Skip to main content

Privacy, Data Security and Governance

Privacy, Data Security and Governance

Federal and state privacy and security laws affect nearly every industry sector ranging from healthcare providers to financial institutions to start-ups. Our attorneys advise both public and private clients in healthcare, technology, transportation and financial services in areas of privacy applicable to IT/technology, data security, financial privacy, health privacy, consumer privacy, employment privacy, litigation and transactions.

We counsel clients on how to protect proprietary and customer confidential information. We guide our clients through all steps of information governance and risk management, such as the development and implementation of preventative measures, policies and procedures; technology selection and validation, the placement of cyberliability insurance, and pursuit of claims under these policies. In addition, we help clients investigate and respond to data breaches and represent clients in related litigation.

  • Commercial transactions
  • Compliance audits
  • HIPAA compliance
  • Training programs
  • Information governance
  • Cyberliability insurance
  • Incident response and data breach counseling
  • Information handling
  • Privacy and data protection litigation
  • Privacy policies and procedures
  • Regulatory investigations

Representative Work


  • Drafted a privacy policy for a mobile app company.
  • Ongoing HIPAA Compliance for client (e.g., draft HIPAA privacy and security manual and related health plan language; draft and negotiate business associate agreements; analyze reportability of HIPAA breaches).
  • Drafted numerous privacy policies and technology contracts including SaaS and online bill pay agreements, where we advised on significant privacy issues.
  • Advise clients regarding obligation under HIPAA and California law to report possible health information security breach.
  • Advised global semiconductor company on the effect of data security monitoring and investigation practices on EU Safe Harbor Certification.
  • Advised American subsidiary of European company regarding US Government access to EU hosted cloud content under Patriot Act procedures (National Security Letters or FISC subpoenas.)
  • Advise numerous clients regarding the purchase/renewal of cyberliability policies.
  • Counsel clients on pursuing and obtaining insurance to pay for costs/losses arising from a data breach.
  • Counsel clients in successfully pursuing insurers to pay for costs/losses arising from hacking and other cybersecurity incidents. 
  • Advised transportation agency client on contract involving third party collection, processing and off-site storage of employee data.
  • Advised retail client regarding requests for Personally Identifiable Information (PII) at California brick and mortar stores.



Key Contacts

Batya Forsyth
Batya Forsyth
San Francisco, CA

View all Attorneys >

News & Resources

View All >