Skip to Main Content
Capabilities / Data Privacy & Cybersecurity

Data Privacy & Cybersecurity

Managing information assets.

Husch Blackwell's Data Privacy & Cybersecurity law team helps organizations leverage the value of their information assets while satisfying compliance requirements and controlling risk. Our data privacy lawyers possess insights and solutions enabling clients to achieve firmer control over their information while making meaningful progress toward long-term data security objectives.

Our team of data privacy & cybersecurity attorneys regularly counsel clients on complying with existing and emerging data privacy and information security laws, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA) and state information security statutes. Clients also rely on our Byte Back blog for legal trends in data privacy and cybersecurity.

Our law firm helps safeguard clients against cybertheft and other unauthorized disclosures of protected information. We assess cybersecurity risks and provide best practices guidance for preparing for data security incidents. When data breaches are suspected, our team of Breach Response lawyers responds immediately to minimize damage to business operations and reputation.


Our team of data privacy lawyers advises on compliance with HIPAA, the Gramm-Leach-Bliley Act, FERPA, TCPA, the CAN-SPAM Act, EFTA, FCRA/FACTA, COPPA and state privacy laws. We evaluate and develop information security compliance plans, conduct compliance training, and prepare and negotiate information privacy-compliant agreements. We also defend clients against litigation and regulatory investigations. We respond to Office for Civil Rights enforcement actions, often negotiating dismissals; litigation, including class actions; and Telephone Consumer Protection Act (TCPA) enforcement proceedings.

We are uniquely situated to advise colleges and universities on Education Privacy Law matters, including FERPA guidance. 


The best time to assess risk, secure data and plan for a breach is before a cybersecurity incident occurs. Husch Blackwell helps clients guard against cybertheft, cyberextortion and other unauthorized disclosures of protected information. We assess cybersecurity risks and gaps, develop compliant and effective security controls, educate employees, assess cyberliability insurance coverage and establish defensible records retention plans.

Breach response

When protected information is compromised or lost, our Breach Response attorneys move immediately to determine legal responsibilities and next steps in an effort to minimize damage. Our team has identified 10 channels of activity, from notification to insurance coverage, that must occur after a data breach. We guide clients in laying groundwork that will ensure these activities are handled with minimal confusion, cost, risk and delay during a rapidly unfolding, high-stakes breach crisis. 

Representative Experience

  • Developed records retention schedules, file plans and information management policies for an $83 billion asset management and financial planning firm, and for a financial services and national bank holding company with $33 billion in managed assets.
  • Represented clients in health information data breaches involving thousands of patients’ medical records. Advised clients on appropriate responses and best practices to protect patient data.
  • Developed legal hold processes for organizations in the energy, retail and manufacturing industries.
  • Developed and validated records retention schedules for multistate power and gas utilities and pipelines.
  • Provided information management training to over 900 corporate personnel at a professional services company.
  • Drafted medical staff bylaws, rules and regulations, including HIPAA-compliant policies and procedures.
  • Developed records retention schedules and advised on records retention and information management policies, procedures and implementation for a Fortune 100 pharmacy benefits management company.
  • Advised regarding legacy data remediation for a regulated public utility.
  • Performed HIPAA Security Rule risk assessments for covered entities and business associates, including Long Term Care facilities and Third Party Administrators.
  • Validated records retention schedules for hospitals and health systems, pharmaceutical and biotechnology companies, pharmacy benefit management companies, and medical equipment manufacturers.
  • Delivered processes and presented training on compliant records management and disposal for organizations undergoing corporate headquarters moves in the professional services, retail and manufacturing industries.
  • Represented clients in health information data breaches involving thousands of patients’ medical records. Advised clients on appropriate responses and best practices to protect patient data.
  • Represented a specialty physician group practice whose computer system was compromised by the download of patient records. Our representation led to the return of patient records and ensured compliance with HIPAA and HITECH. Our client recouped all costs relating to this matter.
  • Counseled large pharmaceutical client that manages a significant amount of protected health information in analyzing its de-identification practices to ensure compliance with HIPAA while continuing its practice of transmitting de-identified information to third parties without individual authorization. We partnered with statistical consultants to develop a unique approach to utilize the protected health information while maintaining compliance with HIPAA. We also worked with our client to develop sophisticated guidelines to help them make use of the de-identified information.
  • Defended numerous healthcare clients in HIPAA investigations, including breaches involving 500 or more individuals. Additionally, the attorney provided essential testimony in court cases regarding privacy and security requirements under state and federal law.
Blog | May 29, 2022
CPRA Draft Regulations Issued
Blog | January 10, 2022
2022 State Privacy Law Tracker Released
Blog | December 24, 2021
A Privacy Christmas Story
Blog | March 20, 2021
Colorado Privacy Act Introduced
Blog | February 18, 2021
2021 State Privacy Law Tracker Released
Blog | January 09, 2021
2021 Washington Privacy Act Released
Articles | November 12, 2020
Rock Products: Cybercrime Risks
Blog | March 12, 2020
Washington Privacy Act Fails
Blog | January 12, 2020
2020 Washington Privacy Act Released
Webinar | March 7, 2022
What is the Utah Consumer Privacy Act?
Webinar | February 12, 2020
Analyzing the AG's Modified CCPA Regulations
Webinar | November 2019
60 Days Until CCPA: Are You Ready?
Webinar | October 2019
New York's SHIELD Act: "Reasonable" Safeguards on Private Information

Data Security Solutions Webinar Series

Media Mentions | July 18, 2022
Data Guidance: Connecticut: Analysing the CTDPA
Media Mentions | February 23, 2022
Avast: 2022 Data Privacy Legislation Update
Media Mentions | February 01, 2022
Bloomberg Law: Privacy & Data Security Outlook 2022
News Releases | April 10, 2020
Wakaba Tessier Named to Law360 2020 Health Editorial Advisory Board

Tessier will serve as one of 10 subject-matter experts who will offer feedback and insight on Law360's health coverage.

News Releases | October 30, 2019
Malia Rogers Joins Husch Blackwell's Data Privacy and Intellectual Property Teams

Rogers focuses on a broad range of privacy and cybersecurity issues and provides counsel to numerous clients on issues regarding California Consumer Privacy Act compliance.

News Releases | September 04, 2019
Husch Blackwell Hosts CCPA Webinar Update

Husch Blackwell attorneys Robert J. Bowman, Lauren Cabral, Ephraim Hintz and David M. Stauss will review and discuss the fate of numerous assembly bills (AB) and the impact of any amendments on CCPA compliance efforts.

Stay updated.

Subscribe to receive Husch Blackwell’s news and insights.

Select your preferences