Technology, Privacy & Data Security

Featured Publication:

Web Scrapers And Their Targets Beware. Regulators Are Zeroing In On Privacy Implications [Alert]

Lori Kalani, Mira Baylson, and Meghan Stoppel provide a primer on web scraping as well as an overview of the legal and regulatory challenges.

More

As the technology sector continues to evolve, and new rules develop across different platforms and industries, the importance of tech- and business-savvy counsel becomes increasingly important. Recognizing that technology law is integral to businesses of every size, every stage, and across every industry, Cozen O’Connor’s multidisciplinary Technology, Privacy & Data Security team serves as a one-stop shop to help clients — ranging from startups to Fortune 100 companies — navigate technology transactions, as well as regulatory, litigation, and risk management issues.

Our clients include global players in adtech, fintech, edtech, and martech; health care; retail; the financial industry; cloud computing; data brokerage; blockchain; and cosmetics. We also represent online ad networks, software and mobile app developers, media monitors, digital interactive agencies, international e-commerce companies, and major telecommunications and cable service providers, among others.

Transactional Services

Our transactional team addresses a wide range of cyberlaw, privacy, and data security issues and technology- and internet-related transactions. We handle strategic outsourcing/licensing, optimizing digital assets, internal data management and privacy governance, as well as media M&A and other corporate-level technology transactions. We also handle buy- and sell-side technology transactions that typically involve cloud computing, data privacy, IP, software, and security, and interactive marketing regulatory compliance.

Additional transactional services include:

  • drafting and negotiating software, IT services, data, and digital media agreements;
  • advising clients in the use and protection of IP assets;
  • counseling clients on the protection of personal data and other sensitive data assets; and
  • inbound and outbound technology licensing and acquisition.

Regulatory Services

The regulatory landscape surrounding data protection and cybersecurity is ever-changing and fraught with landmines. One incident of data loss, breach, or cyberattack can undermine years of good will and leave clients with daunting financial, legal, and reputational challenges. When disaster strikes, companies need a true crisis manager at the helm to stem the damage and ensure that the remediation strategy complies with all relevant laws and regulations.

We provide advice and counsel on the full panoply of issues clients face in this highly regulated space, including but not limited to complying with the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Electronic Communications Privacy Act (ECPA), the California Consumer Privacy Act (CCPA), Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, the Children’s Online Privacy Protection Act (COPPA), and the Fair Credit Reporting Act (FCRA). We also advise on international data transfers and assist U.S. companies to comply with the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive.

Additional regulatory services include:

  • drafting privacy policies and privacy-related disclosures, and structuring privacy and security by design;
  • assisting with advertising and marketing privacy (including retargeting, cross-device tracking, cookie matching, and identity resolution);
  •  providing advice and counsel on compliance with the Telephone Consumer Protection Act (TCPA), the Canadian Anti-Spam Law (CASL), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and Federal Trade Commission (FTC) guidelines (including privacy and data protection, advertising disclosures, endorsement and testimonial guidelines, and native advertising guidelines); 
  • handling contracts with all aspects of the digital advertising ecosystem, including DSPs, SSPs, DMPs, yield optimization tools, verification tools, ad servers, list management, and lead generator/aggregator and performance marketing contracts; and
  • evaluating and managing vendor privacy and security.

In the event of a data privacy or security breach, our attorneys routinely conduct immediate forensic and recovery operations, send notifications, arrange for customer outreach, communicate with government officials, protect clients from liability, and craft public messages. We also counsel clients on investigations by the FTC, by the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR), and under the Sarbanes-Oxley Act. 

In addition, Cozen O’Connor’s government affairs professionals closely monitor potential changes in state and federal policy regarding data privacy and electronic information security. A leader in policy reform, Cozen O’Connor works with clients to ensure policy compliance in this ever-changing regulatory landscape and also routinely represents clients before regulators and legislators.

Litigation Services

Our team of skilled litigators has successfully represented clients in privacy and data-related class actions, multiparty and individual cases in jurisdictions across the country as well as in front of federal regulatory agencies, such as the FTC. We work hand-in-hand with the firm’s nationally recognized State Attorneys General practice and Public Strategies practice to ensure our clients respond to state investigations and are getting up-to-date guidance in this ever changing area.

Risk Management Services

Our group also has extensive experience in the fast growing and ever-evolving cyber risk market. As a long-time leader in the insurance bar, Cozen O’Connor attorneys have helped develop first- and third-party cyber/privacy/tech policies, errors and omissions insurance, and cybercrime policy language. We also advise on coverage under all first- and third-party lines of insurance, including cyber and technology, and have been involved in managing some of the largest consumer data breaches on behalf of our insurer clients.

Wherever technology meets the law, Cozen O’Connor is waiting at the crossroads with a team of experienced counsel ready to help.

 

Experience

Publications

Web Scrapers And Their Targets Beware. Regulators Are Zeroing In On Privacy Implications [Alert]

November 17, 2021

Lori Kalani, Mira Baylson, and Meghan Stoppel provide a primer on web scraping as well as an overview of the legal and regulatory challenges.

TIMES THEY KEEP A CHANGIN’ — Upcoming Changes to DoD CMMC Program and Cybersecurity Requirements

November 11, 2021

Larry Prosen discusses DoD's Advanced Notice of Proposed Rulemaking updating its existing, relatively young, CMMC model certification to a CMMC 2.0 structure.

TCPA Update: FCC Announces the Launch of Reassigned Number Database (and Accompanying Safe Harbor)

November 08, 2021

Michael W. McTigue Jr. and Meredith C. Slawe discuss the launch of the Reassigned Numbers Database.

FFIEC Updates Guidance to Financial Institutions for Authentication and Access [Alert]

September 14, 2021

Chris Dodson and Andy Baer discuss FFIEC's updated guidance and best practices for financial institutions for information system authentication and access management controls.

From Success To Scrutiny: What Big Tech's Journey Can Teach Leaders Seeking An Edge [Forbes]

February 19, 2021

David Reichenberg contributed an article to Forbes discussing how if your company's business dealings do not consistently reflect your company's mission with consumers, it can lead to legal and regulatory scrutiny.

Antitrust Enforcers Lodge First Criminal Indictment for Violation of No-Poach Agreement [Alert]

January 13, 2021

David Reichenberg, Stephen Miller, and Casey James discuss the DOJ's indictment charging Surgical Care Affiliates LLC of colluding with two companies not to solicit each other’s senior-level employees.

Happy Cybersecurity Awareness Month: OFAC and FinCEN Issue New Advisories on Ransomware Payments [Alert]

October 08, 2020

Don Kassilke and Katie Sobotta discuss the two new advisories from OFAC and FinCEN on ransomware attacks.

Ethical Issues with Remote Work During COVID-19 [Alert]

March 30, 2020

Bill Gericke and Deb Winokur discuss lawyers and law firm's ethical obligations when working remotely and outsourcing work.

Cybersecurity Challenges for Companies in the Wake of the COVID-19 Crisis [Alert]

March 26, 2020

Matt Siegel gives companies seven tips they should keep in mind as their employees try to do from home what they would have otherwise done at the office.

Avoiding Online Scams in the Time of Coronavirus [Alert]

March 12, 2020

Trevor McGuinness discusses ways to avoid email scammers and hackers who may use the coronavirus as a way of accessing computers and personal information.

Recent AG and FTC Enforcement Actions Provide Guidance on Data Security Best Practices [Infographic]

February 10, 2020

More and more companies are experiencing crippling data breaches. We analyzed recent state Attorney General and FTC enforcement actions to identify eight data security best practices that companies can adopt to mitigate the likelihood of a breach which can be found in this infographic.

State Attorney Activism and Enforcement Trends

February 03, 2020

Ann-Marie Luciano, Chris Allen, and Bryan Mosca published an article in Bloomberg Law on February 3, 2020, sharing their observations on trends in state Attorney General activity in 2019, and the enforcement priorities they expect to see AGs focus on in 2020.

Google Partners with Ascension To Store and Analyze Millions of Patient Health Records [Cyber Law Monitor Blog]

November 19, 2019

Google has confirmed that it is working with Ascension, one of the nation’s largest health systems in a project that will involve the health data of millions of Americans.  Google and Ascension have partnered in a project to store and analyze patient data with the intended goal of using Google’s...

New York AG Files Lawsuit Against Dunkin’ Donuts For Attacks On Customer Accounts [Cyber Law Monitor Blog]

October 14, 2019

On September 26, 2019, New York Attorney General Letitia James filed a lawsuit against Dunkin’ Brands, Inc., the franchisor of Dunkin’ Donuts (“Dunkin’”). The lawsuit involves security issues surrounding Dunkin’s stored value cards, which customers can use to purchase Dunkin’ food and...

Privacy Primer: Family Educational Rights and Privacy Act (FERPA) [Cyber Law Monitor Blog]

September 04, 2019

FERPA is a U.S. law, passed in 1974, that protects the privacy of student educational records.  FERPA applies to all schools, from elementary schools to postsecondary education institutions, that receive federal funds under a program of the U.S. Department of Education.  FERPA and the regulations...

Ninth Circuit Finds Article III Standing For Procedural Violation Of Biometric Privacy Law [Cyber Law Monitor Blog]

August 23, 2019

The Ninth Circuit Court of Appeals has written the latest chapter of the ongoing saga of Article III standing for violations of the Illinois Biometric Information Privacy Act (“BIPA”).  BIPA requires, among other things, that before collecting a person’s biometric information, a company must...

Year To Date Changes To State Data Breach Notification Laws [Cyber Law Monitor Blog]

July 19, 2019

With so much attention being paid to the impending California Consumer Privacy Act, it can be easy to forget that other states have privacy and data security laws too.  And those laws change routinely, with potentially significant impacts on businesses.  Here is a quick rundown of changes to state...

Privacy Primer: Gramm-Leach-Bliley Act (GLBA) [Cyber Law Monitor Blog]

July 15, 2019

GLBA, sometimes called the Financial Services Modernization Act of 1999, is a U.S. banking law that has important privacy and data security requirements for institutions that are subject to the law.  The law applies to “any institution the business of which is engaging in financial...

Case Update: Wakefield v. ViSalus, Inc. [Cyber Law Monitor Blog]

June 26, 2019

A couple of months ago, I wrote about how a jury found multilevel marketing company ViSalus, Inc. responsible for making over 1.8 million robocalls in violation of the Telephone Consumer Protection Act.  Given the TCPA’s minimum statutory damages of $500 per call, ViSalus was looking at a minimum of...

Senate Bill Seeks to Protect Health Information Gathered from Wearable Devices [Cyber Law Monitor Blog]

June 25, 2019

I wear a fitness tracker.  I rarely take it off.  Throughout the course of the day, it collects a bevy of information about me: my heart rate, my exercise habits, the length and quality of my sleep.  When aggregated and observed over time, this information certainly reveals quite a bit of insight...

Pennsylvania County Faces Up To $67 Million In Damages For Distribution Of Criminal Record Information [Cyber Law Monitor Blog]

May 30, 2019

A suburban Philadelphia county is facing a judgment of up to $67 million after a Pennsylvania federal jury found that it violated the Pennsylvania Criminal History Record Information Act. Pennsylvania’s Criminal History Record Information Act (“CHRIA”) governs the dissemination of records held by...

The Value Of Quickly Disclosing A Data Breach [Cyber Law Monitor Blog]

May 09, 2019

One of the first questions a company must answer after it discovers and remediates a data breach is, “What do we tell our customers?”  Companies may delay publicly announcing a data breach out of fear that doing so will harm their reputation with customers, leading to a loss of business.  They may...

Jury Verdict in TCPA Case Puts Over $925 Million In Damages On The Table [Cyber Law Monitor Blog]

April 18, 2019

On April 12, 2019, an Oregon federal jury returned a Friday evening verdict in a Telephone Consumer Protection Act (TCPA) class action that could put the defendant on the hook for $925 million in damages. The TCPA makes it unlawful to make a telephone call to any cell phone or residential...

5 Ways in Which Your Company’s Privacy Policy is Insufficient [Cyber Law Monitor Blog]

April 05, 2019

Well thought-out internal privacy policies and procedures are an essential part of any company’s information management program.  These internal policies should not be confused with a company’s external privacy notice, which informs the company’s customers as to how it may process, store, and...

U.S. Supreme Court Refuses to Search Google Settlement Agreement for Fairness [Cyber Law Monitor Blog]

March 22, 2019

The U.S. Supreme Court on Wednesday remanded a class action against Google so that the lower courts could determine whether any of the named plaintiffs have standing under Spokeo, Inc. v. Robbins. The underlying suit alleged violations of the Stored Communications Act (“SCA”).  The SCA...

Third Circuit Affirms Dismissal of FACTA Suit on Standing Grounds [Cyber Law Monitor Blog]

March 12, 2019

A three-judge panel of the Third Circuit recently affirmed a district court ruling that dismissed a suit for violation of the Fair and Accurate Credit Transaction Act of 2003 (FACTA) for lack of Article III standing.  The plaintiff, Ahmed Kamal, alleged that receipts he received from J. Crew showed...

Congress Holds Hearings on Privacy and Data Protection [Cyber Law Monitor Blog]

March 05, 2019

With all of the hubbub swirling around Capitol Hill last week with the Michael Cohen hearings, you can’t be blamed if you missed the fact that two important congressional hearings on privacy and data protection took place as well, one in the House and one in the Senate. First, on February 26,...

FTC Announces Record Settlement for Children’s Privacy Violations [Cyber Law Monitor Blog]

March 01, 2019

On February 27, the FTC announced that the operators of the video social networking application Musical.ly, now known as TikTok, agreed to pay $5.7 million to settle allegations that it violated the Children’s Online Privacy Protection Act (COPPA). According to the FTC, this is the largest civil...

Is it Time to Rethink Notice and Choice as a Fair Information Privacy Practice? [Cyber Law Monitor Blog]

February 13, 2019

Since the 1970’s, fair information practices (FIPs) or fair information privacy practices (FIPPs) have formed the framework around which organizations structure their policies on data collection, use, disclosure, and retention.  The cornerstone of individual privacy rights under the FIPs is notice...

Privacy Primer: The Children’s Online Privacy Protection Act (COPPA) [Cyber Law Monitor Blog]

February 04, 2019

COPPA is a U.S. law enacted by Congress in 1998 to address concerns regarding the online collection and disclosure of children’s personal information. Children (defined by COPPA as individuals under the age of 13) may not appreciate the significance of sharing their personal information online....

Illinois Supreme Court Sheds Light on the Importance of Strict Compliance with State's Biometric Information Privacy Act [Cyber Law Monitor Blog]

January 29, 2019

On January 25, 2019, in Rosenbach v. Six Flags Entm’t Corp., the Illinois Supreme Court held that an individual is an “aggrieved” party under the Illinois Biometric Information Privacy Act (“BIPA”) and may seek damages absent an allegation of harm beyond a violation of the rights conferred by the...

In The News

Cozen O’Connor Recognized as a “Best Law Firm” in 29 Practice Areas Nationwide, 121 Practice Areas Regionally

November 04, 2021

U.S. News & World Report and Best Lawyers recognized Cozen O’Connor as a “Best Law Firm” in 29 practice areas nationwide and 121 practice areas regionally.

Cybersecurity & Privacy Policy To Watch For Rest Of 2021

July 30, 2021

Andy Baer was quoted in a Law360 article discussing the impact cyber security and privacy developments that occurred during the first half of 2021 will have on the remainder of the year.

Colorado Adds Wrinkle To Emerging State Privacy Law Quilt

June 18, 2021

Andrew Baer was quoted in an article in Law360 discussing Colorado’s position on becoming the third state in the U.S. to enact a comprehensive consumer privacy legislation.

Top Lateral Hires of 2020

March 16, 2021

Meredith Slawe, Michael McTigue, Andrew Baer, Michael Crossey, and Christopher McDemus were featured in an article published by The Legal Intelligencer which discusses the top lateral hires of 2020.

Philadelphia Business Journal's 2020 in Review: Philadelphia-area Lawyers Who Made the Biggest Moves This Year

January 12, 2021

The article stated, “... the biggest winner this year was Cozen O'Connor, which had three of the top 10 lateral hires.”

Cozen O’Connor Recognized as a “Best Law Firm” in 25 Practice Areas Nationwide, 115 Practice Areas Regionally

November 05, 2020

U.S. News & World Report and Best Lawyers recognized Cozen O’Connor as a “Best Law Firm” in 25 practice areas nationwide and 115 practice areas regionally.

Microsoft-TikTok Deal Would See Deadline Pressure, Privacy Risks

August 04, 2020

Andrew Baer was quoted in an article published in Bloomberg Law discussing Microsoft’s potential acquisition of Bytedance’s TikTok, and the company’s ability to resolve the attendant privacy and security concerns in advance of Donald Trump’s September 15, 2020, deadline to reach a deal.

Class Action Litigators Bring Team to Cozen O'Connor: Michael W. McTigue Jr. and Meredith C. Slawe Spearhead National Class Actions Practice; Recognized White Collar Defense Attorney and Trial Lawyer Mira Baylson Joins

May 27, 2020

Continuing the firm’s strategic expansion of complex litigation and investigations practices and the premier Technology, Privacy and Data Security Team

Cozen O’Connor Welcomes Tech Attorney Frank A. Pugliese to its Corporate Practice in New York City

May 05, 2020

Pugliese’s arrival follows the firm’s recent expansion of its tech and privacy law practice in Philadelphia with the addition of venture and tech attorneys from Baer Crossey McDemus LLC.

Cozen O’Connor Boosts its Technology, Privacy, Data Security and Emerging Growth Practices by Adding Nine Attorneys from Philadelphia Law Boutique Baer Crossey McDemus LLC

May 04, 2020

Andrew Baer, Michael Crossey, and Christopher McDemus will stretch the firm’s reach within the global technology, and emerging growth business communities.

Debate Mounts Over Lack Of Local Demographic Data Of Coronavirus Patients

April 10, 2020

Greg Fliszar was quoted in a search & news article discussing what information should be released in the interest of public health or safety and what information should remain classified during the COVID-19 pandemic.

Privacy & Digital-Rights Experts Worry …

April 08, 2020

Matthew Siegel was quoted on Satoshi Nakamoto Blog discussing how countries are using mobile phone tracking to help fight pandemics, and the privacy side behind this.

Zoom's Sudden Rise Presents Test For New Calif. Privacy Law

April 03, 2020

Matthew Siegel was quoted in a Law360 article discussing how Zoom shares and secures personal data.

Recent AG and FTC Enforcement Actions Provide Guidance on Data Security Best Practices

January 08, 2020

Ann-Marie Luciano and Jawaria Gilani published an article in the January 8 edition of CyberSecurity Law Report setting out practical steps companies can take to reduce the likelihood of a data breach.

4 Times E-Discovery Made the News in 2019

December 30, 2019

Joseph Tate was featured in a Legaltech news article that discussed four places where e-discovery made the news in 2019.

Google’s Antitrust Case Underscores Tough Sell for ‘Cooling-Off' Discovery Requests

November 06, 2019

Joseph Tate was quoted in Legaltech news discussing Google's petition for a protective order against a Texas Attorney General, who is leading a multistate antitrust investigation against the company.

How In-House Lawyers Can Help Health Care Institutions Fight Costly Data Breaches

September 04, 2019

Greg Fliszar discussed with Law.com how health care providers are handling the rising number of serious data breaches that affect patients.

138 Cozen O’Connor Attorneys Named to the Best Lawyers in America

August 28, 2019

Best Lawyers selected 138 Cozen O’Connor lawyers from 21 of the firm’s national offices for inclusion in the 2020 edition of The Best Lawyers in America.

Matthew Siegel Named to the Rutgers University Cybersecurity Certificate Program Advisory Board

June 14, 2019

Matthew Siegel, a member of Cozen O’Connor’s Privacy & Data Security practice, was named to the Rutgers University Cybersecurity Certificate Program Advisory Board.

Contacts

Andrew Baer

Chair, Technology, Privacy & Data Security

abaer@cozen.com

(215) 665-2185

People

Andrew Baer

Andrew Baer

Chair, Technology, Privacy & Data Security
Philadelphia

Mira E. Baylson

Mira E. Baylson

Member
Philadelphia

Daniel Brewer, CIPP/US

Daniel Brewer, CIPP/US

Member
Philadelphia

Brian Browne

Brian Browne

Associate
Washington, D.C.

Christopher Dodson

Christopher Dodson

Associate
Philadelphia

Gregory M. Fliszar

Gregory M. Fliszar

Member
Philadelphia

Steven N. Haas

Steven N. Haas

Member
Philadelphia

Matthew Klahre

Matthew Klahre

Associate
Philadelphia

Samuel A. Lewis

Samuel A. Lewis

Co-Chair, Copyright Practice
Miami

Christopher McDemus

Christopher McDemus

Co-Chair, Emerging Business & Venture Capital
Philadelphia

Michael W. McTigue Jr.

Michael W. McTigue Jr.

Co-Chair, Class Actions
Philadelphia

Benjamin Mishkin

Benjamin Mishkin

Associate
Philadelphia

Frank Pugliese

Frank Pugliese

Member
New York

Robert W. Rubenstein

Robert W. Rubenstein

Associate
Philadelphia

Danielle E. Sapega

Danielle E. Sapega

Member
Philadelphia

Matthew J. Siegel, CIPP/US

Matthew J. Siegel, CIPP/US

Member
Philadelphia

Meredith C. Slawe

Meredith C. Slawe

Co-Chair, Class Actions
Chair, Retail
Philadelphia

Walter M. Stella

Walter M. Stella

Member
San Francisco

Meghan Stoppel, CIPP/US

Meghan Stoppel, CIPP/US

Member
Denver

Awards

Cozen O’Connor Recognized as a “Best Law Firm” in 25 Practice Areas Nationwide, 115 Practice Areas Regionally

November 05, 2020

U.S. News & World Report and Best Lawyers recognized Cozen O’Connor as a “Best Law Firm” in 25 practice areas nationwide and 115 practice areas regionally.

Related Practice Areas

Business/Corporate

Class Actions

Corporate

Cyber Solutions & Data Strategies

Electronic Discovery & Practice Advisory Services

Government & Regulatory

Infrastructure

Italy Practice

Privacy Litigation & Compliance

Trade Secrets, Restrictive Covenants, and Computer Abuse

Related Blogs

Cyber Law Monitor

Following current trends in cyber, privacy, and data security law.

Keep up-to-date with the latest news from Cozen O'Connor

Enter your City or Zip.

Probably shouldn't change this:
Sign up to receive alerts, publications, and event / webinar invites.

By submitting your contact information, you are giving Cozen O'Connor consent to contact you via email.