Privacy Litigation & Enforcement Actions

We have the regulatory experience and relationships needed to quickly recover from litigation and enforcement actions and offer cost-effective practical step-by-step guidance that will help you get back to business.

Our approach

Our team is led by former state and federal prosecutors, so we know what’s needed to confront and move beyond litigation, government investigations and enforcement actions that can follow a patient or consumer complaint or data breach. We distinguish ourselves by our deep relationships with regulators and nationally recognized negotiation strategies. It’s what allows us to move quickly and efficiently in the face of serious and unexpected disruptions. With stringent enforcement and progressively higher penalties, we know what’s at stake. We offer cost-effective step-by-step guidance to help clients get back to business confidently and efficiently.

Who we work with

  • Companies at any stage of privacy complaints, data theft or loss, whether intentional or accidental, including victims of hacking, disgruntled or negligent employees and natural disasters
  • All industries including technology, health care, finance, infrastructure, defense, energy, big data, social media, data storage and professional services
  • Any company who is facing government audit or other investigation by a federal or state regulatory authority (e.g., the Office for Civil Rights, the Federal Trade Commission, The Federal Communications Commission and state attorneys general)


  • Recognized by Chambers USA as a nationwide leader in the fields of Privacy Law and Healthcare: Regulatory & Litigation
  • Included in The BTI Litigation Outlook 2013 report Honor Roll as one of the “Most Feared Law Firms” for litigation
  • U.S. News & World Report/Best Lawyers “Best Law Firms” nationally recognized Government Investigations & White Collar Criminal Defense practice

Recent experience

  • Defended a client in litigation involving the theft of 1.7 million patient records
  • Assisted a client during a state attorney general investigation of a website hacking incident involving the notification of over 3,500 individuals
  • Represented multiple large health care systems with investigations by the Office for Civil Rights and state regulatory bodies following patient complaints and breaches of protected health information
  • Represented a health care provider through an OCR investigation following the theft of paper medical records
  • Represented multiple health care providers with enforcement actions following the loss or theft of laptops
  • Represented a client during a government investigation following the loss of a laptop containing the PHI of over 11,000 individuals

State AGs at odds over Google privacy pact at high court

Law360 | September 05, 2018

This article mentions Complex Commercial Disputes partners Chris Mason, Sarah André, Dan Deane and Seth Horvath as counsel for The New York Bar Foundation and The New York State Bar Association in an amicus brief—filed with the United States Supreme Court—in support of the approval by a California District Court, and the Ninth Circuit, of Google’s settlement involving a “cy pres” remedy in a privacy-related case.

Cybersecurity and benefits plans: The next front in the ongoing battle to protect personal information

Confero | June 30, 2018

Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.

Back to top