Building windows

Cybersecurity and Privacy Group

Privacy and data protection are among the biggest challenges for businesses today. Data breaches and privacy missteps can lead to costly, unanticipated expenses and business disruptions, as well as regulatory enforcement actions and class-action lawsuits. Cyber risk affects every industry and business.

JMBM’s Cybersecurity and Privacy Group is known both for legal expertise and for command of technology. We provide clients comprehensive coverage of all substantive areas of data security and privacy, including information technology, financial, health, employment and personal privacy, litigation and technology transactions. Our expertise allows us to interface effectively with both the C-Suite and also with information technology managers at both a strategic and granular level. Our attorneys have been recognized on the list of the “Top 20 Cyber – Artificial Intelligence Lawyers” by the Daily Journal, as among the "Most Influential Lawyers: Digital Media and E-Commerce Law," by the Los Angeles Business Journal, as “Top Rated Lawyers in Technology Law" by Martindale-Hubbell, and as Southern California Super Lawyers in the areas of Information Technology and Technology Transactions.

As a resource for lawyers, executives, boards of directors and IT professionals of middle market companies, we publish the Cybersecurity Lawyer Forum, a blog that provides practical information and timely news on cybersecurity and privacy issues.

We use our deep understanding of relevant technologies to help our clients develop and implement privacy and information security policies that reflect the needs of their business, and to implement and enforce those policies. Our grasp of information security requirements, risk control and crisis management make us a key advisor to companies engaged in multinational or regulated businesses. Our strong third-party relationships allow us to provide a full array of privacy and data protection services in the U.S, UK, EU and elsewhere around the globe. Our strategic relationships with service providers allows us to provide an enhanced range of services to clients and give our lawyers the most current information about the latest in cybersecurity defense technologies.

Privacy and data security does not exist in a vacuum - our lawyers have extensive experience in complementary areas, enabling us to counsel clients on the full range of privacy and data security laws. Our privacy and data security attorneys include litigators, labor lawyers, transactional lawyers, and legislative and regulatory specialists with substantial experience in dealing with lawmakers and regulators.

JMBM has been at the forefront of privacy, information management and data protection issues. Members of the JMBM Cybersecurity and Privacy Group are frequent authors and speakers on data security and privacy issues. Our attorneys are the authors of the Bloomberg BNA Portfolio "Records Retention for Enterprise Knowledge Management." The guide is one of the first comprehensive treatments of the legal challenges posed by electronically stored information, and addresses why and how businesses should create, implement and manage their records retention policies to protect sensitive information and comply with legal requirements.  

We help clients:
  • Develop compliance strategies for the California Consumer Privacy Act of 2018;
  • Develop and implement data breach response plans and procedures, and related privacy, information security and data retention policies and procedures;
  • Conduct internal investigations, particularly those involving sensitive electronically stored information;
  • Respond to data breaches, including selecting appropriate technology and forensics experts;
  • Address a host of statutory and regulatory issues, including Gramm-Leach-Bliley Act, Children’s Online Privacy Protection Act, Fair and Accurate Credit Transactions Act and Fair Credit Reporting Act;
  • Develop effective solutions for protecting and managing information assets and complying with legal requirements, using an approach designed to help clients contain costs and maintain operational efficiency; 
  • Address data privacy and security issues in M&A transactions, throughout the entire transaction lifecycle;
  • Advise clients on international privacy laws and rules on their businesses, including post–E.U. Safe Harbor issues and the General Data Protection Regulation;
  • Address legal challenges posed by the proliferation of social media and mobile applications;
  • Negotiate agreements for technologies and services to implement information management systems;
  • Deploy new information technologies;
  • Avoid, address and mitigate state and federal regulatory enforcement actions; 
  • Conduct complex litigation and arbitrations, including class action defense actions connected with data breach and privacy claims; 
  • Assist companies in developing appropriate governance tools to the board of directors and executive management levels to address cyber risk; and
  • Assess ADA compliance and defense relating to websites, online reservation systems and emerging e-commerce platforms.
Representative Experience
  • Developed compliance program for an online retailer under the revised Children’s Online Privacy and Protection Act.
  • Structured and implemented protocols and contractual provisions for a major cloud computing provider to comply with the European Union Data Protection Protocol and privacy and security laws of Canada, Singapore, Australia, Mexico and India.
  • Represented internationally known retailer in data breach remediation and the establishment of a comprehensive breach remediation protocol.
  • Represented retailer whose information was maintained at a nationally-recognized aggregator and breached; worked with federal and state law enforcement officials and multiple law firms in remediation.
  • Negotiated remediation and notification of a security breach by a data broker on behalf of a client of the data broker.
  • Represented a franchisee whose computer server was physically stolen with customer information relating to over 2 million accounts. Coordinated with franchisor, local law enforcement and insurance companies.
  • Assisted nationally recognized retailer (both online and brick and mortar) whose employee information was compromised by introduction of a peer-to-peer network.
  • Designed privacy and security protocols for nationally-known shopping mall operator.
  • Represented nationally recognized retailer before the Federal Trade Commission claiming unfair and deceptive practices; resulted in no claim being brought.
  • Coordinated comprehensive notification for an event planner whose database was compromised.
  • Represented merchant card processing company in an investigation of potential breach.
  • Represented large regional managed healthcare company in an investigation of potential breach.
  • Represented consumer lender in developing a comprehensive breach notification protocol.
  • Designed security and breach protocol procedures for multinational manufacturer.
  • Designed security and breach protocol procedures for multinational membership organization.
  • Assisted major consulting company in remediating issues arising from theft of a laptop computer containing sensitive M&A data.
  • Assisted manufacturer of medical devices in developing its worldwide privacy and data security policies and strategies.
  • Assisted major insurance broker in remediation of significant data breach.
Our experience with various technologies and methodologies permits us to develop custom solutions to our clients' privacy, data protection and information management challenges. Our team also helps businesses anticipate changes to privacy and data security laws and shape their business practices to avoid costly and enterprise-threatening legal and regulatory exposures.