Skip to Main Content

Data Protection, Privacy and Cybersecurity

Print Version

Baker Donelson advises clients on a full array of legal and business issues associated with data protection, privacy and cybersecurity.

Featured Videos

Top Cybersecurity and Data Privacy Issues for Financial Institutions in 2024 January 17, 2024
The SEC Cyber Rules and Materiality: Show Your Work! October 31, 2023
Cross Border Data Flows for Business Growth in China: Frontline Updates May 23, 2023
Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT May 17, 2023
Top 10 Cybersecurity and Privacy Issues for 2023 January 25, 2023
Ethical Issues in Defensible Disposition December 16, 2022

Why Baker Donelson?

BTI Litigation Standout 2023 Cybersecurity Litigation
Baker Donelson is a NetDiligence®-Authorized Breach Coach® A recognized Top Tier firm for data security, privacy, and incident response
More than 30 attorneys on our Privacy and Information Security Team
When incidents arise, we provide real-time legal and technical advice 24/7/365

Practice Overview

Baker Donelson's Data Protection, Privacy and Cybersecurity Team offers clients access to more than 30 attorneys with experience in all areas of information management, from privacy and data security planning and design, to compliance, data breach and litigation management. We provide the resources and concise, knowledgeable counsel our clients expect to address the entire information life cycle from start to finish. Baker Donelson has been recognized as an authorized NetDiligence Breach Coach® signifying it as a top tier law firm for Data Security, Privacy and Incident Response.

We assist clients across a multitude of industries in conducting assessments of their current data privacy obligations, we institute cutting edge policies and procedures, and we train internal teams and conduct security and risk assessments.

We support our clients through all phases of a data breach and incident response, and regularly communicate with federal and state government regulators and law enforcement agencies on behalf of our clients.

Our team is vigilant about monitoring the constant flood of new privacy regulations and global legal requirements and determining how to work with our clients to develop a plan and method surrounding these new regulations. Through this unique lens, we can guide clients through every phase of the compliance process, from compliance program creation and gap analysis, to ongoing assistance with documentation and decision-making, according to each client's specific priorities and resources.

More than one-third of our Data Incident Response Team includes members who are certified by the International Association of Privacy Professionals (IAPP) as Certified Information Privacy Professionals (CIPP/US, CIPP/E, CIPP/A and/or CIPP/C) and two attorneys who are Certified Information Privacy Managers (CIPM). In addition, our team includes a member certified in the Law of Data Security and Investigations (GLEG), a Fellow of Information Privacy (FIP), a Privacy Law Specialist (PLS) and another who is certified as a Payment Card Industry Professional (PCIP). Our attorneys have significant experience handling incident responses in highly regulated industries, such as education, financial institutions and health care.

Key Industries

  • Health Care
  • Financial Services
  • Manufacturing
  • Automotive including EV and Infrastructure
  • Transportation
  • Government Contracting
  • Education

We provide thoughtful, comprehensive and dependable guidance across the following areas of service:

Privacy. Laws and regulations governing how information can be used get more complex every day. Our lawyers counsel clients on privacy issues and compliance programs for California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act of 2003, Massachusetts Data Breach Notification Act, New York Cybersecurity Regulation, behavioral advertising and a myriad of other regulatory schemes such as Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLB).

Information security. We advise clients on managing risk by developing and implementing policies, procedures, standards, baselines and guidelines to manage privacy, security and compliance issues. We collaborate with clients to design and implement risk management plans and programs, including security incident response plans, information privacy and security compliance plans, and business continuity and disaster recovery plans. Information security is a significant component of a company's Environmental, Social, and Governance framework, specifically how data security pertains to a company's support of social issues and human rights. We counsel clients on privacy, data security, and its relation to ESG issues.

Supply chain and vendor management. The security of your vendors is just as important as the security at your organization. Whether it's the flow of information or the flow of goods and services, we help our clients implement systems to protect their information and their vendors'.

Data incident and breach response. When incidents arise, we provide real-time legal and technical advice 24/7/365. We advise on conducting internal investigations as well as communication with affected parties, regulators and law enforcement. We also advise on incident preparedness strategies.

Insurance. Increasingly, companies are turning to insurance products and services as part of managing risk and losses associated with data and/or security breaches. We advise both insurers and insureds on the legal issues associated with insurance products related to privacy, data security and cybersecurity.

Transactions. Whether collaborating with a vendor or pursuing a merger, acquisition or joint venture, it is essential that businesses address data security, privacy, cybersecurity and related compliance issues early and adequately. We advise clients on a full array of transactional issues, including contract review and preparation, due diligence, gap analyses, integration and interoperability issues, negotiation of appropriate representations and warranties, and transferability of information under international, federal and state laws and regulations.

Regulatory investigation and litigation. We advise clients in responding to federal and state investigations and preparing for litigation arising from claims associated with privacy violations, data breaches and related technology failures.

eDiscovery. Members of our team advise clients on creating and implementing document retention and destruction programs, including processes consistent with eDiscovery rules.

  • Assisted a consulting client with compliance with U.S. privacy laws.

  • Assisted multiple clients with website terms of use and privacy notices.

  • Represented a technology company in dealings with the Federal Trade Commission arising out of a computer hacking incident leading to possible dissemination of personal information.

  • Provided compliance advice on the Health Insurance Portability and Accountability Act (HIPAA).

  • Successfully defended hundreds of financial institutions, health systems, educational institutions, and other businesses in data security breaches and the corresponding federal and state law requirements and investigations; served as regulatory counsel in numerous privacy lawsuits.

  • Co-authored thousands of pages of data security policies and procedures, presented lectures at statewide hospital training conferences and conducted daily help-line services for a hospital association's HIPAA Privacy and Security Compliance Program.

  • Represented multiple data exchange companies in a variety of industries, including telecom and utilities, in a broad range of issues related to permissible use of data and collection practices.

  • Assisted multiple clients with preparation of comprehensive privacy and security programs.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept