Faegre Drinker Biddle & Reath LLP, a Delaware limited liability partnership | This website contains attorney advertising.

Privacy, Cybersecurity, Data Ethics & Strategy

See All Services Meet The Team

Overview

Faegre Drinker helps clients meet the challenges of the information age. Organizations collect, use and share ever-increasing amounts of data, raising privacy, security, information governance and other data ethics issues. Our team of attorneys and professionals helps clients build strong data governance programs that support compliance with applicable laws and agile responses to security incidents. 

We help organizations understand the array of laws and guidelines applicable to their data processing. This includes requirements concerning privacy (to what extent can individuals control the use and disclosure of information that relates to them), security (what safeguards are required to protect the confidentiality, integrity, and availability of data assets), transparency (to what extent do organizations need to be transparent about how they are collecting and using personal data), ownership (who owns personal data and information derived from personal data) and fairness (does the outcome of data analysis result in disparate impacts to a specific group of people in a way that causes harm). These issues have been a central part of “data protection” law for decades and are growing in importance as regulators struggle to address new, data-intensive technologies like artificial intelligence.

Faegre Drinker’s multidisciplinary privacy, cybersecurity, data ethics and strategy team assists organizations in understanding their information flows and creating compliant policies and procedures. We help clients close M&A deals and draft complex data agreements and security provisions. And when incidents threaten a client’s business reputation, we are here to help. We litigate class-action lawsuits, respond to data breaches, answer regulator inquiries, and deliver peace of mind when a crisis arises.

We advise organizations on a wide body of rapidly evolving data laws, regulations and standards, such as:

  • U.S. state privacy laws, such as the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), Illinois Biometric Information Privacy Act (BIPA) and Washington My Health My Data Act.
  • U.S. federal privacy laws, such as the Federal Trade Commission (FTC) Act, Telephone Consumer Protection Act (TCPA), Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA).
  • UK and EU data protection and e-privacy laws, such as the General Data Protection Regulation (GDPR) and ePrivacy Directive.
  • China’s Personal Information Protection Law (PIPL), Cybersecurity Law (CSL) and Data Security Law (DSL).
  • Standards, such as the Payment Card Industry Data Security Standards (PCI DSS), International Organization for Standardization (ISO) 27001, and National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).
  • Pending legislation, such as the EU AI Act and privacy bills at the U.S. state and federal levels.
     

Insights & Events

Insights
May 2025

The Hidden Dangers of Alternative Funding Programs

1 min read  
Updates May 2025

Colorado Division of Insurance Takes Next Steps to Expand AI-Related Governance and Risk Management Obligations for Insurers

Stakeholders’ Meeting on June 2; Written Comments Due by June 5, 2025
6 min read  
Updates April 2025

Data Security Program, Medicare Advantage, Colorado Insurance Requirements & More

Artificial Intelligence Briefing
8 min read  
Media Mentions April 2025

Steven Francis and Jonathon Gunn Comment on Proposed Reform to UK Foreign Direct Investment Practices

2 min read  
Published Articles April 2025

AI and Defence: How to Manage the Risk

1 min read  
Updates April 2025

California SB 354: A New Era in Insurance Consumer Privacy

The Insurance Consumer Privacy Protection Act of 2025
5 min read  
Updates April 2025

Courts Reject Theoretical Privacy Violations Due to Lack of Standing

Companies Facing Similar Litigation or Demand Letters From Plaintiffs Should Take Note
11 min read  
Updates April 2025

DOJ Releases New Key Guidance on Its Data Security Program (DSP)

Substantial Compliance Obligations Related to Certain Foreign Transactions Involving Sensitive Personal and Government Data
16 min read  
Blog Post March 2025

DHS Playbook for Public Sector GenAI Deployment – Insights for the Private Sector

Discerning Data blog
1 min read  
Updates March 2025

Trump’s EO Seeks to Eliminate ‘Unconstitutional’ Regulations; EU Commission Scraps AI Liability Directive; Lawsuit Alleges Racial Discrimination by Meta’s Ad Algorithms for Higher Education; and More

Artificial Intelligence Briefing
7 min read  

Related Legal Services