Cybersecurity and privacy are ongoing and pressing concerns for today’s businesses. Information is value. Technology is value. Both can present large risks. The protection and management of information and technology infrastructure are key. Legal decisions are becoming increasingly complex and affect a variety of significant regulatory, transactional, civil liability, and reputational risks. 

Bradley’s multidisciplinary Cybersecurity & Privacy Practice Group has more than two decades of experience in privacy and information security law.

Our team is composed of attorneys from various practice groups, based in office locations in multiple states and the District of Columbia. Our diversity and breadth of experience allow us to quickly and efficiently assemble the right team to provide tailored counsel to clients of various sizes across industry sectors and regulatory schemes at each point of the data management lifecycle. These services are critical to our clients’ operations; companies that fail to protect proprietary business information or sensitive customer information face great potential losses and liability exposure, as well as serious public relations problems.  

The dynamics of our team help our clients keep pace with and look ahead to the rapidly evolving and complex legal world of cybersecurity and privacy.

By keeping up with the rapid spread and evolution of data breach attacks, technology, and related laws and regulations, our attorneys have staked out a position on the cutting edge. We work the solution before there is a problem. When a client comes to us with an issue, we quickly assemble a carefully selected, client-specific team that efficiently crafts custom solutions that address both the short-term needs and long-term success of our client. Because privacy and information security is an ever-evolving area, cybersecurity developments often outpace legal developments. Our team is proactive in making informed judgments to fill in the gaps when the law does not resolve a particular cybersecurity issue. 
We advise businesses on prospective risk avoidance through drafting, review, and analysis of privacy programs, data policies, customer notices and agreements, and third-party service provider contracts. We also collaborate with in-house counsel, privacy officers, risk managers, and data breach responders to develop effective legal solutions for their unique business needs. 
In the unfortunate event of a data breach or attack, we immediately help our clients respond, and guide and protect them through the ensuing recovery and resiliency stages, including investigation, reporting, and disclosure, as well as assisting with public relations, law enforcement, and liability exposure. We vigorously advocate for our clients at each point in the process and aggressively defend against any claims or actions that may follow a breach. We regularly help our clients navigate responses to breaches from a variety of vectors, such as third-party hacks, fraudulent electronic transactions, and insider losses, and those involving a variety of types of attacks such as phishing and malware, including ransomware.
In addition to legal matters, we address pragmatic concerns, such as reputational risk and customer service issues. Our attorneys appreciate that the end goal of privacy law is to protect consumer information, so we work to align our clients’ goals with the wants and needs of their customers, resulting in an overall benefit to their businesses.
Our attorneys regularly speak at local, regional, and national cyber and legal conferences on a wide variety of cyber and privacy issues. We regularly publish articles and are interviewed regarding these issues for content in a variety of media. As a service to our clients and the business community, Bradley also offers an advanced data breach webinar series focused on the most current and pressing developments in issues involving litigation, law enforcement, information security, healthcare, and financial institutions.
Our attorneys have decades of experience in advising clients on the unique privacy and security issues faced by financial institutions and creditors, healthcare providers, retailers, government contractors, and other companies. We counsel our clients in all phases of the risk management process, including assessment, protection, response and mitigation, and resiliency and recovery. Our team advises and helps our clients minimize the risk for data breach and comply with the myriad of laws in force for all such organizations, large or small. 

Medical Privacy Laws and Regulations, including the Health Insurance Portability and Accountability Act (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the corresponding privacy and security regulations adopted by the U.S. Department of Health and Human Services.

Consumer Protection Laws, including federal statutes, such as the Federal Trade Commission (FTC) Act, Fair Credit Reporting Act (FCRA) and its Fair and Accurate Credit Transactions Act (FACTA) amendment, Children’s Online Privacy Protection Act (COPPA), Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM), and Telephone Consumer Protection Act (TCPA), as well as state statutes, such as security breach notice laws; state unfair and deceptive trade practices acts; and state-level analogs to the FCRA, TCPA, and similar federal statutes.

Financial Privacy and Bank Secrecy Laws and Regulations, including the Gramm-Leach-Bliley Act (GLBA) and its Safeguard Rule, FFIEC Cyberassessment Tool, FACTA Red Flag Rules, Right to Financial Privacy Act (RFPA), Bank Secrecy Act, and PATRIOT Act, including establishing information security and protection procedures and information security and privacy policies. 

Litigation, in federal and state courts, in data breach and other privacy-related litigation, such as FACTA, FCRA, TCPA, GLBA, unfair or deceptive trade practices, and other statutory and common law claims, on both an individual and class action basis.

Our team further counsels clients in a diverse array of industries on online advertising and marketing; data-sharing programs; direct marketing relationships; privacy and data security program assessments and reviews (including NIST and FFIEC); payment card data security; online and electronic transactions; contracting and disclosures; data retention policies; joint marketing and service provider agreements; and social media, BYOD, and e-mail policies and training.