Data Security & Privacy:

We Understand Balance

Data Security & Privacy

Data Security and Privacy represent ever-evolving aspects of nearly every business (at least they should). And they present ever-evolving risks, as regulators issue piecemeal and contradictory guidance that’s usually outdated.

Combat the uncertainty with robust data security and privacy policies that ensure Security and Privacy by Design. We understand technology and business, and can help implement or overhaul your security and privacy frameworks.

And if things go sideways, we’re here to help.

Our Data Security & Privacy Expertise

Woman using smartphone in front of a laptop.

Policy Implementation

Policies that promote security and privacy by design are more likely to meet the test of time, and provide guidance for all aspects of your organization to help avoid legal risk and regulatory oversight. Vendors, business partners, and regulators increasingly require transparency as a condition of doing business.
Our attorneys can create or update policies that account for evolving legal requirements.
Girl staring out of bright window with hands pressed on windowpane.

Vulnerability Issues

Vulnerability reports must be taken seriously. At the same time, penetration testers and security researchers must tread lightly to avoid accusations of impropriety.
We are well-versed in federal and state data security and trespass laws, including the Computer Fraud and Abuse Act (CFAA) and state computer trespass laws. We are prepared to assist in pursuing or defending against such claims.
Two individuals working on laptops and pointing at documents.

Response & Mitigation

Over 47 states have enacted state data breach notification laws, some of which including contrary or conflicting requirements. Federal HIPAA imposes additional obligations on health care industry participants and their business associates.
We help consumers and businesses navigate these requirements to ensure that best practices for data breach response, mitigation, and notification are followed.

Laws and Regulations of Interest

Computer Fraud & Abuse Act (CFAA): Federal law providing criminal and civil penalties for unauthorized access or damage to computer resources.

Children’s Online Privacy Protection Act (COPPA): Restricts certain data collection and information sharing by online services directed to children under age 13.

California’s Privacy Rights for California Minors in the Digital World Act: Requires erasure of data related to minors upon request.

California’s Online Privacy Protection Act (CalOPPA): Requires websites to display privacy policies for California consumers.

The Gramm-Leach-Bliley Act: Requires financial institutions and providers to disclose information-sharing practices.


They find the strength in your case, the weakness in the other side’s case, and concentrate on those issues — not the ancillary issues that other lawyers at other firms tend to litigate that result in nothing more than bloated bills.

IP Counsel

Major Semiconductor Company

Federal Trade Commission (FTC) Rules on Privacy and Data Security: Prohibit unfair and deceptive trade practices related to privacy and data security issues.

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act: Impose security and privacy rules governing the storage and use of Protected Health Information (PHI) on healthcare providers and business associates, including data breach notification requirements.

State Data Breach Notification Laws: Over 47 states have enacted such laws; California was the first.

EU-U.S. Privacy Shield Framework: Outlines mechanisms for data transfer between the U.S. and European Union that comply with EU data protection rules.

BDSA Logo Square

Attorneys. Technologists. Trusted Advisors.
© 2021-2023 Bunsow De Mory LLP

Attorney Advertising. Past results are not an indication of future performance.