Hunton & Williams LLP has the knowledge and experience necessary to represent clients in the assessment, investigation and litigation of matters arising from information security and data breach incidents, and the management, use and protection of personal, financial, and health information. Since 2003, when California's security breach notification law became effective, we have assisted our clients with more than 1,000 data breaches worldwide. We assist our clients with every aspect of an information security event, including (i) directing incident investigations; (ii) retaining and overseeing cybersecurity consultants; (iii) mitigating the financial loss or loss of confidential information and data; (iv) coordinating notification to affected individuals; (v) establishing relationships with credit bureaus; (vi) setting up call centers and training call center personnel; (vii) negotiating with the payment card brands; (viii) preparing for litigation, including advising on retention obligations; (ix) engaging with law enforcement officials and other government (federal and state) regulators; and (x) defending resulting enforcement actions and litigation. We regularly serve as liaisons to the US Secret Service, FBI, US Department of Justice, Federal Trade Commission and State Attorneys General on behalf of our clients in these matters. Our lawyers have represented clients throughout the country in federal and state courts, before regulatory agencies, and in alternative dispute resolution proceedings in cases arising out of data security events asserted by regulators, consumers, our clients' business partners, and other parties. Our experience assisting clients with highly complex, large-scale security breaches is internationally recognized.
Our litigators work as part of a multi-disciplinary team that is frequently involved immediately after a data breach or hacking incident to help a client evaluate and manage all aspects of the event, often with our lawyers leading the investigation, coordinating notification to affected individuals and other aspects of public notification and coordinating the incident response. Information security matters implicate multiple risks and response issues. Because of that complexity, we represent our clients with an interdisciplinary and coordinated team that includes not only members of our internationally recognized Privacy and Cybersecurity practice and our Homeland Security practice, but also, as appropriate, lawyers from our securities, health care, financial institutions, corporate governance, white collar, First Amendment, commercial litigation and class action practice groups.
Our clients are diverse, and the issues often are cutting-edge. Hunton & Williams has had the privilege of representing many of the leading companies in the United States in matters involving the Computer Fraud and Abuse Act, the Stored Communications Act, HIPAA, unfair and deceptive trade practices acts and common law claims. Following is a sample of the matters we have handled:
- We represented a financial institution client that was victimized by a sophisticated international organized crime ring, which breached the client's network and perpetrated a large-scale theft utilizing the ATM network. We led the investigation of the cyber intrusion, worked with United States and international law enforcement agencies, managed communications with financial institution regulators, assisted the client to assess and respond to litigation risks from customers and other third parties and defended the client against ensuing class actions.
- We assisted a large health care plan with a data security incident involving the company's insureds in one of the largest HITECH breaches to date. The firm assisted the company with its response to the breach, including the forensic investigation, and advised on compliance with relevant regulatory obligations, such as notification to affected individuals, media outlets and state agencies. The firm also managed interactions with state regulators and is defending the class action litigation resulting from this incident.
- We are representing a retail merchant client in all aspects of a significant Point of Sale data breach, including notification to affected individuals, media outlets and state agencies, as well as an FTC investigation and interactions with law enforcement authorities. We are defending the company in class action litigation and have obtained dismissal of significant federal claims.
- We advised a Fortune 100 company with an issue relating to the collection and transmittal of health information and conflict of law issues involving more than 25 countries across four continents.
- We provided a retailer with privacy and data security advice concerning claims that arose from a significant skimming incident in which there was the compromise of payment cards. We also managed state and federal government investigations and federal law enforcement cooperative activities.
- We have advised several clients, including some of the largest financial institutions and energy companies in the world, in their preparation for offensive and defensive litigation arising from the theft of highly confidential business records and intellectual property.
- We have counseled multiple clients in cyber-extortion matters and other incidents where our clients have been criminally victimized and we have coordinated with law enforcement on behalf of our clients in such matters.