Olshan privacy, data and security lawyers guide clients through the ever-evolving and increasingly complex legal and regulatory requirements regarding data collection, use, storage, transmission, disclosure and disposal, helping them minimize legal risks while meeting their commercial objectives.

We advise on proper protocols, help ensure compliance with U.S. and international data security and privacy requirements and industry standards and assist our clients in responding to cyber breaches, regulatory inquiries, investigations and enforcement actions, as well as litigation stemming from alleged data misuse and privacy violations. We also advise clients in transactions involving the acquisition, sale and management of data, monetizing data and in targeted marketing efforts.

Comprehensive Service

Representing companies ranging from startups to multinational corporations in a broad range of industries, boards of directors and corporate executives, we help clients manage data-related risks and comply with applicable privacy and data security measures in their day-to-day operations and business transaction. We also represent them before regulatory bodies and in federal and state court litigation.

Compliance Counseling

Our lawyers help clients comply with the wide array of federal, state and international privacy requirements and regulations, including the comprehensive California Privacy Rights Act (CCPA), the European Union General Data Protection Regulation (GDPR), numerous U.S. state laws, the Children’s Online Privacy Act, the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule, the Restore Online Shoppers’ Confidence Act, the Electronic Funds Transfer Act, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act (HIPAA) and many others. We conduct risk assessments, advise on cyber-related risk and data misuse avoidance strategies, privacy and cybersecurity compliance, and devise global breach prevention and compliance policies, plans and protocols.

We create bespoke privacy and cookie policies for a wide variety of e-commerce businesses. Clients also rely on us for training tailored to meet their specific needs and circumstances, help in creating privacy breach and data security-related incident response plans, and advice on disclosure and reporting obligations, crisis management and breach remediation. We make certain they are adequately protected across communication channels.

Advertising and Promotional Campaigns

Well versed in the expansion of state privacy laws affecting brands and advertising, we work closely with our Advertising, Marketing & Promotions Group and Brand Management & Protection Group, advising on data and personal information use for brand activation, lead generation, consumer targeting, influencer and SaaS agreements, and promotions campaigns through traditional, internet and new media channels.

International Expertise

Our team includes an Information Privacy Professional for Europe (CIPP/E), certified by the International Association of Privacy Professionals. With a clear understanding of the rules and an international perspective on privacy initiatives, she is a sought-after authority on data privacy laws, compliance with consumer privacy laws and related issues. We also collaborate with members of our vast network of trusted international counsel to help clients comply with international privacy requirements and regulations including consumer privacy laws such as the European Union General Data Protection Regulation (GDPR) and the United Kingdom Data Protection Act of 2018, among many others.


Our privacy, data and security lawyers help ensure our clients understand and plan for the privacy implications of collecting and using personal data in their daily business dealings and corporate transactions. We conduct privacy and data security-related due diligence in business mergers, acquisitions and dispositions, data-specific purchases, sales, outsourcing and licensing deals, and data development and exploitation collaborations, as well as a variety of other U.S. and cross-border transactions.

Regulatory Investigations & Enforcement and Litigation

Should a privacy violation or data breach occur, our regulatory investigations, enforcement and litigation lawyers strategize, advise and represent clients in any ensuing federal, state or international regulatory investigations, civil cases, including class actions, and criminal matters.

  • Assisted a well-known fashion company in implementing and running an international e-commerce business, including drafting privacy policies and cross-border/EU commerce.
  • Advising e-commerce businesses in the development and modification of their privacy policies to allow for participation in cooperative databases and other data-sharing arrangements.
  • Assisting various companies in developing and integrating privacy policies in connection with high-profile sweepstakes promotions to facilitate lead generation/sharing practice.
  • Analyzing SaaS and other transaction arrangements relating to data privacy compliance.
  • Successfully defended a well-known brand regarding alleged violations of the Video Privacy Protection Act.
  • Advising private equity and investment companies through multiple acquisitions of portfolio companies and conducting privacy diligence in connection with numerous transactions.
  • Counseled a school that suffered a ransomware attack.




Blog Posts

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.