For decades, Troutman Pepper has represented leading global, as well as emerging technology and life sciences companies. We are one of the 50 largest firms in the U.S., and our team includes privacy and cybersecurity thought leaders and pioneers in emerging issues relating to implementation and compliance, litigation, regulatory investigations, and incident response. Our experience leading some of the most high-profile litigation matters and regulatory enforcement actions uniquely positions us to address emerging privacy and cyber issues that the world — and the law — have never had to confront before.
A Collaborative 360-Degree Approach. Our Privacy + Cyber team extends the range of privacy and cyber services traditionally offered by law firms, drawing upon our unique combination of global expertise in keys areas such as privacy program creation and implementation, licensing, financing and M&A transactions, incident response, litigation, and regulatory investigations and enforcement.
Six areas truly differentiate our Privacy + Cyber practice:
In addition to our experienced attorneys, our team includes prominent former industry CPOs, CISOs, and consulting/audit experts, as well as individuals who have worked for — or as experts on behalf of —the FTC, HHS OCR, CFPB, SEC, and state attorneys general. In addition to responding to investigative inquiries and claims made by these regulators and others, we handled one of the first data breach putative class actions in 2006, and have successfully defended hundreds of privacy and cyber-based complaints before and after that case. As a result, our integrated team extends beyond the range of legal, technical/forensic, and compliance services offered by most law firms, allowing us to share ideas and experiences beyond typical law firm practice boundaries.
Contact our Privacy + Cyber leaders and learn more about our team.
While other firms may serve clients in one or a few of the following spaces, Troutman Pepper is among the only firms with deep strength and experience serving all four:
Our Privacy + Cyber team includes a mix of globally recognized privacy and cybersecurity attorneys, former industry privacy and security officers, and management consultants. Our frontline experience with numerous leading companies across industries allows us to provide industry-specific benchmarking, practical, risk-based advice, and a range of services that goes beyond those traditionally offered by law firms, including partnering with our clients to:
Our Incident Response (IR) attorneys lead clients through all phases of the incident prevention, response, and recovery processes. From the onset of ransomware, malware, wire transfer fraud, or other incidents to the regulatory and litigation maelstrom that may follow, we have led the response to thousands of security incidents involving some of the largest retail, health care, banking, and government agencies, which collectively have impacted more than 1 billion people. Our experience includes a number of high-profile breaches impacting technology/security, life sciences, health care, and consumer products and services. While our experience in this space is substantial, what really sets our firm apart is our people.
Our IR attorneys take a holistic approach to incident response. The team is a unique combination of former privacy and security officers, compliance specialists, transactional attorneys, litigators, and former U.S. attorneys — all of whom bring a unique perspective and experience to IR, and, with our deep litigation and regulatory experience, understand why the decisions made during the IR process matter.
Learn more about our Incident Response and Cybersecurity capabilities.
Our national privacy and data security Litigation team works collaboratively with our Compliance, Incident Response, and Regulatory teams to provide clients with the expertise and resources needed to address the complex challenges they face with regard to their data management and information security. From the time we are engaged, our experienced litigators are available to assist clients with:
Our litigators have handled hundreds of litigations and arbitrations throughout the United States involving federal and state privacy statutory, tort, contract, UDTPA, and other theories that address the collection, security, use, and dissemination of personal information, including class action, single-plaintiff, and qui tam cases. Our experience includes representing diverse and heavily regulated businesses in financial services, health care and life sciences, education, energy, automotive, construction, education, and retail merchants for both controllers (businesses) and processors (service providers). It also includes representing businesses that deal in security, data aggregation and analytics, mobile applications, payment processing, de-identification/anonymization, correlation of data from multiple connected devices, and consumer-reporting systems.
How a company managed its information security before an incident, and how it responded during the incident itself, directly impacts any ensuing regulatory investigations and enforcement actions. At any stage — before, during, or after an incident — we know how to best protect and position our clients to prevail in this high-stakes environment. We have resolved investigations and enforcement actions by the U.S. Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the U.S. Department of Health and Human Services' Office of Civil Rights (OCR), Securities and Exchange Commission (SEC), and state attorneys general nationwide.
Our firm's comprehensive legal tracking service is designed to help financial institutions stay current with regulatory and legislative changes in three key areas:
Delivered directly to your inbox, these trackers include an overview of the most important changes and analyses on the potential impact to your business. A subscription to one or more trackers includes a monthly one-hour call with our attorneys, who will provide additional insights and be available to answer your questions.
Please click here to learn more about and subscribe to this service.
Unauthorized Access Podcast
More Privacy, Please
Cyber Capsule
Dear Mary Advice Column
2023 Privacy Year in Review
California Privacy Rights Act Series
Virginia Consumer Data Protection Act Series
Cybersecurity, Information Governance + Privacy Webinar Archive
The California Privacy Rights Act: A Practical Guide on the Impact of CPRA on Existing CCPA Frameworks
California Consumer Privacy Act Enforcement Series
Consumer Financial Services Law Monitor
Cybersecurity Tips to Prevent Your Business From Becoming COVID-19's Virtual Victim
Firm Events
07.18.24
P+C Associate Training
Articles + Publications
07.01.24
Rhode Island Adds to the Growing Patchwork of State Privacy Laws – H7787 / S2500
Articles + Publications
2024
Dear Mary – Incidents + Investigations Cybersecurity Advice Column
Podcasts
06.26.24
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens
Press Coverage
06.20.24
Regulators Focus on How AI Amplifies Cybersecurity Risk
Firm News
06.13.24
Troutman Pepper Announces 2024 Legal 500 US Rankings