Privacy and Cybersecurity

The global economy is driven by data, but the regulatory landscape of collecting, distributing and protecting data has never been more complex. Whether it’s the U.S. government, various state governments, or other countries or geographic blocks such as the European Union, regulations increasingly govern the information critical to your enterprise’s success. Many industries, such as health care and financial services, find themselves under additional data management obligations. Failing to comply with applicable regulations or suffering a data breach could have disastrous consequences on your business. We work with a global network of law firms to meet our clients’ needs in every market. Procopio’s Privacy and Cybersecurity Practice Group includes attorneys with a range of backgrounds and experience to work with the unique data practices of your business to ensure critical information management throughout the data lifecycle.


  • Provide legal counsel on all aspects of data management, including creation, storage, use, commercialization, retention and deletion
  • Work with clients to ensure compliance with international, federal and state regulations (E.U. GDPR, CAN-SPAM, COPPA, CalECPA, CDA, FERPA, etc.)
  • Provide legal guidance on industry-specific regulations, such as health care (HIPAA) and financial services (FCRA)
  • Ensure legal compliance involving cross-border data transfers
  • Develop cybersecurity prevention and response plans with clients
  • Conduct due diligence on cyber-related issues through corporate transactions including mergers & acquisitions
  • Manage litigation providing defense against privacy and data security class action suits
  • Counsel during state or federal wiretap and white collar investigations
  • Counsel employers on securing trade secret data and managing theft
  • Advise employers on legally monitoring and managing employee cyberactivity
  • Monitor and assist in effecting new legislation
  • Provide guidance on direct marketing strategies
  • Craft corporate privacy policies
  • Draft online privacy policies in a variety of industries for compliance with the California Online Privacy Protection Act and other applicable privacy laws
  • Nationally recognized experts in electronic discovery and information governance including through The Sedona Conference and CPII/US Certified


  • Represented telecommunications company under government investigation for violations in connection with the management of customer records containing Personally Identifiable Information (PII), negotiated a successful settlement of the matter before litigation
  • Represented regulators, financial institutions and investment companies in investigations of regulatory violations, data breaches and preventing and mitigating identity theft
  • Addressed privacy matters in search warrants and subpoenas
  • Obtained judgment and costs defending a leading online publishing platform in a case involving Communications Decency Act, US SPEECH Act, and First Amendment issues (one of the first data privacy cases involving the US SPEECH Act)
  • Assisted a cybersecurity company in recruiting its board of advisors, raising more than $2 million in convertible debt and entering into marketing partnerships with one of the world’s largest telecom companies
  • Worked with a cybersecurity company in formulating its intellectual property protection strategy, coaching its software development team on the pitfalls of open source software, and navigating U.S. export controls imposed on encryption technologies
  • Advised a cybersecurity company in contracting with independent contractors and employees, using primarily options as compensation
  • Represented health care client in investigation, reporting and resolution of business associate’s theft of medical records of approximately 150,000 patients including coordination with law enforcement, reports to regulators, notices to individuals and publication to media
  • Successfully defended health care provider client in court action brought by unrelated third party seeking deceased patient medical and other records through invalid subpoena
  • Represented companies and individuals in white collar criminal investigations and proceedings
  • Counseled cutting edge web-based digital technology companies concerning all aspects of their online privacy obligations and website and mobile application Privacy Policies and Terms of Use
  • Successfully prosecuted the investigation of an internet company regarding use of client lists and automated calling systems (robo-calls)
  • Counseled cutting-edge web-based digital medicine technology companies concerning all aspects of their online privacy obligations and website and mobile application Privacy Policies and Terms of Use


California Privacy Rights Act

California Consumer Privacy Act




Trade Secrets