Cybersecurity and Data Privacy


Data and cybersecurity issues have never been more important than they are today. Privacy concerns touch upon all aspects of commerce and consumer dealings. Businesses must remain vigilant to keep up with evolving technology while keeping data secure. Failing to follow privacy and cybersecurity laws and regulations can lead to compliance issues, regulatory and public scrutiny, data loss, and the need to notify clients and regulatory agencies.

Through good planning, companies can create strong organizational and outward-facing policies to protect important and sensitive business and personal data, minimize the chance of a breach, and address any incident that occurs.

Download Service Brochure (PDF)

Representative Experience

  • Served as breach counsel for higher education, health care, manufacturing, and retail clients
  • Investigated data security incidents for clients, including coordination with insurers, retention of experts, interaction with governmental and regulatory authorities, preparation of post-incident reports, and advising clients regarding post-incident remediation
  • Advised clients, including online retailers, on data security matters including data security program compliance
  • Counseled global manufacturing and engineering firm on domestic U.S. and EU GDPR compliance and program implementation
  • Responded to energy, health care, higher education, retail, and financial services industry clients’ data breaches and potential security incidents involving hacking, ransomware, and phishing and whaling attacks, providing breach notification assistance and advice on cybersecurity information-sharing
  • Oversight activities for bank-wide compliance of the Gramm-Leach-Bliley Act of 1999, including implementation of entity-wide compliant data security and privacy program for a large regional financial institution
  • Drafted data privacy and security policies, procedures, and notices for a myriad of commercial and consumer-facing businesses
  • Handled security incident investigations and responses, including data breach notifications to regulatory authorities, state authorities, and individuals
  • Addressed data privacy and security issues in contract negotiation
  • Reviewed cyber insurance policies and provided coverage advice
  • Represented banks relating to financial privacy, Bank Secrecy Act, and customer and fiduciary issues


The Steptoe & Johnson Cybersecurity and Data Team helps clients:
  • Understand and comply with data privacy and cybersecurity laws and regulations
  • Plan and develop compliant organization-wide data security programs
  • Plan for and respond to any breach and re-evaluate existing cybersecurity plans following a breach

Stay informed. Sign up for our mailing lists.

Stay Informed

All of our news and resources are shared electronically. Select your preferred list(s) below.(Required)