Cybersecurity & Privacy



Businesses and organizations are facing mounting threats to their data security and new, complex regulatory requirements. The cost of a breach or a compliance failure can be immense. Our Cybersecurity & Privacy team will help you protect your business, your information, and your customers.

Join our mailing list for the latest legal developments and events in data privacy and cybersecurity.

Subscribe

Our Approach

Nixon Peabody’s Cybersecurity & Privacy team will guide your business as you confront the challenges of today’s data-rich marketplace. We advise companies of every size, in the U.S. and abroad, as they address critical privacy and security issues, including data protection and location-specific regulatory requirements.

We focus on:

Regulatory Compliance   Breach Preparation & Response   Litigation & Enforcement Actions

Regulatory Compliance

Our team advises clients on the intricate web of international, federal, and state data privacy and cybersecurity laws and regulations, including:

  • California Consumer Privacy Act (CCPA) and other comprehensive state privacy laws
  • Gramm-Leach-Bliley Act (GLBA) and other laws directed at financial privacy
  • EU’s General Data Protection Regulation (GDPR)
  • Telephone Consumer Protection Act (TCPA)
  • Health Insurance Portability and Accountability Act (HIPAA) and other laws impacting privacy of health-related information
  • Federal Educational Rights and Privacy Act (FERPA) and other laws directed at education-related privacy
  • Fair Credit Reporting Act (FCRA) and Fair and Accurate Credit Transactions Act (FACTA)
  • Biometric Information Privacy Act (BIPA) and other laws impacting privacy of biometric information

Breach Preparation & Response

We prepare proactive data breach policies and response plans and handle sensitive security incidents for clients, including:

  • Domestic and international investigations
  • Reporting obligations following discovery of a data breach
  • Ransomware attacks and hacking attempts
  • Collaboration with forensic investigators and law enforcement
  • Resolution of disputes without litigation

Litigation & Enforcement Actions

When litigation is unavoidable or advisable, we handle class actions and other litigation resulting from data breaches, consumer privacy suits, and enforcement actions by federal and state agencies, including:

  • Department of Justice (DOJ)
  • Federal Trade Commission (FTC)
  • Department of Health & Human Services Office for Civil Rights (OCR)
  • State attorneys general

Listen - Houston Matters

Houston Public Media | May 31, 2022

Los Angeles Privacy & Technology partner Thaddeus Stauber, Arts & Cultural Institutions team leader, discussed the recent successful dismissal of a case challenging the ownership of a painting by Bernardo Bellotto, “The Marketplace at Pirna,” which has been part of the Museum of Fine Arts Houston’s collection since 1961.

Loyalty programs - What you should know about compliance with the CCPA

Rochester Business Journal | May 13, 2022

Rochester Privacy & Technology counsel Jenny Holmes contributed this article, which takes a deep dive into the California Consumer Privacy Act (CCPA), and explains the requirements and risks for businesses that use loyalty programs to incentivize consumers in exchange for their personal information.

36 Hours: What banks should know about the new reporting requirements for computer security incidents

Banking Law Journal | April 26, 2022

This contributed article by Complex Disputes partners Chris Queenin in Boston and Chris Mason in New York, and Boston partner and Privacy & Technology group leader Jason Kravitz, covers the new federal rule requiring financial institutions to report certain high-risk computer-security incidents within 36 hours after the incident occurs, following a trend of increased federal oversight involving cybersecurity.

Truly Seltzer maker says investors' stock suit has no case

Law360 | March 17, 2022

This article covers a motion to dismiss a class action securities lawsuit against Boston Beer Co. related to sales of hard seltzer, and mentions Boston Complex Disputes partners George Skelly and Morgan Nighan and Rochester Privacy & Technology partner Rick McGuirk for representing Boston Beer Co

Promotions

Massachusetts Lawyers Weekly | March 04, 2022

This column of notable attorney moves and elevations in the Massachusetts legal community mentions Boston partner Jason Kravitz for his new role leading the firm’s Privacy & Technology practice group.

Facial Recognition Systems Regulation: Outlook for 2022

Bloomberg Law | December 23, 2021

Washington, DC Intellectual Property associate Palash Basu and Rochester Corporate associate Jenny Holmes, deputy leader of NP’s Cybersecurity & Privacy team, co-authored this article looking at potential facial recognition regulation in the year ahead, while also highlighting recent developments in this area.

MRM research roundup: Mid-August 2021 edition

Modern Restaurant Management | August 16, 2021

This state-of-the-restaurant-industry and outlook article includes NP’s Q3 Food & Beverage Crystal Ball, covering trends around labor shortages, ransomware attacks, wildfires, and brewery distribution agreements. The insights were provided by Intellectual Property co-leader and Cybersecurity & Privacy team leader Jason Kravitz and Corporate associate Anthony Bova, both in Boston; Providence Labor & Employment counsel Jessica Schachter Jewell; and San Francisco counsel Ian T. O’Banion, and Albany associate Dana P. Stanton, both of the Affordable Housing & Real Estate group

NY follows suit: Increased privacy protections for biometric data

Rochester Business Journal | July 16, 2021

Cybersecurity & Privacy deputy leader and Rochester Corporate associate Jenny Holmes contributed this article on New York State’s pending Biometric Privacy Act and New York City’s biometric law, which came into effect earlier this month, and their impact on businesses.

More changes in the California Consumer Privacy Act landscape

Privacy & Cybersecurity Law Report | July 01, 2021

Long Island Health Care associate Bianca Lewis contributed this article on the newest changes to the regulations governing the California Consumer Privacy Act and their significance for covered businesses.

Retirement plan cybersecurity audits shock unprepared industry

Bloomberg Law | June 28, 2021

This article on the U.S. Department of Labor’s abrupt enforcement of retirement plan cybersecurity quotes Cybersecurity & Privacy deputy team leader and Rochester Corporate associate Jenny Holmes on the rushed nature of the rollout and how plan sponsors are preparing for potential audits.

New York’s biometric law will bring hefty fines for noncompliance

Bloomberg Law | June 09, 2021

This article, covering the New York biometric privacy statute set to take effect in July and its impact on businesses, quotes Data Privacy & Cybersecurity deputy team leader and Rochester Corporate associate Jenny Holmes on the 30-day cure period that provides business owners time to fix a violation before they can be sued.

Cybercrime

The JustPod (ABA podcast) | January 06, 2021

Data Privacy & Cybersecurity practice group leader and Los Angeles Government Investigations & White Collar Defense partner Jason Gonzalez is feature as a guest on this podcast episode discussing cybercrimes around the January 6th attack on the Capitol, in addition to technology investigative tools and privacy.

Laying Down the Law with Data Privacy and Cybersecurity

The New IT Podcast | December 02, 2020

Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes appears as a guest in this tech-focused podcast to discuss her outlook and best practices on cloud computing, putting together an incident response plan, and the Privacy Shield.

The Once-and-Future Privacy Shield

Rochester Business Journal | November 06, 2020

Data Privacy & Cybersecurity deputy leader and Rochester associate Jenny Holmes contributed this article analyzing the European Court of Justice’s recent invalidation of the Privacy Shield and its impact on data flows between the US and the EU. This article was co-developed with Los Angeles partner Jason P. Gonzalez and Boston associate Troy K. Lieberman, both from the Data Privacy & Cybersecurity team.

Incident response plans critical for any organization

Rochester Business Journal | October 23, 2020

The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.

Transitioning to cloud-based services: Due diligence is key

Rochester Business Journal | October 23, 2020

The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.

Legal guidance a necessity for companies amid coronavirus uncertainty

Rochester Business Journal | September 04, 2020

In this article on the most common COVID-related issues that businesses and companies are seeking legal help for, Data Privacy & Cybersecurity deputy leader Jenny Holmes and Complex Commercial Disputes associate Eric Ferrante, both in Rochester, are quoted for their outlook on cybersecurity best practices, force majeure clauses, and rent concerns from both landlords and tenants.

'Not a black-and-white issue:' Legal, business implications of facial recognition tech

Boston Business Journal | July 30, 2020

Boston Intellectual Property associate and deputy leader of the Data Privacy & Cybersecurity practice group Troy Lieberman was featured in a Q&A for his outlook on facial recognition technologies in light of Boston Mayor Martin Walsh recently signing into law a ban on government use of these technologies in the city.

5 ERISA Cases To Watch In The 2nd Half Of 2020

Law360 | July 29, 2020

San Francisco office managing partner and Corporate partner Karen Ng was quoted in this article for her outlook on the federal government’s interest in Howard Jarvis Taxpayers Association v. California Secure Choice Retirement Savings Program, and the rise in ERISA privacy and cybersecurity lawsuits in Harmon et al. v. Shell Oil Co. et al.

ANALYSIS | 42 CFR Part 2 Rules Changes a Welcome Sign for Many Providers

Behavioral Healthcare Executive | July 22, 2020

This story features New York City Health Care associate Jena Grady for her outlook on the Department of Health & Human Services’ Substance Abuse and Mental Health Services Administration’s final rule to 42 CFR Part 2 relating to substance use disorders.

Biggest Illinois Decisions So Far in 2020: Midyear Report

Law360 | July 16, 2020

This article includes commentary from Chicago Complex Commercial Disputes partners John Ruskusky and Seth Horvath on some of the most noteworthy Illinois decisions thus far in 2020. John discusses a decision related to the Illinois Biometric Information Privacy Act, while Seth comments on a decision regarding parents suing paint makers for children’s lead test costs, as well as a ruling on a record destruction provision in the Chicago police union contract.

Hospitals balance disclosure and privacy as COVID-19 spreads

Modern Healthcare | March 12, 2020

Chicago Health Care partner Valerie Breslin Montague talks about how hospitals can remain in compliance with HIPAA while executing an effective crisis communications plan related to the coronavirus outbreak.

What’s Next: Why Facebook’s $550M biometrics settlement isn’t a huge deal

The American Lawyer | February 05, 2020

This article features Chicago Complex Commercial Disputes partners John Ruskusky and Richard Tilghman analyzing Facebook’s recent $550 million settlement in a class action suit alleging violations of Illinois’ Biometric Information Privacy Act.

Unwanted pre-recorded calls don’t violate TCPA

Massachusetts Lawyers Weekly | January 23, 2020

This article mentions Manchester Complex Commercial Disputes partner Dan Deane and Boston Complex Commercial Disputes associate Troy Lieberman, who earned a favorable ruling on behalf of defendant Boston Scientific in a class action suit alleging violations of the Telephone Consumer Protection Act.

FTC steps up actions against VoIP providers to abet scammers

Rochester Business Journal | January 17, 2020

In his latest monthly column, Rochester Corporate partner Jeremy Wolk analyzes a recent action by the Federal Trade Commission to crack down on VoIP providers who turn a blind eye to their clients’ unlawful telemarketing practices. Washington, DC, Complex Commercial Disputes associate Brian Donnelly and Rochester Complex Commercial Disputes associate Zach Osinski contributed to the article.

California data security law to have widespread impact

Rochester Business Journal | November 29, 2019

Rochester Corporate associate Jenny Holmes talks to the Rochester Business Journal for their special report on the impact of the California Consumer Privacy Act, which goes into effect January 1. Jenny anticipates that companies will have to comply with the strictest state law on the books if Congress does not pass a federal law.

Keep up with laws developing to protect our consumer data

Rochester Business Journal | November 15, 2019

In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.

Corporate spending on cybersecurity continues to increase

Rochester Business Journal | October 25, 2019

Jenny Holmes, Nixon Peabody associate, is quoted in this article about the trend of rising costs for cybersecurity protection.

Read fine print on cyberthreat coverage

Providence Business News | September 26, 2019

Providence Complex Commercial Disputes partner Steven Richard is quoted in this article about how more Rhode Island businesses are purchasing insurance to protect against the fallout from potential data breaches.

What makes you work harder? Strap on a sensor and find out

Boston Globe | July 16, 2019

In this story, Rochester Corporate associate Jenny Holmes discusses privacy concerns raised by employers who are leveraging wearable devices such as fitness trackers to learn more about workplace productivity.

Back to top