancement of artificial intelligence and machine learning technologies, and in the wake of recent prosecution of driver cases pursuant to the Illinois Biometric Information Privacy Act, employers using these devices may find themselves subject to heightened scrutiny.