Hunton Andrews Kurth LLP’s Privacy and Cybersecurity practice is known throughout the world for its deep experience, breadth of knowledge and outstanding client service. The firm is a leader in its field and has been recognized by Computerworld magazine, Chambers and Partners, and The Legal 500.

Since 2001, the firm has been home to the Centre for Information Policy Leadership (CIPL), a privacy think tank that provides strategic consulting services and works with industry leaders, regulatory authorities and policymakers to develop global solutions and best practices for privacy and responsible use of data to enable the modern information age. With more than 50 members, CIPL also provides a forum for developing next-generation privacy principles to facilitate global digital information flows. CIPL has been working on a multi-stakeholder project on GDPR: Consistent Implementation and Interpretation, with a series of workshops and papers.

Areas of Experience
Our privacy and cybersecurity practice focuses on providing legal services in the following areas:

  • Compliance with all US federal and state privacy and information management requirements, including the California Consumer Privacy Act of 2018, the Gramm-Leach-Bliley Act, HIPAA, the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act of 2003, the Driver’s Privacy Protection Act, CAN-SPAM, state and federal security breach notification laws, state Social Security laws, the Payment Card Industry Data Security Standard, and other federal and state requirements;
  • Compliance with all international data protection laws, including the the EU General Data Protection Regulation and e-Privacy Directive and member state implementations thereof (including the EU-US Privacy Shield, model contracts and binding corporate rules), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA);
  • Comprehensive assistance with significant information security breaches, including network intrusion investigations, customer notification, state and federal regulatory negotiations, discussions with payment card issuers, as well as public relations, call center and investor relations communications and training;
  • Preventing and managing cyber events, from security planning and developing proactive, breach-readiness solutions, including incident response and table top exercises, and handling of litigation and disputes arising from such events;
  • Performance of comprehensive privacy and information management assessments, including preparation of data flow maps and privacy policies and procedures;
  • Development and implementation of privacy and data use policies and procedures that comply with applicable laws and generate consumer and business partner confidence, revenue and flexibility;
  • Development and implementation of programs to protect global information assets, including legislative and regulatory advocacy;
  • Assistance with information product life cycle issues, including product promotion, customer profiling, targeted marketing, channel definition and expansion, franchising, branding, advertising, warranties and pricing;
  • Drafting and negotiation of vendor contracts and information use and distribution agreements; and,
  • Assistance with dispute resolution, management of consumer concerns, response to allegations of misuse of data, state and federal investigations (including actions and requests for information from state attorneys general and the Federal Trade Commission) and litigation.

About Hunton Andrews Kurth LLP
Since its establishment more than a century ago, Hunton Andrews Kurth has grown to more than 1,000 lawyers serving clients worldwide. With an industry focus on energy, financial services, consumer products and retail, and real estate, the firm’s global experience extends to myriad legal disciplines, including commercial litigation, corporate transactions and securities law, intellectual property, international and government relations, regulatory law, privacy and cybersecurity, and products liability. Visit and follow us on Twitter, LinkedIn, and YouTube.