Cybersecurity and Privacy Group

Privacy and data protection are among the biggest challenges for businesses today.  Data breaches and privacy missteps can lead to costly, unanticipated expenses and business disruptions, as well as regulatory enforcement actions and class-action lawsuits. Cyber risk affects every industry and business.

JMBM’s Cybersecurity and Privacy Group is known both for legal expertise and for command of technology. We provide clients comprehensive coverage of all substantive areas of data security and privacy, including information technology, financial, health, employment and personal privacy, litigation and technology transactions. Our expertise allows us to interface effectively with both the C-Suite and also with information technology managers at both a strategic and granular level.  

We use our deep understanding of relevant technologies to help our clients develop and implement privacy and information security policies that reflect the needs of their business, and to implement and enforce those policies.  Our grasp of information security requirements, risk control and crisis management make us a key advisor to companies that engage in multinational or regulated transactions. We have strong third-party relationships that allow us to provide a full array of privacy and data protection services in the U.S, UK, EU and elsewhere around the globe. Our strategic relationships with service providers allows us to provide an enhanced range of services to clients and give our lawyers the most current information about the latest in cybersecurity defense technologies.

Privacy and data security does not exist in a vacuum - our lawyers have extensive experience in complementary areas, enabling us to counsel clients on the full range of privacy and data security laws.  Our privacy and data security attorneys include litigators, transactional lawyers, and legislative and regulatory specialists with substantial experience in dealing with lawmakers and regulators.

JMBM has been at the forefront of privacy, information management and data protection issues.  Members of the JMBM Cybersecurity and Privacy Group are frequent authors and speakers on data security and privacy issues.  Our attorneys are the authors of the Bloomberg BNA Portfolio "Records Retention for Enterprise Knowledge Management," which was first released in 2007, and updated in 2012. The guide is one of the first comprehensive treatments of the legal challenges posed by electronically stored information, and addresses why and how businesses should create, implement and manage their records retention policies to protect sensitive information and comply with legal requirements. One of our team members is one of only two lawyers recognized in the 2015 Southern California SuperLawyers for Information Technology expertise and a member of the International Association of Privacy Professionals. 

We help clients:

  • Respond to data breaches, including selecting appropriate technology and forensics experts;
  • Develop and implement data breach response plans  and procedures, and related privacy, information security and data retention policies and procedures;
  • Address a host of statutory and regulatory issues, including Gramm-Leach-Bliley Act, Children’s Online Privacy Protection Act, Fair and Accurate Credit Transactions Act and Fair Credit Reporting Act;
  • Develop effective solutions for protecting and managing information assets and complying with legal requirements, using an approach designed to help clients contain costs and maintain operational efficiency. 
  • Advise clients on international privacy laws and rules on their businesses, including the U.S.–E.U. Safe Harbor Program;
  • Address legal challenges posed by the proliferation of social media and mobile applications;
  • Negotiate agreements for technologies and services to implement information management systems;
  • Deploy new information technologies;
  • Conduct internal investigations, particularly those involving sensitive electronically stored information;
  • Avoid, address and mitigate state and federal regulatory enforcement actions; 
  • Conduct complex litigation and arbitrations, including class action defense actions connected with data breach and privacy claims; and
  • Assist companies in developing appropriate governance tools to the board of directors and executive management levels to address cyber risk.

Representative Experience

  • Developed compliance program for an online retailer under the revised Children’s Online Privacy and Protection Act.
  • Structured and implemented protocols and contractual provisions for a major cloud computing to comply with the European Union Data Protection Protocol and privacy and security laws of Canada, Singapore, Australia, Mexico and India.
  • Represented internationally known retailer in data breach remediation and the establishment of a comprehensive breach remediation protocol.
  • Represented retailer whose information was maintained at a nationally-recognized aggregator and breached; worked with federal and state law enforcement officials and multiple law firms in remediation.
  • Negotiated remediation and notification of a security breach by a data broker on behalf of a client to the data broker.
  • Represented a franchisee whose computer server was physically stolen with customer information relating to over 2 million accounts. Coordinated with franchisor, local law enforcement and insurance companies.
  • Assisted nationally recognized retailer (both online and brick and mortar) whose employee information was compromised by introduction of a peer-to-peer network.
  • Designed privacy and security protocols for nationally-known shopping mall operator.
  • Represented nationally recognized retailer before the Federal Trade Commission claiming unfair and deceptive practices; resulted in no claim being brought.
  • Coordinated comprehensive notification for an event planner whose database was compromised.
  • Represented merchant card processing company in an investigation of potential breach.
  • Represented large regional managed healthcare company in an investigation of potential breach.
  • Represented consumer lender in developing a comprehensive breach notification protocol.
  • Designed security and breach protocol procedures for multinational manufacturer.
  • Designed security and breach protocol procedures for multinational membership organization.
Our experience with various technologies and methodologies permits us to develop custom solutions to our clients' privacy, data protection and information management challenges. Our team also helps businesses anticipate changes to privacy and data security laws and shape their business practices to avoid costly and enterprise-threatening legal and regulatory exposures.