Data Privacy & Security

In today’s competitive environment, businesses collect, process, and store important confidential and proprietary information about their customers, clients, vendors, and employees. The possession, handling, and security of that information occur in an increasingly complex legal environment for businesses and the individuals whose data is at stake.

First, as recent headlines consistently remind us, cyber-crime and data breaches are occurring at an increasing rate – giving rise to potential liability for businesses that have failed to take adequate steps to protect their information. As the frequency of those breaches has increased, costs to companies impacted by them have, likewise, grown; up nearly 10 percent in terms of cost per record from 2013 to 2014. Those costs include out-of-pocket expenses (including those to repair the breach, to notify affected individuals, and to settle claims), loss of business reputation, and future business loss as fallout from breach events.

Second, with the rise of concerns over the privacy of information, state and federal legislators and regulators have enacted increasingly complex legislation and regulations that govern businesses’ responsibility for confidential personal information. These rules and laws span diverse industries and create new business obligations for the treatment and protection of information.

Gallagher & Kennedy can assist businesses in navigating these uncertain waters. We advise clients in multiple industries regarding the various common law and legislative privacy obligations they face and assist with both front-end protection of their information and back-end response should they experience a security event.


We assist clients throughout the life cycle of data collection, storage, use, disclosure, sharing, and timely destruction, including:

  • Compliance audits and reviews to proactively manage internal and external data protection.
  • Creation and implementation of data privacy policies and procedures, including data security, information confidentiality, employee privacy, record retention and destruction, and data breach contingency response plans.
  • Negotiation with vendors to maintain the security of confidential personal information and to reduce the risk associated with vendors’ access to it.
  • Counseling on the federal and state data protection, privacy, and sharing laws and regulations that may apply to and impact the client and its industry.


We also advise clients on their obligations concerning the privacy and protection of information in the constantly-shifting landscape of state and federal legislation and regulation, including:

  • Workplace privacy issues.
  • Financial information under the Gramm Leach Bliley Act (GLBA), Dodd-Frank Wall Street Reform and Consumer Protection Act, Fair Credit Reporting Act (FCRA), and Fair and Accurate Credit Transactions Act (FACTA).
  • Business and workplace privacy guidelines.
  • Healthcare information under the Health Insurance Portability and Accountability Act (HIPAA).
  • Employee Retirement Income Security Act (ERISA).


Despite even the best precautions and diligence, data security events can still happen. A company’s post-breach response should be timely and strategic to minimize potential liability while, at the same time, maximizing the opportunity to recover from the breach. When a breach does occur, Gallagher & Kennedy counsels and defends clients through the response, including:

  • Assisting with immediate/emergent response and assembling the proper professionals to coordinate and implement the response plan.
  • Communicating with executive leadership and legal teams regarding the breach
  • Advising and assisting with decisions regarding when to involve law enforcement and responding to government investigations and subpoenas.
  • Assisting in the notification process to both affected individuals and regulatory agencies.
  • Advising on available options to mitigate any harm caused by an event.
  • Mounting a strong defense for litigation.
  • Negotiating the settlement of claims.

As every breach is unique, Gallagher & Kennedy provides a focused, efficient response tailored to each event’s specific circumstances. The answer must be swift but also measured by the risks and obligations of the particular activity.