Skip to main content



Overview of Services

Federal and state privacy and security laws affect nearly every industry sector ranging from healthcare providers to financial institutions to start-ups. Our attorneys advise both public and private clients in healthcare, technology, transportation and financial services in areas of privacy applicable to IT/technology, data security, financial privacy, health privacy, consumer privacy, employment privacy, litigation and transactions.

We counsel clients on how to protect proprietary and customer confidential information. We guide our clients through all steps of information governance and risk management, such as the development and implementation of preventative measures, policies and procedures; technology selection and validation, the placement of cyberliability insurance, and pursuit of claims under these policies. In addition, we help clients investigate and respond to data breaches and represent clients in related litigation.

  • Commercial transactions
  • Compliance audits
  • HIPAA compliance
  • Training programs
  • Information governance
  • Cyberliability insurance
  • Incident response and data breach counseling
  • Information handling
  • Privacy and data protection litigation
  • Privacy policies and procedures
  • Regulatory investigations

Representative Work


  • Drafted a privacy policy for a mobile app company.
  • Ongoing HIPAA Compliance for client (e.g., draft HIPAA privacy and security manual and related health plan language; draft and negotiate business associate agreements; analyze reportability of HIPAA breaches).
  • Drafted numerous privacy policies and technology contracts including SaaS and online bill pay agreements, where we advised on significant privacy issues.
  • Advise clients regarding obligation under HIPAA and California law to report possible health information security breach.
  • Advised global semiconductor company on the effect of data security monitoring and investigation practices on EU Safe Harbor Certification.
  • Advised American subsidiary of European company regarding US Government access to EU hosted cloud content under Patriot Act procedures (National Security Letters or FISC subpoenas.)
  • Advise numerous clients regarding the purchase/renewal of cyberliability policies.
  • Counsel clients on pursuing and obtaining insurance to pay for costs/losses arising from a data breach.
  • Counsel clients in successfully pursuing insurers to pay for costs/losses arising from hacking and other cybersecurity incidents. 
  • Advised transportation agency client on contract involving third party collection, processing and off-site storage of employee data.
  • Advised retail client regarding requests for Personally Identifiable Information (PII) at California brick and mortar stores.



Key Contact

Batya Forsyth
Batya Forsyth
San Francisco, CA
Privacy, Data Security and Governance
Litigation and Dispute Resolution

News & Resources

Publication |

California Consumer Privacy Act 2.0 – What You Need to Know

DOL recently stated that the use of private equity investments within professionally managed asset allocation funds is not inconsistent with the plan fiduciaries' ERISA fiduciary duties.

Privacy, Data Security and Governance
Publication |

Privacy Alert: Zoom or Not to Zoom?

Use of Zoom and other videoconferencing tools have exploded since stay at home orders started, elevating privacy concerns and legal challenges.

Privacy, Data Security and Governance
Publication |

COVID-19 and CCPA: No Delay in Enforcement

Enforcement of the California Consumer Privacy Act is set to start on July 1. Despite requests from over 60 companies, the Attorney General will not extend that deadline.

Privacy, Data Security and Governance