The protection of digital data and information technology systems against theft and compromise is a growing technical and legal challenge for companies and public institutions.
Intensifying cyber threats and an active legislative, regulatory, and standards-setting environment mean that the procedural, technical, and physical measures that were reasonable and prudent in the recent past are unlikely to meet regulator and investor expectations in the near future.
Hogan Lovells’ global team of experienced lawyers and technical professionals helps organizations to develop and implement practical and informed strategies to manage legal risk in this dynamic area.
Hogan Lovells‘ cybersecurity-related capabilities are differentiated by our
- Extensive and hands-on experience with a wide variety of organizations and industries
- Knowledge of legal, regulatory, and policy developments underway around the globe
- Practitioners with relevant high-level service in government, law enforcement, and major corporations
- In-house technical capabilities that inform and support our services
- Extensive relationships with technical and other providers of preventive and incident response services
Areas of Focus
- Legal risk assessments
- Compliance and strategic risk mitigation counseling
- Due diligence and risk allocation advice for transactions of all types
- Security incident preparedness, response, and disclosure counseling
- Engagement with public policy and regulatory processes
- Representation in the event of an investigation, enforcement action, or litigation
- Advised publicly-held companies in multiple industries on cybersecurity-related Securities Act disclosure obligations and considerations. Assisted a major stock exchange, a government contractor, and other “critical infrastructure” entities with comprehensive responses to significant cybersecurity incidents.
- Conducted an enterprise data security compliance assessment for a major media conglomerate addressing the administrative, physical, and technical safeguards used to protect information.
- Represented a leading provider of banking technology in court proceedings for preservation of evidence after a data theft.
- Performed an enterprise data security compliance assessment on behalf of a multinational chemical products company located in 15 countries in North America, Latin America, Europe, and Asia.
- Advised a leading medical device manufacturer on secure software development, acquisition, testing, and implementation practices.
- Represented a leading provider of security technology in post-incident legal actions.
- Advised a major bank concerning an attack on its security technology.
- Advised a financial service provider on a data protection and data security program.
- Advised a company in investigations by European data protection authorities in relation to the unauthorized disclosure of employee data on the Internet.
- Advised multiple Fortune 500 companies on U.S. cybersecurity legislative strategy.
- Completing enterprise-wide compliance review assessments for publicly-traded global companies in retail and financial industries.
- Advising a financial service provider on its data protection and data security program.
- Conducting a data privacy and security legal risk assessment for a major hotel and hospitality company.
- Developing security incident response policies and procedures for a leading financial institution.
- Prepared a data security compliance program for one of the foremost business process outsourcing vendors, designed to simultaneously satisfy the company’s obligations under HIPAA, the FTC Act, and state data security laws in Massachusetts, Nevada, and Oregon.
- Counseling hundreds of companies from every industry sector on data breach assessment, response, and notifications, including situations involving lost and stolen laptops, lost and stolen hard drives, network intrusions, lost mailings and deliveries, misdirected communications, inadvertent postings or dissemination of data, and employee theft.
- Preparing comprehensive and customized global data security and privacy due diligence checklists for use in M&A and post-closing integration activity.
- Assessing privacy and security litigation risks in connection with data-rich U.S.-based M&A transaction.
- Negotiating privacy and security provisions in third-party plan administrator agreements, technology outsourcing agreements, and joint venture for development of data applications.
- Advising on supply chain security and other cybersecurity-related terms in a template supplier contract.
- Monitoring and analyzing cybersecurity legislation including the Cybersecurity Act of 2012.
- Advising on company responses to congressional letters and investigations on cybersecurity and privacy practices.