With a network of specialists in 16 integrated offices on four continents, Cleary Gottlieb regularly advises global clients in diverse industries on the privacy, data protection and cybersecurity challenges impacting their businesses.

Our privacy and cybersecurity task force, comprising lawyers from practice areas across the globe (including banking and financial institutions, commercial litigation, corporate governance, intellectual property, sanctions and anti-money laundering, and white-collar defense and investigations), works collaboratively across disciplines and jurisdictions to advise domestic and multinational clients. We advise our clients not only on legal obligations and liabilities, but also on anticipated changes in laws and enforcement practices, strategies for managing compliance and risks, and minimizing the costs and efforts of compliance.

Our clients include banks and financial institutions and their service providers; fintech, software, IT and telecommunication companies; consumer products and retail industry companies; fashion companies; and international organizations. They rely on Cleary for state-of-the-art advice on a variety of privacy, data protection and cybersecurity matters, including:

  • Assessment and management of data privacy and cybersecurity risks and liabilities in corporate and financial transactions, including due diligence in M&A transactions, data transfers in cross-border acquisitions and restructuring.
  • Compliance with data protection laws and regulations in multiple jurisdictions, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act, the CAN-SPAM Act, the European Union Directive on the protection of personal data (and its national implementations),  the EU General Data Protection Regulation, and Office of Foreign Asset Controls, Bank Secrecy Act, anti-money laundering and related requirements.
  • Board fiduciary duties, required disclosures and related corporate governance issues.
  • Preparing for and responding to cybersecurity incidents, including advice under various data breach notification laws and liaising with law enforcement and regulatory bodies.
  • Assistance with internal investigations and in responding to government requests for information and subpoenas.
  • Assessment and drafting of IT and privacy policies, codes of conduct, whistleblower policies, binding corporate rules and international data transfer agreements.
  • Privacy and cybersecurity provisions in vendor contracts, including cloud-computing and outsourcing agreements.
  • Advice on usage of data in marketing, including on opt-out and opt-in mechanisms in relation to placement of cookies and consents.
  • Anticipating the needs of UK-based companies and companies doing business in the UK in regard to possible data-protection implications of the “Brexit.”