Home > Services > Cybersecurity and Privacy

Cybersecurity and Privacy

Real-world data privacy and cybersecurity counseling

Information is a vitally important asset in today’s digital age. Companies are collecting and processing unprecedented amounts of data, much of which is sensitive employee and customer information. Often, companies rely upon the assistance of third parties to secure this data. The consequences of a loss or inadvertent disclosure of data can be catastrophic to a company’s credibility and, in some cases, its existence. Yet nearly every day, we are faced with worldwide reports of data breaches at corporations and other organizations by those seeking customer credit card numbers, user passwords, internal documents and emails. Not only are there cyber threats to mitigate, but companies must also comply with increasingly complex frameworks of data privacy laws on state, federal and international levels.

Saul Ewing Arnstein & Lehr’s team of cybersecurity and privacy professionals (including 13 Certified Information Privacy Professionals) works collaboratively to ensure that our clients are supported at all stages and from all angles — from response planning for cyber-attacks, to crisis management during an occurrence, to proceeding after a cyber-attack or breach occurs. Our interdisciplinary approach means that attorneys in different legal fields — corporate, insurance, intellectual property, labor and employment, white collar, and litigation — provide clients with well-rounded, innovative solutions.

On the preparedness side, our team is experienced at reviewing response plans, coordinating with brokers and insurers on coverage of cyber risks, and working with security specialists to review and identify technology weaknesses on behalf of clients. If the client does not yet have a plan in place, our attorneys will outline procedures and develop a plan to help prepare the client for an external attack and reduce the risk of future intrusions. In the event of an attack or breach, our attorneys and network of external professionals work together to minimize exposure and protect client confidences. We counsel clients on liabilities potentially associated with the attack or breach and represent clients in related litigation when needed. 

For data privacy matters, we help clients understand and meet the requirements stipulated by a variety of laws — such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the Family Education Rights and Privacy Act (FERPA), and the Gramm-Leach-Bliley Act (GLBA) — and construct processes and policies to comply with these regulations to protect data and avoid substantial fines.

See Related Industries Offered for Cybersecurity:

See Related Services Offered for Cybersecurity:


Our team helps clients during each stage of a privacy program, cybersecurity preparedness, and data-related incident or breach:

  • Data Privacy Compliance and Pre-Cybersecurity Incident Preparation
    Regulatory matters and internal compliance programs, including compliance with state, federal and international data privacy laws (GDPR)
    Corporate data privacy and information governance programs
    Strategic counseling and board governance
    Big data governance and privacy in technology development
    Security breach preparation and response planning
    Insurance coverage evaluation to ensure that appropriate cyber-risks are appropriately covered
    Referral of a forensic data specialist to review and identify technology weaknesses
    Referral of a PR firm to prepare or evaluate the crisis management plan
    Drafting and reviewing employee and vendor agreements
  • Cybersecurity Incident Response and Investigation
    Immediate (24/7) consultation through our legal team with a forensic data technology specialist to minimize the effects of an attack or breach
    Consultation with insurance attorneys regarding coverage and assistance with making an insurance claim
    Advice and assistance with engaging with law enforcement, if appropriate
    Advice and assistance with reporting to regulators and data protection authorities, if required
    As-needed referral to and engagement with a PR firm to manage messaging to clients and media
  • Post-Cybersecurity Incident Defense
    Post-loss economic recovery (Attacker, Employee/Contractor, Insurer, Counter-Party)
    Defense of government investigation/proceedings
    Data privacy and cybersecurity litigation
    Loss/damage mitigation
    Forensic data analysis
    Ongoing PR assistance


The group includes attorneys who have received the following recognition:

  • Certified Information Privacy Professionals

    Thirteen attorneys on our Cybersecurity and Privacy team are Certified Information Privacy Professionals in the U.S. private sector (CIPP/US). Developed by the International Association of Privacy Professionals, the credentialing program provides a global standard for privacy laws, regulations and frameworks, and is accredited by the American National Standards Institute under the International Organization for Standardization standard.

  • Benchmark Litigation: Under 40 Hot List

    Through a process of peer review and case examination, the Under 40 Hot List has been compiled over a process of many months to assemble a collection of young, up-and-coming attorneys.

Trade Groups & Associations
  • The International Association of Privacy Professionals (Bronze Level Member)


Alexander R. Bilus
Evan J. Foster
Laurie A. Kamaiko