As one of the country's leading civil defense litigation law firms, the attorneys in Marshall Dennehey's Privacy & Data Security Practice Group are focused on helping clients reduce cyber risk exposures and guiding them through incident response, containment, and compliance measures after a data breach occurs. Staffed to respond to time critical situations with 24/7 availability, the firm has handled over 100 data breaches and privacy claims for clients in the technology, health care, education, financial, banking, retail, energy, consumer protection, and other industry sectors.

    A Customized Approach

    In the arena of privacy and data security, there is no one-size-fits-all response. At Marshall Dennehey, we partner with each client to develop a customized approach, with a focus on how decisions may impact a future defense to litigation or regulatory action. Whether it is a breach involving hundreds of individuals, or millions, we counsel clients in a way that is cost-effective, compliant with the law and protective of a company's brand.

    Data breaches often involve multiple areas of a client's business. When a breach involves the theft or disclosure of trade secrets, or the violation of a company's social media policy, attorneys in our Employment Law and Technology, Media and Intellectual Property Litigation Practice Groups are available to provide critical and immediate counsel. This counsel includes assisting clients in appropriately and effectively communicating with employees who may be suspected of involvement with the breach incident.


    Health Care

    Privacy and data security matters in the health care sector require significant knowledge of how health care systems work on both regulatory and administrative levels. Our attorneys play a critical role in helping health care clients avoid, prepare for, and respond to data breach events. Beginning with HIPAA/HITECH compliance, our attorneys provide counsel on interpretation of federal and state privacy/security laws and regulations, and assist clients in investigations by governmental agencies, including the state attorneys general and the Department of Health and Human Services Office for Civil Rights. We additionally help clients develop risk management procedures and policies that are not only required by law, but that also help to educate and prepare providers, insurers and business associates on ways sensitive patient health information can be safeguarded.


    Universities, colleges and other institutions of higher education across the country are increasingly the target of computer hackers. Marshall Dennehey has provided legal counsel to educational entities of all sizes in the aftermath of data breach events. Our services focus on incident response development and notification as well as containment and compliance measures, including appropriate usage of social media channels to communicate incident updates to internal and external audiences. Our client representation in this sector has included working with the U.S. Department of Education in investigating breach incidents.

    Financial and Banking

    Security breaches and computer hacking incidents at financial institutions have become alarmingly common. Our firm routinely works with banking and financial institutions in responding to data breaches. From compliance with the Gramm-Leach-Bliley Act requirements to working with forensic investigators in the critical initial stages, we are experienced in counseling clients through every stage of these sensitive, and often, high-profile, engagements. When necessary, we are also accustomed to working with governmental agencies such as local and state law enforcement as well as the Secret Service and the FBI to help respond to, or investigate, a breach event.

    Retail, Energy, Utility and Service Industries

    From e-commerce web retailers to insurance companies and their nationwide brokers, we have assisted companies in the investigation and response to data breaches as well as Payment Card Industry-Data Security Standards (PCI-DSS) compliance. With extensive experience in defending business entities in consumer-related litigation, we have the attorney resources to manage every aspect of a data breach event. 


    • Data breach incident response and notification
    • Data security and  retention policies
    • Defense of numerous state lawsuits involving federal and state law privacy breaches
    • Review of Vendor Agreements and Business Associate Agreements
    • HIPAA/HITECH violation responses
    • Investigations and audits by Department of Health and Human Services Office for Civil Rights
    • Counseling to respond to U.S. Department of Health and Human Services Centers for Medicare & Medicaid Services (CMS), state Medicaid agencies, state departments of health and insurance and state/professional licensing boards
    • Gramm-Leach-Bliley Act (GLBA) requirements
    • PCI-DSS compliance,  requirements and other payment card data issues
    • Claims and litigation involving point of sale (POS) software and hardware

    Our attorneys are available at any time to discuss potential legal matters, or the development of workshops and educational seminars for your company or organization.