Print PDF

As more classified information is stored in the digital realm – including financial and health care data, retail client information, trade secrets and other intellectual property, and institutional knowledge – networks become greater targets for thieves, competitors, and hackers.

In addition to external threats, data breaches may be caused by employees acting innocently or maliciously. Without proper planning, the effects of a breach can be devastating, subjecting victims to regulatory penalties, litigation, and severe reputational harm.

Lewis Roca has extensive experience navigating the cybersecurity and data privacy issues associated with regulated industries and general business operations. Our lawyers successfully protect and defend clients’ most confidential data, relying on our technical training in electrical engineering and computer science as well as certifications from professional privacy organizations. We routinely review and follow the multitude of cybersecurity and data privacy laws at the federal and state level in the United States in addition to those pursuant to key international regulations.

Our Approach

Our team deploys a comprehensive, law-led approach in partnership with highly skilled technical support – eosedge Legal*, whose services focus on risk assessment, analysis, and strategic counsel – to address security threats and data breaches. Calling on a team of cyber intelligence vendors, malware researchers, and advanced cyber operations professionals, eosedge Legal offers clients the full package of cyber services as well as advocacy, market access, and startup advisory services. The firm is highly attuned to regulatory and policy shifts and familiar with the  “rules of engagement” between government and industry. Its principal strategic advisor, Doug DePeppe, a trained lawyer, was a former advisor to the White House 60-day Cyberspace Policy Review and the Department of Homeland Security’s Cyber Security Division.

This strategic alliance gives our clients the added protection of confidentiality and privilege to further mitigate risk. Together, Lewis Roca and eosedge Legal work to provide clients with elevated data protection and full-scope solutions.

Risk Assessment

Our pre-breach services include interdisciplinary solutions to help clients manage everything from core business assets to cyber vulnerabilities. By identifying areas of weakness in systems and processes, clients can implement solutions and deter potential threats and crises.

Data Policies and Practices

C-Suite Advisory Services

Leadership matters before, during, and after a data breach. Our data privacy and cybersecurity team provides organizations with educational workshops, breach coaching, and policy development assistance to help them understand how to plan and deal with cybersecurity threats.

IP Asset Protection

In an instant, a cyberattack can change the course of a company’s growth and revenue. Our IP lawyers provide a nuts-to-bolts review to protect clients’ intellectual property, including:

  • Establishing a trade secrets policy
  • Establishing and verifying trade secret protection strategies
  • Implementing a trade secrets audit
  • Restricting physical and electronic access to trade secrets
  • Segregating and organizing trade secrets

Tabletop Exercises

Every organization is different. We develop tailored incident response plans ahead of cyber incidents, including tabletop exercises, penetration testing, and war gaming.


Our lawyers have substantial experience navigating the data privacy and cybersecurity issues associated with regulated industries and general business operations. We review and follow the multitude of cybersecurity and data privacy laws at the federal and state level in the United States as well as key international regulations, including:

  • Bank Secrecy Act and anti-money laundering rules
  • Cable Act
  • CAN-SPAM Act
  • Children’s Online Privacy Protection Act
  • Communications Assistance for Law Enforcement Act
  • EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
  • Fair Credit Reporting Act
  • Federal and state unfair and deceptive practices laws
  • Federal Right to Financial Privacy Act
  • Federal Trade Commission Act
  • General Data Protection Regulation
  • Gramm-Leach-Bliley Act provisions on privacy and security of customer information
  • Health Insurance Portability and Accountability Act and the HITECH Act
  • IRS information disclosure rules
  • State data breach notification statutes and other data security laws
  • Telecommunications Act
  • USA Freedom Act
  • Video Privacy Protection Act

Incident Response and Litigation

Crisis Management

We assist organizations during and after cyber incidents. In addition to helping clients understand and navigate regulatory issues and public relations, we work to improve cybersecurity programs going forward.

Breach Coaching

In the event of a breach crisis, prompt advice and law-based coaching are critical to ensure that the entire incident response team is protecting the client’s interests. Our team serves as the breach coach, orchestrating all facets of the client’s processes and response and adding value by incorporating attorney-client privilege throughout.

Cybersecurity and Cyberliability

Our services for clients in this area include:

  • Conducting computer information systems audits and assessments of threats and vulnerability to unauthorized access (hacking), viruses, data loss, or theft
  • Counseling clients in cost-effective approaches to protecting their systems from cybersecurity and cyberliability risks
  • Counseling clients in compliance of information systems with state and federal laws and regulations (Gramm-Leach-Bliley Act, HIPAA, etc.)
  • Litigation of cybersecurity and cyberliability claims

Application and Website Agreements

We routinely counsel website operators, application developers, and online service providers regarding terms of service, end user license agreements, and privacy policies, which represent important legal documents for online businesses.

Terms and conditions (T&C) and end user license agreements (EULA) represent contracts between operators and their users. By clearly establishing each party’s rights and obligations in connection with the use of a particular website or application, operators can effectively limit and create a defense against liability.

Privacy Policies

Privacy policies are one of the most important documents for online operators. A privacy policy provides specific information to users about the type of information the operator collects and how it will be used. Privacy policies not only provide users with information about data collection, protection, and sharing practices, but also enable operators to comply with privacy laws. Failing to adopt or abide by a privacy policy could leave companies open to lawsuits and even criminal action. In addition to preparing these legal documents, we monitor legal developments that can impact enforceability and work with clients to ensure their protection in an ever-changing legal landscape.

*Lewis Roca Rothgerber Christie LLP and eosedge Legal LLC are separate law firms that have entered into a joint marketing agreement. All decisions whether to recommend the other’s services will be made in consultation with each client or prospective client to assess their individual needs. Doug DePeppe is a member in eosedge Legal. He provides strategic advice to, but is not a partner in or employee of, Lewis Roca.

Latest from Lewis Roca

Jump to Page

How Can We
Help You?

By using this site, you agree to our updated Privacy Policy and our Terms of Use.