Cybersecurity, Privacy & Data Governance Protection Of Critical Data, Information & Knowledge Assets

Kilpatrick Townsend helps its clients protect their most important information. Our Cybersecurity, Privacy & Data Governance practice takes a comprehensive, multidisciplinary, and integrated approach to help clients:

  • Anticipate, obviate, and manage the full range of information-related risks
  • Optimize the value of information and appropriately monetize it
  • Comply with evermore complex privacy, data protection, and cybersecurity regulatory frameworks around the world
  • Contain and respond quickly and effectively to incidents
  • Prevent and control disputes and investigations
  • Maximize recoveries and resilience


Global Data Protection & Cybersecurity: Beyond Privacy & Breach

Cybersecurity threats are growing exponentially around the world, as are data protection and cybersecurity regulatory challenges. Today's incidents include controlling, damaging, and/or interrupting systems, as well as stealing, denying access to, or destroying strategic knowledge assets — the critical data vital to a company's survival and ability to compete and prosper. Data protection and cybersecurity regulatory challenges, such as the EU’s General Data Protection Regulation (GDPR) and New York ’s Cybersecurity Requirements for Financial Services, demand more in-depth understanding of operations, systems, and data flows than ever before. To help safeguard our clients’ information, operations, systems, secrets, intellectual property, brands, and compliance, we offer the full spectrum of cybersecurity, privacy, data protection, and data governance legal services across the U.S. and abroad. Our integrated team of multidisciplinary attorneys and technical staff uses its in-depth experience, legal acumen, technologies, and relationships with domestic and international regulators, law enforcement, data protection authorities, and policy groups to craft timely, cost-efficient, and practical solutions that balance our clients’ internal and external needs.


Justifying Trust In The Digital Economy

Innovative Data Governance: We serve as global privacy and cybersecurity counsel to many organizations, often on the cutting edge of innovation, working with our clients continuously to create and leverage disruptive technologies with new approaches to data governance.

Productive Narratives: In responding to incidents and helping to guide the development of programs, we help assure the effective narration of information issues with stakeholders, consumers, regulators, and the public.

Operational & Contractual Risk Management & Value Creation: Our team includes attorneys with particular depth in corporate operations and related strategy issues that enables effective participation in policy and program analysis, design, and implementation; attorneys with particular depth in creating and protecting rights in data; and the full range of technical experts and technology.

Long-Term Partnerships: We are passionate about client service and creating long-lasting partnerships with our clients, just as we help our clients create and maintain durable and expanding relationships with their customers, workforce, regulators, and the public.

Focus Areas

  • Risk Assessments, Strategies, Program Development, Governance & Compliance
  • Incident Preparedness & Response
  • U.S. & Global Privacy
  • Data & System Mapping
  • Compliance Assessments
  • GDPR, Cross-Border Data Transfer & Data Localization
  • Trade Secrets & Corporate Confidential Information
  • Artificial Intelligence, Big Data, Machine Learning & Deep Learning
  • Blockchain, Fintech & Smart Contracts
  • Internet of Things
  • Advertising Privacy
  • Health & Financial Privacy/Cybersecurity
  • Litigation & Investigations
  • Employment
  • Board Preparedness
  • Mergers & Acquisitions
Related Services



on emerging cybersecurity, privacy, and data governance issues

Proven Approach

to breach management, with a remarkable record of preventing consumer litigation

Strong Ties

with key decision makers, influencers, as well as national, state, and global regulators

2 Cybersecurity


National Law Journal (2016)


IAPP-Certified Privacy Professionals

in U.S. private sector, U.S. government sector, and/or the EU

National Acclaim

Privacy & Data Security Law & Information Management Law
Best Lawyers in America® (2015-2018)


Coordinated global response to a global data breach involving regulators in 57 non-U.S. jurisdictions.

Defended numerous companies across diverse industries in consumer class action cases, alleging violation of California’s privacy statutes. Employed individualized strategies to minimize client risk and achieve client objectives.  

Secured a favorable ruling for electronic communications service provider, Dream Host, against the U.S. Department of Justice (DOJ) in a highly-publicized privacy court battle, which precluded the DOJ from obtaining information about individuals visiting and communicating with the political advocacy website DisruptJ20.

Led GDPR readiness initiatives for a global email marketing company, a global insurer, and a global leader in the Internet of Things.

More than 12 years developing, refining, and participating as an integral part in client incident response programs, avoiding consumer litigation in all cases.

Advised insurance companies, banks, and other financial institutions and service providers on New York Department of Financial Services cybersecurity regulations, including guidance on strategy, process, risk assessment, and program development.

Developed information governance strategies, contracts establishing data rights and privacy and cybersecurity rules, and notices and consents for companies entering the Internet of Things.

Developed and helped implement comprehensive overhauls of a wide range of policies governing corporate, customer, and third-party information, including privacy, e-communications, trade secrets, surveillance, retention, security, and defensible disposal programs for financial services information companies, consumer products manufacturers, retailers, health care companies, and business service organizations adopting big data strategies. Also led many privacy and information security compliance and auditing programs under these new programs.

Represented a multinational fabless semiconductor company, with Cambridge, UK headquarters and main products covering connectivity, audio, imaging, and location chips, about data breach situations and industrial espionage matters involving incursions from and in China and South Korea.

Negotiated privacy and security protections and established policies and programs for a global insurance conglomerate, a global logistics company, a global manufacturer, and global technology companies about cloud-based CRM, HR, and benefits solutions for global workforce and customer bases, including review and incorporation of safeguards and bases for data processing and transfer in Asia, Europe, and Latin America.

Meet The Team View All

Cybersecurity Study

Click here to learn more

Latest Thinking

View more Insights
Insights Center