In an era where data is the lifeblood of business, protecting information isn’t just a regulatory requirement—it’s a strategic imperative. Lathrop GPM’s Data Privacy & Security team is dedicated to helping you navigate this complex landscape with confidence, turning potential vulnerabilities into opportunities for growth and resilience.
With the rapid evolution of global privacy laws, organizations face unprecedented challenges in managing and securing data across borders. At Lathrop GPM, we understand that safeguarding data is more than compliance; it’s about preserving trust, maintaining a competitive advantage, developing strategic and sound data privacy and security solutions, and protecting your reputation. Our attorneys work collaboratively across multiple functions within client organizations, including products, marketing, information technology, engineering, human resources and communications, to advise and provide effective solutions on a broad spectrum of compliance matters.
With an eye toward prevention, our multidisciplinary team of attorneys and data specialists can assess regulatory requirements, identify risk and develop strategies to protect personally identifiable information (PII), personal health information (PHI) and proprietary data.
Why Choose Us?
In-Depth Understanding of Complex Regulations: Navigating the intricate web of data privacy and security laws requires a deep understanding of both the legal landscape and the specific challenges faced by different industries. Our team is immersed in the nuances of U.S., European, and other regional regulations and emerging frameworks. We don’t just provide advice; we interpret and apply these complex regulations to your business’s unique context, ensuring that you comply and thrive in a data-driven world.
Tailored and Business-Centric Solutions: Data privacy and security are not one-size-fits-all challenges. Our approach is to tailor solutions that align with your business model, operational needs, and industry-specific risks. By integrating legal guidance with your strategic goals, we help you achieve compliance in a way that supports, rather than hinders, your business objectives. Our ability to deliver nuanced, practical advice that balances legal imperatives with commercial realities sets us apart.
Strategic Risk Management & Prevention: Our firm excels in responding to data breaches and compliance issues, as well as proactively identifying and mitigating risks before they materialize. We understand that the best defense is a robust offense—by advising on data governance, privacy by design, and cross-border data flows, we help you build resilient systems that minimize exposure and enhance customer trust. This proactive stance, combined with our commitment to staying ahead of regulatory changes, gives you a strategic advantage in protecting one of your most valuable assets—data.
CIPP-certified Attorneys: Our Data Privacy & Security group provides the full spectrum of counseling in data rights, security and privacy to clients across various industries. Our CIPP-certified privacy attorneys are well-versed in privacy and data security-related regulation in the United States on both state and federal levels, as well as in other jurisdictions.
Substantive Areas
Cybersecurity Readiness, Data Loss and Data Breach Incident Support: Preparedness is imperative. Our team helps you establish and maintain cybersecurity measures, from conducting risk assessments to managing incident responses and fulfilling regulatory notification requirements. We have managed a wide variety of data breach and data loss incidents including thefts of laptops, mobile phones and other devices containing PII and/or PHI; infiltrations of company databases for corporate or government espionage; theft of credit card information and subsequent improper charges; postings of trade secret information on social media and other websites; employee transfers of proprietary data to personal email, external drives, cloud, etc.; and Dedicated Denial of Service (DDoS) attacks upon company websites. We guide you through every step to minimize the impact of a breach. The team’s experience includes:
- Incident and breach risk assessment and response
- Individual and regulatory notifications and regulatory investigation responses for the Office for Civil Rights, Federal Trade Commission (FTC), State Attorneys General and State Insurance Commissioners
- Media notification
- Insurance tender and response
Emerging Technologies and Privacy-by-Design: As technology evolves, so do the risks associated with data privacy. We provide guidance on privacy implications for emerging technologies, including biometrics, IoT, artificial intelligence (AI) and generative AI. Our “privacy-by-design” counseling ensures that privacy is integrated into your product development process.
Litigation: Our team offers extensive litigation support to clients facing myriad legal challenges related to data privacy and security. This includes individual data and privacy litigation, class action defense, shareholder derivative suits, regulatory enforcement actions, violations of data protection laws, intellectual property and trade secrets, breach of fiduciary duty, failure to disclose cybersecurity risks and more.
Social Media, Privacy and Technology in the Workplace: Well-crafted social media, privacy and technology policies that balance company needs and concerns against employees’ legal rights are important tools for any business. Lathrop GPM’s team is experienced in managing these competing legal risks. Our attorneys advise clients regarding:
- Bring your own device (BYOD) policies
- Compliance with FRCA
- Investigations of employee misconduct and theft
- Monitoring of employee communications
- Post-hire investigations
- Pre-employment background checks
- Usage and privacy policies for websites, information technology, social media, artificial intelligence and generative AI
- Video surveillance
U.S., Industry-specific and Global Privacy Compliance: We assist businesses in developing and implementing robust privacy strategies that comply with many U.S., industry and global regulations. Our services include data mapping, regulatory audits, cross-border data transfer, and creating customized privacy policies that reflect your company’s specific data practices. We have experience handling matters pertaining to:
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
- EU Data Directive
- Fair Credit Reporting Act (FCRA)
- Federal Deposit Insurance Corporation (FDIC) and banking regulations
- Federal Trade Commission (FTC) laws
- General Data Protection Regulation (GDPR)
- Gramm-Leach-Bliley
- Health Information Technology for Economic and Clinical Health Act (HITECH)
- Health Insurance Portability and Accountability Act (HIPPA)
- Payment Card Industry Data Security Standard (PCI DSS) compliance
- Telephone Consumer Protection Act (TCPA)
Our Services Also Include:
- Children’s data protection
- Cybersecurity insurance evaluation, navigation and loss mitigation
- Data retention and minimization policies
- Employee and stakeholder training on privacy and data protection
- Internal documentation for regulatory compliance
- Regular updates on industry standards, enforcement actions and regulatory guidance
- Technology Transactions and Third-Party Agreements
Stay Informed
To help you stay ahead in the ever-evolving landscape of data privacy, subscribe to our Data Privacy client alerts and receive the latest updates on industry trends and regulatory developments.