Data Privacy & Security
Overview
BCLP’s Global Data Privacy and Security team is composed of lawyers located across the United States, the United Kingdom and continental Europe, and Asia. We routinely advise clients in a variety of sectors, including hospitality, consumer services, healthcare, software and technology, financial services, travel, manufacturing, and retail. We coordinate advice across multiple jurisdictions for clients working to achieve the most streamlined international data privacy strategy as possible, and we excel at helping companies achieve their business goals while balancing and addressing privacy and security obligations in a practical, business-focused approach. We pride ourselves on our responsiveness and building teams shaped to meet our clients’ needs.
AI legislation & regulation trackers
UK and EU take divergent approaches to AI regulation
Privacy Advisory
Our team has extensive experience handling the full scope of complex privacy and security issues. From a data privacy perspective, we advise clients on the development of comprehensive privacy and data protection programs, data sharing and international mobilization of data, complex transactions involving monetization and licensing of data, as well as with conducting gap assessments to align with international privacy standards, responding to regulatory investigations and inquiries, and defending companies in court and before government agencies in enforcement actions.
This counseling spans the gamut of US and non-US privacy laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), the Health Insurance Portability and Accountability Act, the Children’s Online Privacy Protection Act, the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, state privacy and data breach laws, FTC and state law enforcement issues, as well as emerging laws and regulations around the world.
Incident Response and Preparedness
In the context of incident response and preparedness, we have a world class incident response practice that has helped clients navigate major security incidents and data breaches, including ransomware attacks, O365 mailbox intrusions, malware, credential harvesting, insider threats, and inadvertent disclosure. We leverage that experience to help companies identify and remediate gaps in their readiness and to train companies how to respond to breaches effectively. Our experience and practical approach to data breach response uniquely equip us to assist organizations by understanding both the law and the business implications of data breaches. We help clients get ahead of incident response issues by a providing range of offerings, including bespoke “drill” exercises with c-suite executives, analysis of insurance coverage, contractual analysis to identify business partners and customers who require notification of a breach, and evaluation and engagement of third party providers under privilege (forensics, PR, call centers).
We are continually working to understand new privacy and security issues and to partner with our clients to shape practical, risk-based solutions that can be adapted over time to ever-changing technologies, business priorities and laws.
Meet The Team
Partner; Chair – Global Data Privacy and Security Practice; and Global Practice Group Leader – Technology, Commercial & Data, Boulder
Areas of Focus
-
General Data Protection Regulation
-
California Consumer Privacy Act
Experience
- Defending a major online fashion retailer in a lawsuit alleging violation of the Video Privacy Protection Act. The suit alleges that the client hosts video content on its website and that by also using Facebook pixels on its website to track usage statistics, it is unlawfully sharing personally identifiable information concerning videos viewed by users with a third party, in violation of the VPPA.
- Defending a provider of crypto currency trading software in a class action lawsuit filed in the wake of disclosures that the company was the victim of criminal hacking. The hacking resulted in the unauthorized disclosure of API keys, which were allegedly used by the hackers to consummate unauthorized trades in user accounts on various crypto currency exchanges.
Representative Clients
- Red Robin – Casual dining restaurant chain operating in the U.S.
- Delaware North – Manages and provides food and beverage concessions, dining, entertainment and lodging at high-profile locations throughout the world
- Best Western International – One of the top five largest hotel chains in the world.
- World Wide Technology, Inc. – One of the 100 largest privately held companies in the United States; provides technology needs to national and multi-national companies with revenues in excess of $7.4 billion annually
- Grindr LLC – Grindr is the premiere platform for the global LGBTQ+ community to connect, learn and champion their rights. With more than 3.8 million daily active users in more than 190 countries, Grindr empowers people to be themselves in a safe and meaningful way. Given the sensitive nature of information disclosed in-app, the company is focused on global compliance with data privacy and security laws.
- Washington University in St. Louis. – Washington University is routinely ranked as one of the top 15 universities within the United States, and one of the top 5 medical schools in the United States.
- IHS Markit Ltd. – Global diversified provider of critical information, analytics, and solutions
- Dillard’s Inc. – An upscale department store chain in the U.S. with more than 325 stores in 28 states
- eClinicalWorks – One of the main providers of electronic medical records to physicians and health groups
- Backstop Solutions – Provider of portfolio management technology to financial advisors and hedge funds
Related Insights
Jul 02, 2025
Jun 26, 2025
Jun 17, 2025
Jun 12, 2025
Jun 04, 2025
May 15, 2025
May 07, 2025
Apr 29, 2025
Apr 11, 2025