Advertising Disclosure Email Disclosure

Privacy and Data Security

As one of the country's leading civil defense litigation law firms, the attorneys in Marshall Dennehey's Privacy & Data Security Practice Group are focused on helping clients reduce cyber risk exposures and guiding them through incident response, containment, and compliance measures after a data breach occurs. Staffed to respond to time critical situations with 24/7 availability, the firm has handled over 100 data breaches and privacy claims for clients in the technology, health care, education, financial, banking, retail, energy, consumer protection, and other industry sectors.

A Customized Approach

In the arena of privacy and data security, there is no one-size-fits-all response. At Marshall Dennehey, we partner with each client to develop a customized approach, with a focus on how decisions may impact a future defense to litigation or regulatory action. Whether it is a breach involving hundreds of individuals, or millions, we counsel clients in a way that is cost-effective, compliant with the law and protective of a company's brand.

Data breaches often involve multiple areas of a client's business. When a breach involves the theft or disclosure of trade secrets, or the violation of a company's social media policy, attorneys in our Employment Law and Technology, Media and Intellectual Property Litigation Practice Groups are available to provide critical and immediate counsel. This counsel includes assisting clients in appropriately and effectively communicating with employees who may be suspected of involvement with the breach incident.


Health Care

Privacy and data security matters in the health care sector require significant knowledge of how health care systems work on both regulatory and administrative levels. The attorneys in our Health Law Practice Group are also members of the Privacy and Data Security Practice Group and, as such, play a critical role in helping health care clients avoid, prepare for, and respond to data breach events. Beginning with HIPAA/HITECH compliance, our attorneys provide counsel on interpretation of federal and state privacy/security laws and regulations, and assist clients in investigations by governmental agencies, including the state attorneys general and the Department of Health and Human Services Office for Civil Rights. We additionally help clients develop risk management procedures and policies that are not only required by law, but that also help to educate and prepare providers, insurers and business associates on ways sensitive patient health information can be safeguarded.


Universities, colleges and other institutions of higher education across the country are increasingly the target of computer hackers. Marshall Dennehey has provided legal counsel to educational entities of all sizes in the aftermath of data breach events. Our services focus on incident response development and notification as well as containment and compliance measures, including appropriate usage of social media channels to communicate incident updates to internal and external audiences. Our client representation in this sector has included working with the U.S. Department of Education in investigating breach incidents.

Financial and Banking

Security breaches and computer hacking incidents at financial institutions have become alarmingly common. Our firm routinely works with banking and financial institutions in responding to data breaches. From compliance with the Gramm-Leach-Bliley Act requirements to working with forensic investigators in the critical initial stages, we are experienced in counseling clients through every stage of these sensitive, and often, high-profile, engagements. When necessary, we are also accustomed to working with governmental agencies such as local and state law enforcement as well as the Secret Service and the FBI to help respond to, or investigate, a breach event.

Retail, Energy, Utility and Service Industries

From e-commerce web retailers to insurance companies and their nationwide brokers, we have assisted companies in the investigation and response to data breaches as well as Payment Card Industry-Data Security Standards (PCI-DSS) compliance. With extensive experience in defending business entities in consumer-related litigation, we have the attorney resources to manage every aspect of a data breach event. 


Data breach incident response and notification

  • Data security and  retention policies
  • Defense of numerous state lawsuits  involving federal and state law privacy breaches
  • Review of Vendor Agreements and Business Associate Agreements
  • HIPAA/HITECH violation responses
  • Investigations and audits by Department of Health and Human Services Office for Civil Rights
  • Counseling to respond to U.S. Department of Health and Human Services Centers for Medicare & Medicaid Services (CMS), state Medicaid agencies, state departments of health and insurance and state/professional licensing boards
  • Gramm-Leach-Bliley Act (GLBA) requirements
  • PCI-DSS compliance,  requirements and other payment card data issues
  • Claims and litigation involving point of sale (POS) software and hardware


Our attorneys are available at any time to discuss potential legal matters, or the development of workshops and educational seminars for your company or organization.

Dec 6, 2016
We obtained a favorable decision from the Third Circuit Court of Appeals in a data breach class action lawsuit. The plaintiffs and the proposed class members were employees and customers of an on-line prescription drug company. The company was...
Aug 25, 2016
Obtained a non-suit after a three-week bench trial spread over several months in Bucks County, Pennsylvania. Our client was a third-party defendant in a multi-million dollar breach of contract claim related to an ERP software implementation. The...
Nov 30, 2009
Attorney successfully had the Superior Court vacate the jury verdict, which awarded the plaintiff compensatory and punitive damages, on an invasion of privacy claim.  The case involved the attempted unionization of medical/surgical nurses, and...


Law Alerts October 2, 2015
In this matter, the Third Circuit found that the FTC has authority to regulate cyber security as “unfair” practices under Section 45(a) of the Federal Trade Commission Act (Section 45(a)). The defendant, a hotel chain, experienced cyber...,   Case Law Alerts, 4th Quarter, October 2015 Case Law Alerts is prepared by Marshall Dennehey Warner Coleman & Goggin to provide information on recent legal developments of interest to our readers. This publication is not intended to...
Law Alerts April 17, 2014
In what could be a landmark ruling in the data breach legal field, a New Jersey district court recently ruled that the FTC's lawsuit against Wyndham Hotels for unfair and deceptive  trade practices related to a major data breach could...
Law Alerts October 18, 2013
After a hacker obtained 6.5 million passwords and email addresses from LinkedIn (the professional networking site), two of its users brought a putative class action claiming that LinkedIn had misrepresented its level of security. However, the..., Case Law Alerts, 4th Quarter 2013
Law Alerts June 4, 2013
Eric A. Packel, attorney in Marshall Dennehey's Privacy & Data Security, and Technology, Media & Intellectual Property practice groups and contributor to the group's blog, Data Breach Legal Watch, was recently featured on LXBN-TV,...
Defense Digest Article September 1, 2011
Whether it is the dependence on laptops and smartphones or sophisticated networks that connect employees of large corporations around the world, technology is a now a significant part of everyone's life. Nearly every day we hear about sensitive..., Defense Digest, Vol. 17, No. 3, September 2011
Defense Digest Article December 1, 2010
Federal – Technology & Intellectual Property , Key Points: 11.1 million adults were victims of identity theft in 2009, suffering a combined $54 billion in total fraud, leading to potential claims against the entities that exposed the individuals to identity..., Defense Digest, Vol. 16, No. 4, December 2010


December 21, 2015
Colleen Bannon, Shareholder and Director of Legal Information Resources, has been appointed a Vice-Chair of the Philadelphia Bar Association's Federal Courts Committee. The committee serves as an informational liaison between the federal courts covering the Eastern District of Pennsylvania and...
Seminar May 2, 2013
Join us for this unique presentation on cutting edge employment issues. The seminar will feature a mock trial "Social Media on Trial - How Social Media Affects Employers" and a panel discussion "Cyber Data Breach - The Latest...
Conference Mar 24, 2014
David J. Shannon, co-chair of Marshall Dennehey's Privacy & Data Security Practice Group, will be a featured speaker at the ACI's Cyber & Data Risk Spring Conference, held March 24 - 25 in Chicago. The forum will focus on the right...
Conference Jun 17, 2014
David Shannon will discuss E & O Cyber Liability at the 8th Annual E & O Insurance ExecuSummit, to be held June 17 - 18 in Uncasville, CT. Additionally, Jeffrey Chomko will participate on a panel discussing Insurance Agents & Brokers E...
Conference Apr 9, 2015
David Shannon will be a featured speaker at Philly I-Day 2015, to be held April 9 at the Pennsylvania Convention Center. Mr. Shannon and a distinguished speaker panel will present, "Cyber Hackers Are Everywhere - Are YOU Prepared?" Philly...
Seminar Sep 16, 2015
David Shannon will present at IBANY's Cyber Liability seminar on Wednesday, September 16. Presentation Highlights: As cyber insurance transitions from a discretionary to an essential coverage, underwriters are challenged with properly...
Conference Mar 17, 2016
David Shannon will be a featured speaker at the ACI's Data Breach & Privacy Litigation & Enforcement Conference, to take place March 17 - 18 at the Union League in Philadelphia. For more information, please click here.
Conference Jul 29, 2016
David J. Shannon will be a featured speaker on day 2 of the ACI Cyber & Data Risk Insurance where he will discuss the changing landscape of cyber liability litigation. 
Seminar Sep 28, 2017
When it comes to cybersecurity, everything comes at a price.   Whether your organization’s mentality is to insure against it, guard against it, or simply accept the risk, your choices can cost you dearly.   Beyond the direct...
Conference Nov 1, 2017
David Shannon, Shareholder and Chair of our Privacy and Data Security practice group, along with other industry professionals will present on the topic of Cyber Liability: The Claim Perspective. This presentation will focus on exposures to...


David J. Shannon
Chair, Privacy and Data Security
(215) 575-2615

Related Practice Areas

Before you send this email please note:

You are attempting to send email, through a link on our website, to an attorney of Marshall Dennehey Warner Coleman & Goggin or an employee in our firm. Please note that your email may not be treated as confidential and does not create an attorney-client relationship. You should not rely upon the transmission of an email through this website if you are seeking to enter into such a relationship. Until such time as we have agreed to represent you, no information in your email will be treated as confidential. Please contact us directly by telephone at 1.800.220.3308 if it is your intent to seek legal counsel with our firm or convey confidential information.

If it is still your intent to send this email, knowing that it may not be treated as confidential, you may accept our terms of agreement by pressing "OK". If you choose not to accept these terms of agreement you may navigate away from this page by pressing "Cancel."