Data Privacy and Cybersecurity

Phillips Lytle’s Data Privacy and Cybersecurity Team uses a multidisciplinary approach to develop comprehensive business solutions to each client’s particular data needs.

Contact Us
Return to Industry

See more of what
we have to offer in Technology Law

Go Back

More Than 30 Years of Handling Complex Data Protection Issues

For over 30 years, even before data privacy and cybersecurity became a well-known legal discipline, Phillips Lytle has been handling complex data protection issues for various clients.

Phillips Lytle’s Data Privacy and Cybersecurity Team uses a multidisciplinary approach to develop comprehensive business solutions that are tailored to each client’s particular data needs, priorities and resources. Our seasoned attorneys and staff have extensive transactional, technical and litigation experience related to data security and privacy. We counsel clients on compliance with various statutory, regulatory and contractual requirements; insurance evaluation; best practices regarding data privacy, security, preservation, protection, retention and destruction; cross-border data transfers; disaster recovery; emergency response; business continuity; digital forensic examinations; third-party/vendor risk management; data incident management; and government investigations, enforcement actions, private or regulatory litigation or other related disputes.

As the threat landscape evolves, the need for legal counsel with practical and technical expertise and experience managing data incidents and other key issues related to data protection is essential. Our attorneys are supported by a technical team with over 30 years of experience regarding data management. We are uniquely positioned to counsel clients regarding the evolving laws and regulations amidst emerging technologies and critical business considerations.

Phillips Lytle’s Data Privacy and Cybersecurity Team advises many sophisticated clients in various industries, including health care, education, finance, law, technology, startups, banking, manufacturing, construction, e-commerce, energy and government contracting. Our team also represents cybersecurity service providers and cyber solution developers.

Industry Recognition for Our Expertise

Phillips Lytle attorneys have been awarded the following ANAB-accredited credentials by the International Association of Privacy Professionals (IAPP): Certified Information Privacy Professional/Europe (CIPP/E); Certified Information Privacy Professional for the U.S. Private Sector (CIPP/US); and Certified Information Privacy Manager (CIPM). CIPP/E and CIPP/US are preeminent certifications for advanced concentration in European data protection laws and U.S. private-sector laws, standards and practices, respectively. CIPM certification demonstrates an understanding of privacy program governance and the skills necessary to establish, maintain and manage a privacy program across all stages of its operational life cycle.

Industry Recognition
Data Incident or Data Breach

Call 1-886-812-5116

The Phillips Lytle Data Privacy and Cybersecurity Team is accessible 24 hours a day, 7 days a week, 365 days a year to handle the most time sensitive situations. We understand the importance of immediate and appropriate response to a broad range of circumstances; our team is ready and available to assist our clients.


Experienced Data Privacy and Cybersecurity Attorneys

Our Data Privacy and Cybersecurity Team has extensive experience advising clients regarding data privacy laws and regulations and the best practices in preventing security breaches across these sectors:

Health Care
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health (HITECH)
  • Gramm-Leach-Bliley Act (GLBA)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR part 500)
Defense and Government Contracting
  • Defense Federal Acquisition Regulation Supplement
  • National Institute of Standards and Technology Special Publication 800-171
  • New York Public Service Commission (PSC) cybersecurity regulations for retail energy suppliers and distributed energy resource providers
  • Data protection agreements and vendor risk assessments
  • Federal Energy Regulatory Commission (FERC) cybersecurity and reliability standards
  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Children’s Online Privacy Protection Act (COPPA)
  • New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR part 500)
  • General Data Protection Regulation (GDPR), e-Privacy Directive
  • Electronic Signatures in Global and National Commerce Act
  • Family Educational Rights and Privacy Act (FERPA)
  • Defend Trade Secrets Act (DTSA)
Various State Laws and Regulations
  • California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR part 500)
  • N.Y. Gen. Bus. Law § 899-aa (2013)
  • N.Y. Gen. Bus. Law § 899-bb (2020)
  • N.Y. State Tech. Law § 208 (2013)
  • N.Y. Educ. Law § 2-d (2014)
  • Cal. Civ. Code §§ 1798.29, 1798.80 et seq. (2017)
  • California Consumer Privacy Act of 2018
  • Colorado Privacy Act
  • Various other relevant state laws

Data Privacy and Cybersecurity Services

Phillips Lytle’s Data Privacy and Cybersecurity attorneys provide a wide array of services to our clients, including:

  • Analyzing and Drafting Information Security Policies and Agreements
    • Record retention and destruction policies
    • Data sharing and transfer policies and agreements (including cloud computing agreements and cross-border data transfer agreements)
    • Determining data security risks
    • Terms and conditions of service
    • Privacy policies
    • Confidentiality agreements
    • Business continuity plans
    • Incident response plans
  • Analyzing and Advising Cybersecurity Insurance
  • Assisting Clients With Cybersecurity Audit Compliance
  • Third-Party Data Privacy Risk Management Services
    • Designing third-party risk management systems
    • Analyzing and negotiating vendor contracts
    • Negotiating with, and acting as a liaison to, vendors, suppliers or manufacturers
  • Conducting tabletop exercises to test incident preparedness
Data Privacy Blog

The Data Privacy and Cybersecurity Law Post

Read the Blog

Meet Our Data Privacy and Cybersecurity Team

Anna Mercado Clark Partner, Governing Committee
Edward S. Bloomberg Of Counsel
Alan J. Bozer Of Counsel
Adelyn G. Burns Associate
Jeffrey D. Coren Special Counsel
Chad Flansburg
Chad W. Flansburg Partner
F. Kenneth Graham Partner
Timothy P. Kucinski Partner
Amanda L. Lowe Partner
Richard J. Marinaccio Partner
Paula Plaza
Paula P. Plaza Associate
John Schmidt
John G. Schmidt Jr. Partner
Mitch Snyder
Mitch P. Snyder Associate
Michael Staszkiw
Michael R. Staszkiw Associate
Rebecca Valentine
Rebecca A. Valentine Associate
James Wholey
James Kevin Wholey
Meet the Team

How Can We Help?

How Can We Help (Industries)
I understand that Phillips Lytle will use my information to contact me regarding the above message.