Skip to Content
Home Practice Services Data, Privacy, and Cybersecurity
Search Options:
Business

Data, Privacy, and Cybersecurity

Sandberg Phoenix’s Data, Privacy, and Cybersecurity team offers end to end legal support to assist clients with complex and ever-changing compliance, regulatory, litigation, and transactional challenges related to the use of personal information and technology, like artificial intelligence.

Sandberg Phoenix’s Data, Privacy, and Cybersecurity team offers end to end legal support to assist clients with complex and ever-changing compliance, regulatory, litigation, and transactional challenges related to the use of personal information and technology, like artificial intelligence.

We work with organizations and companies on counseling and compliance strategies, regulatory and litigation defense, cyber incident response, data-driven transactions and more.

Counseling & Compliance Services

We have counseled numerous companies on compliance issues related to data privacy and cybersecurity and can assist with the implementation of an overall data privacy compliance program for a variety of businesses, including:

  • Businesses that collect personal information from customers and devices, including through online advertising and loyalty programs
  • Businesses seeking to make use of artificial intelligence technology, including by sharing data with providers of such technology
  • Businesses operating nationally who may be subject to comprehensive state data privacy laws like the CCPA and VCDPA
  • Health care providers and insurers subject to HIPAA
  • Financial institutions subject to GLBA, SEC regulations, and obligations from prudential regulators like the FDIC
  • Businesses that collect personal information from children under the age of 13 (and thus subject to COPPA)

Our team can also:

  • Assess new business activities and new technology risks, like the use of artificial intelligence or the sharing of personal information
  • Assist with reporting compliance, including public filings
  • Assess cybersecurity risk and development of mitigation plan

Transactional Services

Our team has proven experience of nearly two hundred transactions involving companies of all sizes. We have been tasked with:

  • Performing data privacy and cybersecurity due diligence on target company
  • Assessing data privacy and cybersecurity risk associated with a public or private offering, like an IPO or issuance of debt
  • Negotiating contractual provisions to minimize risks for a transaction, including company sales and sales of technology

Incident Response Services

Our skilled attorneys have counseled businesses in responding to data breaches, including by collaborating with forensic specialists, assessing legal obligations, preparing notification materials, and responding to follow-ups from regulators. 

We have assisted clients with:

  • Data misuse by employees
  • Data breaches
  • Other cybersecurity incidents

Our goal is to minimize liability and other risks faced by clients as the result of an incident.  We work to understand the legal requirements and assist our clients with regulatory inquiries.

Investigations and Related Services

Our team can aid companies in responding to subpoenas, negotiate the scope of requests with regulators, assess legal issues and aid in the resolution of a case, and more.

Data Privacy Services

Our skilled team of attorneys are equipped to advise clients on a variety of privacy laws, including:

  • U.S. data breach notification laws (unique to each of the fifty states)
  • U.S. state privacy laws, including:
    • California Consumer Privacy Act (CCPA) (currently in effect)
    • Colorado Privacy Act (currently in effect)
    • Connecticut Personal Data Privacy and Online Monitoring Act (currently in effect)
    • Delaware Personal Data Privacy Act (effective January 1, 2025)
    • Illinois Biometric Information Privacy Act (BIPA) (currently in effect)
    • Indiana Consumer Data Protection Act (effective January 1, 2026)
    • Iowa Consumer Data Protection Act (effective January 1, 2025)
    • Kentucky Consumer Data Protection Act (effective January 1, 2026)
    • Montana Consumer Data Privacy Act (effective October 1, 2024)
    • New Hampshire SB 255 (effective January 1, 2025)
    • New Jersey SB 332 (effective January 15, 2025)
    • Oregon Consumer Privacy Act (effective July 1, 2024)
    • Tennessee Information Protection Act (effective July 1, 2025)
    • Texas Data Privacy and Security Act (effective July 1, 2024)
    • Utah Consumer Privacy Act (currently in effect)
    • Virginia Consumer Data Protection Act (currently in effect)
    • Fair Credit Reporting Act (FCRA)
    • Children's Online Privacy Protection Act (COPPA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Electronic Communication Privacy Act (ECPA)
    • Video Privacy Protection Act (VPPA)
    • EU and U.K. General Data Protection Regulation (GDPR)

For questions on cybersecurity and data privacy, reach out to one of our attorneys today.

Industries

Education Physicians & Allied Health Professionals Hospitals Banking & Finance Brokers / Dealers & Financial Advisors Entrepreneurs, Closely Held & Family Owned Business

Data, Privacy, and Cybersecurity Team

See All Attorneys
Mark A. Williams
Mark A. Williams
Counsel
St. Louis, MO
314.425.6940
email Mark