Cybersecurity and Privacy

Pullman & Comley’s Cybersecurity and Privacy practice blends the diverse experiences of our attorneys into a comprehensive team to help clients address all of the legal issues associated with operating in the world of technology.   

The exponential growth and global presence of technology has increased the vulnerabilities to individuals and businesses for loss or misuse of sensitive information and has opened up a new world of legal risks and challenges, including interference with intellectual property rights, privacy rights, data storage, theft and corruption, network intrusion and abuse, computer fraud and abuse, access security, cyber defamation, and a host of other cyber crimes, torts and related matters associated with conducting business and exchanging information over the Internet.   

These issues also present many unique challenges to individuals and businesses in our critical infrastructure sectors, including telecommunications, transportation, electric power, banking and finance, gas and oil storage and delivery, water supply, emergency services and government operations.   

Members of the practice are skilled corporate counselors and litigators and include a former supervisory federal prosecutor. We have the experience to conduct investigations and counsel clients on these matters and the skill sets to identify, monitor and address related legal challenges early on.  Our relationships with local, state and federal law enforcement officials and public/private partnerships dedicated to protecting critical infrastructure and technology have proven valuable in representing individuals and businesses in cybersecurity and critical infrastructure matters. 

Representative Experience

  • Legal counsel relating to complex multi-state and international data breach events
  • HIPAA Privacy and Security Manual drafting and training of staff
  • Conducting internal investigations of potential insider threats and guiding post-breach remediation
  • Active liaising with corporate boards of directors (Audit/Risk Committees)
  • Review and negotiation of Information Technology (IT) supplier contracts for privacy/security risk
  • Providing counsel regarding cybersecurity insurance coverages and risk mitigation
  • Client advocacy in response to government investigations (Attorney General, FTC, HHS)
  • Providing specialized security and privacy practices for specially regulated entities (e.g., water utilities,  EPA and DHS/FEMA)
  • Drafting of cross-border data transfer agreements (EU-US) and through to other third-party processor foreign states
  • Site-visits, inspection and due diligence of third-party processors, foreign and domestic (including Canada, UK, India, Philippines)
  • Knowledge of the unique provisions and restrictions of the Federal Digital Millennium Copyright Act, the Stored Communications Act and the Computer Fraud and Abuse Act, as well as their state law corollaries
  • Understanding of federal and state privacy rights and regulations, as well as the privacy laws of other countries
  • Counseling clients with respect to securing critical infrastructure and assimilating homeland security requirements established by the Homeland Security Act, USA PATRIOT Act, SAFETY Act and other relevant laws, regulations and procedures   
  • Establishing best practices regarding the protection of intellectual property from counterfeiting and other misuse
  • Protecting clients' trademarks, domain names and other rights through ICANN’s Uniform Domain Name Disputes Resolution Policy
  • Counseling business clients with respect to employee misconduct involving misuse of technology and trade secrets
  • Developing and advising clients regarding document retention policies, employee handbooks and network access policies
  • Securing injunctions in order to shut down websites that improperly infringe upon clients’ copyright- and trademark-protected works 

Case Studies