Cybersecurity and Data Privacy

In the modern economy, businesses and organizations of all sizes must effectively protect and manage information. Nearly every organization has valuable or sensitive information and trade secrets to protect from unauthorized use and disclosure by insiders or outside actors. In addition, companies that store or process third party information (such as payment card information, patient medical records, customer information, user data, and human resources and employment records) are required to take reasonable measures to safeguard that information. Our cybersecurity and data privacy lawyers help clients address the data security and privacy challenges that organizations face.

When a company experiences a data breach, our cybersecurity and data privacy team provides guidance regarding compliance with state and federal laws, regulations, and industry and contractual obligations. But a company's obligations related to data privacy and security extend far beyond responding appropriately to cybersecurity incidents and data breaches. Organizations must comply with a growing number of data privacy laws and regulations at the state, national, and international levels, as well as contractual obligations imposed by business partners, clients, and service providers. Our cybersecurity and data privacy practice draws on the breadth of our firm’s other specializations, including intellectual property, technology, employment, health care, and business law, to advise clients throughout Virginia regarding data privacy issues across a broad ranges of industries.

Flora Pettit's technology and data privacy attorneys also have extensive experience providing strategic advice and counseling to clients who provide interactive websites, mobile apps, and other internet-based services regarding the design of the services (including "privacy by design" and "security by design" principles) and the drafting of appropriate terms of use (terms of service), privacy policies, acceptable use policies, and other agreements.

Our services include:

  • Cybersecurity and Information Governance. Flora Pettit's cybersecurity attorneys in Charlottesville and Harrisonburg counsel companies regarding cybersecurity best practices and the proactive implementation of systems and strategies to safeguard their own information and third party information for which they are responsible. Our attorneys help clients develop and deploy information governance policies and systems to account for data security, data privacy, and contractual and regulatory compliance needs. We work with clients to ensure that appropriate contractual and technical measures are put in place to protect the security and privacy of information for which they are responsible. When businesses use cloud-based services, it is important to ensure that the service provider provides adequate protection for the business’s information, and our data security and privacy lawyers regularly review terms of service agreements and privacy policies for our clients. We also advise clients in the software and technology sector regarding privacy by design and the implementation of systems to protect privacy and minimize risks of potential data breaches.
  • Incident Response and Data Breach Notification. When an organization experiences a cybersecurity incident, it must react quickly and our data privacy lawyers regularly lead cybersecurity incident response investigations for our clients. We help organizations navigate the patchwork of state and federal data breach notification laws, industry regulations, and contractual obligations. When an employer experiences a data breach affecting its own employees, we draw on the expertise of our firm’s employment attorneys to address the unique challenges that such a breach creates. For clients in the healthcare industry, we work with our firm’s health care lawyers to address obligations that arise under HIPAA and the HITECH Act (including the Privacy Rule and the Security Rule).
  • Data Privacy. Flora Pettit’s experienced data privacy lawyers in Charlottesville and Harrisonburg counsel clients regarding the wide range of data privacy and security challenges that they face.
    • Our data privacy attorneys regularly counsel clients regarding compliance with a broad range of state and federal laws, including:
      • Virginia Consumer Data Protection Act (VCDPA);
      • California Privacy Rights Act (CPRA);
      • California Consumer Privacy Act (CCPA);
      • California Online Privacy Protection Act (CalOPPA);
      • California’s "Shine the Light" Law;
      • CAN-SPAM Act;
      • Children’s Online Privacy Protection Act (COPPA);
      • Federal Trade Commission Act, Section 5 (prohibiting unfair or deceptive acts or practices in or affecting commerce);
      • Health Insurance Portability and Accountability Act (HIPAA) (and implementing HHS regulations—the Privacy Rule and the Security Rule); and
      • Health Information Technology for Economic and Clinical Health Act (HITECH Act).
    • We also advise clients regarding compliance with international privacy and data protection regulations, such as the General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.
    • For clients who provide interactive websites, mobile apps, and other internet-based services, our data privacy and technology lawyers provide strategic advice and counseling regarding the design of the services and provide assistance with the drafting of appropriate terms of use (terms of service), privacy policies, acceptable use policies, and other agreements.
    • In addition, we bring our data privacy expertise to bear when conducting due diligence for clients engaged in mergers and acquisitions.

Related Attorneys

Andrew B. Stockment

Andrew B. Stockment

Attorney at Law