NP Alumni
  1. Home
  2. Work
  3. Corporate & Finance

Data Privacy & Cybersecurity



Businesses and organizations of all sizes and industries are facing increased threats to their data stewardship on the one hand, and constantly evolving regulatory requirements and growing prosecutorial regimes on the other. And it’s only getting more challenging.

Our approach

Our Data Privacy and Cyber Security team provides counsel on threat prevention and mitigation in the context of your key business drivers: Intellectual Property, Financial/Fiduciary, Regulatory/Compliance, Operational, Growth/Opportunity, Strategy, Human Capital and Reputation/Brand.

We employ an integrated approach focused on 1) preventing attacks through proactive mitigation programs; 2) monitoring and detecting potential cyber risks; and 3) responding to breaches and other adverse events. We customize our Data Privacy and Cyber Security services to your business—size, industry, technologies, stakeholders, and compliance regimes.

Our platform starts with your business needs and “ends” with an intense focus on helping you “get back to business” and drive enterprise value. It’s a comprehensive, business-minded, intelligent approach to managing, mitigating and responding to cyber threats.

Trends we’re watching in 2016–17

  • Business leaders (not just IT departments) will be increasingly held directly accountable for data privacy controls and response to breaches.
  • Incident response plans will need to consider how to instantly email those affected and reset user passwords on a massive scale.
  • Wearable technologies and internet of things (IoT) will continue to proliferate, expanding the number of access points to and vulnerability of Protected Health Information (PHI) and other sensitive data.
  • Terms of Service and vendor agreements will increasingly require provisions to mitigate liability and protocol for privacy matters.
  • Employees will continue to be the biggest threat to cyber security, predominantly through negligence, requiring increased security training programs.
  • State-level regulations will increase, providing a patch-work of data privacy and breach laws, making compliance increasingly difficult.
  • Consumers will increasingly reach “data breach fatigue,” taking less action to protect themselves, requiring businesses to re-think their pre- and post-breach communications.
  • Commercial drone use will continue to proliferate, putting some companies under both aviation and privacy regulations for the first time.

Who we work with

  • All businesses, organizations and government entities that collect, transmit or store sensitive or personally identifiable information
  • All industries including technology, health care, finance, infrastructure, defense, energy, big data, social media, data storage and professional services
  • Companies using mobile apps, websites and social media. Whether communicating with, collecting information from, advertising to or doing business with clients and customers, they and others are impacted by the Telephone Consumer Protection Act (TCPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
  • Health care providers, insurance companies, pharmacies, clearinghouses, business associates and others impacted by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Omnibus Rule
  • Those who market goods or services to children under the age of 13 and others impacted by the Children’s Online Privacy Protection Act (COPPA)
  • All companies that receive and store the personal financial information of their clients and customers, and others impacted by the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) and state data security laws
  • Law firms, accounting firms and other professional advisors working with sensitive client information
  • Law enforcement agencies

Recognition

  • Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law

Representative experience

  • Defended a client in litigation involving the theft of 1.7 million patient records
  • Provided emergency response and compliance strategy for clients following the theft or loss of large amounts of sensitive information. Recent examples include:
    • A lost laptop containing the personal information of over 11,000 individuals from 31 different states
    • Website hacking incident involving the personally identifiable information of over 3,000 individuals
  • Represented numerous clients in privacy violation investigations by the Office for Civil Rights and state regulatory entities
  • Provide ongoing privacy and security counsel to a large utility
  • Counseled a pharmaceuticals company in corporate privacy and security issues and provided worldwide employee privacy training
  • Built enterprise-wide privacy and security framework for startup companies in the health care industry, municipalities and large corporations
  • Assisted clients with their applications for “safe harbor” under the Federal Communications Commission (FCC)
  • Developed and implemented website privacy policies and terms and conditions of use for a variety of clients in diverse industries

      Employees' smartphones threaten company security

      Rochester Business Journal | January 20, 2017

      Chief Information Officer Mike Green and Rochester labor and employment associate Jenny Holmes are quoted in this article about data protection issues surrounding bring your own device policies.

      HIPAA spotlight: key stats from a banner year

      Law360 | January 17, 2017

      This article recaps HIPAA stats and highlights from the past year. Chicago health care partner Valerie Montague is quoted throughout discussing privacy breaches and how health care organizations react.

      No immunity from cyberattacks and data breaches in 2016 and beyond

      Rochester Business Journal | January 13, 2017

      Rochester private equity and investment funds partner Jeremy Wolk and labor and employment associate Jenny Holmes co-authored this column about cyber security. The column provides an overview of the risks and potential legislative changes that could help small businesses and tips for creating a privacy policy.

      Limited privacy of donor information in New York

      Rochester Business Journal | October 17, 2016

      Rochester Private Equity & Investment Funds partner Jeremy Wolk and Washington DC M&A and Corporate Transactions partner Mike Cooney authored this column about privacy issues surrounding charitable donors in New York.

      Clinton and Trump and Robocalls, Oh My

      Bloomberg Law | July 15, 2016

      This feature story looks what political campaigns should know about robocalls. Boston IP litigation associate and TCPA practice co-leader Troy Lieberman discusses the apparent lack of FCC enforcement actions against political campaigns.

      Ransomware is Rampant & Your Risk Analysis Might Save You

      Health Information Compliance Alert | June 01, 2016

      Providence commercial litigation counsel Steven Richard is quoted in this article focused on the results of a new study highlighting a new trend toward specialized data breach insurance policies.

      The Risk of Data Misuse by Health Care Co. Employees

      Law360 | May 25, 2016

      Government Investigations & White Collar Defense partner Tina Sciocchetti, health care partner Laurie Cohen and commercial litigation associate Michal Ovadia co-authored this column discussing the risks companies that collect or maintain sensitive personal information face when a rogue employee compromises data security.

      6 Ways to Be a Go-To Firm for HIPAA Compliance

      Law360 | April 29, 2016

      Chicago health care partner Valerie Breslin Montague is included in this piece that looks at how attorneys are dealing with increasing Health Insurance Portability and Accountability Act (HIPAA) penalties and audits.

      Cybersecurity Best Practices for Senior Bank Management

      Bloomberg BNA Banking Report | March 21, 2016

      Chicago partner Susan Feibus authored this column about important considerations for financial institutions to take in terms of policies and procedures that address the cyber threat environment and resilience to cyber attacks.

      Nixon Peabody Adds DOJ Vet to White Collar Group

      Law360 | March 02, 2016

      This feature story highlights the arrival of Government Investigations & White Collar Defense partner Tina Sciocchetti.

      Should Apple Release its Data to the FBI?

      WJAR-TV (Providence NBC affiliate) | February 26, 2016

      Providence commercial litigation counsel Steven Richard is interviewed in a segment about the battle between Apple and the FBI about the potential access to user data.

      Cyber Resolutions for 2016

      Providence Business News | February 08, 2016

      Providence Commercial Litigation counsel Steven Richard authored this column discussing steps organizations can take to promote a data secure environment.

      Enact Security Policy to Avoid Legal Woes after a Breach

      Rochester Business Journal | January 22, 2016

      Rochester Commercial Litigation associate Kate Martinez is quoted in this story about cybersecurity. Her commentary focuses on the evolving laws around data privacy and their increasing complexity.

      Shaq Must Defend Lawsuit After Posting Insulting Tweet

      Bloomberg BNA Social Media Law & Policy Report | January 20, 2016

      Providence Commercial Litigation counsel Steven Richard is quoted in this article about how the right of publicity affects social media use.

      What Banks Should Fear In 2016

      Legal Bisnow (DC) | January 08, 2016

      This piece, which describes the need for financial institutions to prepare for heightened regulatory scrutiny of their cyber preparedness, features commentary from Susan.

      Can Government Force Private Companies to Decode Encrypted Messages for Law Enforcement?

      Law360 | November 24, 2015

      Susan authored this column discussing whether the government can force private companies to decode encrypted messages for law enforcement.

      Business Lunch: Data Privacy

      WJAR-TV | November 19, 2015

      In this live, in-studio segment, Providence Commercial Litigation counsel Steven Richard, a member of our Data Privacy & Cybersecurity team, discusses key data privacy and security issues.

      Lawsuits against Excellus, claims of fraud mount

      Democrat and Chronicle | November 08, 2015

      Rochester Commercial Litigation associate Kate Martinez, a member of the firm’s Privacy and Data Protection team, provides third-party commentary in this article on the legal challenges facing a leading health insurer following a hack that led to access to personal information of 10.5 million current and former customers and vendors.

      Safe Data Starts at Top

      Providence Business News | November 02, 2015

      Providence Commercial Litigation counsel Steven Richard, a member of our Data Privacy & Cybersecurity team, authored this column discussing how data security poses a paramount strategic concern and why proactive leadership at the highest organizational levels is required.

      Call Me Unconstitutional: Hang-Up for SC's Robocall Law

      Law360 | September 16, 2015

      Providence Commercial Litigation counsel Steve Richard authored this column discussing developments in and results of a court decision regarding a political consultant’s First Amendment challenge to South Carolina’s anti-robocall statute.

      New Identity Theft Protection Law Receiving Mixed Reviews

      Rhode Island Lawyers Weekly | August 31, 2015

      Providence Commercial Litigation counsel Steven Richard is quoted in this article discussing the Identity Theft Protection Act, which governs the steps businesses and other entities must take to prevent the theft of personal information like Social Security and credit card numbers.

      Commentary: Identity-theft law stronger

      Providence Business News | July 06, 2015

      Providence Commercial Litigation counsel Steven Richard authored this guest column discussing the Rhode Island Identity Theft Protection Act of 2015.

      Laws Try to Resolve Employer-Employee Social Media Conflicts

      Wall Street Journal | May 28, 2015

      Providence Commercial Litigation counsel Steven Richard is quoted in this article discussing how state laws on social media are impacting employer-employee relations in the absence of an overarching federal law.

      Are Employers Responsible for an Employee's Unauthorized Review of a Patient's Confidential Health Information?

      Journal of the American College of Radiology | May 01, 2015

      This contributed column discusses employer liability for employees who improperly access confidential patient information. This piece is authored by Albany Health Care partners Laurie Cohen and Peter Millock, counsel Barbara Asheld and Long Island associate Brooke Lane.

      Future of FTC Data Security Enforcement Hinges on Forthcoming Wyndham Ruling

      Bloomberg BNA Privacy and Data Security Law Resource Center | January 02, 2015

      Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman is quoted in this article discussing a matter before the U.S. Court of Appeals which presents an unprecedented opportunity to define the Federal Trade Commission's authority to police the data security practices of U.S. companies.

      Retailers Must Not Ignore Security Alerts, Court Says

      CSO | December 15, 2014

      San Francisco Commercial Litigation partner Karl Belgum is quoted in this article on the implications of a Minnesota federal court's decision regarding Target’s data breach litigation indicating expansive retailer liability for stolen credit card data.

      National Notification Law Unlikely

      Law Technology News | December 02, 2014

      Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman is noted as a featured panelist and is quoted in this article recapping the ALM Cybersecurity and Data Protection Legal Summit.

      Walgreen Case Opens Door for State Law HIPAA Claims

      Law360 | November 25, 2014

      Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman authored this piece discussing new openings for state law claims of Health Insurance Portability and Accountability Act violations against covered entities and business associates.

      Wearable Wellness

      HR Executive | October 01, 2014

      San Francisco Labor & Employment associate Alexandra Devendra is quoted in this feature story on personal health information confidentiality and HIPAA’s nondiscrimination provision concerning employee use of wearable devices.

      Is Anyone Really 'HIPAA Compliant' in Healthcare?

      Forbes | September 29, 2014

      Providence partner and leader of the firm’s Privacy & Data Protection team Linn Freedman provides commentary in this column on understanding and adhering to HIPAA across the entire digital health ecosystem.

      Assessing the Financial Impact of 4.5 Million Stolen Health Records

      Forbes | August 25, 2014

      This column discusses the impact of Community Health System’s data breach. Partner and leader of the firm’s Privacy & Data Security team Linn Freedman acts as a third-party source.

      CHS Starts Notification Process Following Huge Breach

      Health Data Management | August 19, 2014

      Partner and leader of the firm’s Privacy & Data Protection group Linn Freedman provides third-party commentary on Community Health Systems’ data breach of protected health information.

      3 Cybersecurity Steps Defense Contractors Need To Take

      Law360 | August 05, 2014

      Washington, DC, Government Investigations & White Collar Defense partner Grayson Yeargin, Washington, DC, Commercial Litigation and Government Contracts partner Vince Napoleon and Washington, DC, Commercial Litigation associate Katherine Bastian discuss steps companies doing business with the government should take as they are facing new cybersecurity requirements.

      Employment bar deconstructs new social media privacy law

      Rhode Island Lawyers Weekly | August 04, 2014

      Partner and leader of the firm’s Privacy & Data Protection practice Linn Freedman discusses the Employee Social Media Privacy Act signed into law by Rhode Island Gov. Lincoln Chafee.

      Directors to Watch 2014

      Directors & Boards | August 01, 2014

      Partner Linn Freedman, member of the board of directors of Roger Williams University and Roger Williams Law School, is featured among the publication’s ninth annual class of directors to watch.

      Lab I.T. Put to the Test

      Health Data Management | June 01, 2014

      Partner and leader of the firm’s Privacy & Data Protection practice Linn Freedman and Providence Government Investigations & White Collar Defense associate Kathryn Sylvia discuss provisions under a federal rule to give patients or designated representatives the right to receive copies of medical test results from most clinical laboratories.

      Show More Show Less

      Contacts

      Jason P. Gonzalez

      Partner
      Practice Group Leader, Data Privacy & Cybersecurity

      jgonzalez@nixonpeabody.com

      Phone: 213-629-6019

      Laurie T. Cohen

      Partner

      lauriecohen@nixonpeabody.com

      Phone: 518-427-2708

      Valerie Breslin Montague

      Partner

      vbmontague@nixonpeabody.com

      Phone: 312-977-4485

      Christopher P. Keefe

      Partner
      Deputy Practice Group Leader, M&A and Corporate Transactions Group

      ckeefe@nixonpeabody.com

      Phone: 617-345-1350

      View All Contacts

      NP Privacy Partner Blog
      Staying ahead in a data-driven world: insights from our Data Privacy & Security team
      Back to top