Data Privacy and Information Security


Data privacy and information security are rapidly expanding areas of law that impact nearly every other legal practice area. As society continues to become increasingly digital, the universe of businesses and organizations that must be aware of and comply with these laws and regulations continues to expand. Virtually every business, organization and governmental entity is obligated to protect data and private information at some level. Healthcare organizations must protect the privacy of patient information. Organizations must protect the private information of their customers and employees alike. Educational institutions must protect their students’ records. Every organization that provides e-mail access to its employees must protect against employees falling prey to phishing schemes and ransomware. If a breach occurs, organizations must respond swiftly and in a very specific manner.

Graves Garrett’s team of attorneys includes a Certified Information Privacy Professional, former state and federal prosecutors, and a former FBI agent recognized as a National Law Journal Cybersecurity & Data Privacy Trailblazer; this combination of experience and expertise gives the firm unique insight into regulatory and compliance needs, incident response, enforcement actions, and civil litigation related to data privacy and information security. Capitalizing on our collective skillset, we help clients of all sizes obtain compliance with data-related laws and regulations, establish risk mitigation programs, create and regularly review incident response plans, and manage data breaches; we also represent clients in government investigations and civil lawsuits related to the Stored Communications Act, Electronic Communications Privacy Act, and other data related lawsuits and investigations. Graves Garrett assesses each client to understand the risk it faces in light of its size, industry, and the amount and type of data it utilizes or holds. Then, working hand-in-hand with our client, we create a plan tailored to that client’s needs, potential exposure, and resources. In the unfortunate event of a cybersecurity incident, we are poised to assist you in understanding, responding to, and managing that incident in a manner that satisfies your obligations under the law and minimizes the financial and reputational damage to your organization.