Data Privacy and Cybersecurity

Practice Contacts

Stephen E. Stein
Michael C. Titens
Justin S. Cohen
  • |
  • |
  • |
View Data Privacy and Cybersecurity

In today’s digital age, businesses face unprecedented challenges in managing and protecting intellectual property and personal information regarding their customers, employees, and partners.  Diverse legal and regulatory requirements raise critical concerns for businesses that impact how they collect, use, and protect their data.  Therefore, it is crucial that companies develop a proactive approach to data security and related privacy issues. 

Thompson & Knight’s Data Privacy and Cybersecurity Practice consists of an interdisciplinary team of lawyers who focus on data privacy and security, intellectual property protection, and response to cybercrimes and network intrusions. Our experience is wide-ranging and includes privacy and data use plans and procedures; regulatory compliance; data protection and privacy policies; website and social media terms; intellectual property protection and enforcement; bring your own device (BYOD); cross-border data transfer; vendor management; employee training and compliance programs; cyber insurance and risk management; cyber-related due diligence in mergers and acquisitions; and incident response and data breach investigations.  We help clients across various industries – retail, oil, gas, and energy, financial services, healthcare, insurance, software, and technology, among others – develop strategies to protect their valuable data and reputation.

We are recognized as approved cyber insurance panel counsel by one of the nation’s largest insurance companies, and our team includes former Department of Justice attorneys with experience investigating and prosecuting cybercrimes under the Computer Fraud and Abuse Act.  With more than 20 lawyers from offices across the United States and Mexico, we are well-versed in the challenging state and federal regulatory requirements related to the cyber arena. Our team of experts frequently contributes to panels and publications concerning data privacy, cybersecurity, and data breach incidents. Our experience includes:

Legal Compliance and Regulatory Issues

  • Advise clients on state and federal data privacy laws
  • Develop client-specific written data protection and breach response policies and procedures
  • Assist with HR policies and employee training programs
  • Negotiate vendor agreements for software tools, vulnerability assessments, and data hosting and management to cover cyber risk protection
  • Advise clients with respect to cross-border data transfer issues
  • Coordinate data protection programs with intellectual property policies to protect trade secrets and confidential information
  • Review cybersecurity insurance policies and advise clients on strengths and weaknesses
  • Prepare privacy policies and website terms of use
  • Draft data privacy HIPAA and HITECH compliance policies
  • Assist clients with data privacy and security due diligence in M&A

Incident Response and Investigations

  • Assist clients in responding quickly and effectively to a data breach to minimize damage and litigation risks
  • Conduct internal data breach investigations
  • Assist clients in data breach remediation, including mandatory federal and state notifications
  • Assist clients in meeting industry specific regulatory requirements
  • Help clients set up consumer call centers following data breaches
  • Assist clients with preliminary investigations regarding hosting and exchange provider
  • Coordinate with forensic experts and law enforcement when needed


  • Represent clients in data privacy, data breach, and other cyber-related litigation, including Computer Fraud and Abuse Act litigation, FTC, FCC, and Attorney General investigations, trade secret litigation, and cybersecurity insurance coverage disputes
  • Coordinate investigations with federal and state law enforcement agencies and assist clients in developing and presenting evidence for investigations and criminal prosecutions