Cybersecurity & Data Privacy

A Matter of Trust

Companies face an ever growing threat to their digital assets whether as a result of malicious attacks, structural failures, human errors, and natural disasters that often leads to the compromise of confidential information. Robust cybersecurity and data privacy policies and procedures work hand-in-glove to protect companies and their data, customers, and shareholders from the risks and ramifications posed by these data breaches.

Blank Rome’s lawyers are well-versed in the rapidly evolving area of cybersecurity and data privacy. Whether it is complying with the myriad government regulations, preparing for and managing cyber events, negotiating data protection provisions in agreements, evaluating cyber insurance policies, handing litigation or dispute resolution arising from cyber incidents, or satisfying auditors, Blank Rome’s cybersecurity and data privacy group has the experience necessary to prepare and advise clients on their risks and obligations as well as to successfully navigate them through serious security incidents should one occur.

What Makes Blank Rome Different:  Industry Focus

We not only know the law, we know the businesses of our clients, so we can speak the same language as our clients and understand their needs.


Mitigating cyber risk is one of the biggest challenges currently facing the maritime industry.  Blank Rome helps provide a comprehensive solution for protecting your company’s property and reputation from the unprecedented cybersecurity challenges present in today’s global digital economy.  Our multidisciplinary team of leading cybersecurity and data privacy professionals advises clients on the potential consequences of cybersecurity threats and how to implement comprehensive measures for mitigating cyber risks, prepares customized strategy and action plans, and provides ongoing support and maintenance to promote cybersecurity awareness. Blank Rome’s maritime cybersecurity team has the capability to address cybersecurity issues associated with both land-based systems and systems onboard ships, including the implementation of the Industry Guidelines on Cyber Security Onboard Ships and the IMO Guidelines on Maritime Cyber Risk Management.

Healthcare and Life Sciences

Federal and state laws afford special protection to health information, and enforcement of privacy and security laws applicable to health information is on the rise.  Our attorneys are experienced in evaluating complex privacy and security matters involving health information for health care providers, payors, business associates, and life sciences companies.  We advise on compliance with HIPAA, HITECH, the FTC Act, the FDCA, the Common Rule, state mental health privacy laws, and federal and state privacy laws regarding drug and alcohol treatment information.  We have particular experience guiding companies developing mobile medical applications and wellness programs; companies engaged in clinical research activities collecting, using, and disclosing health data and biological samples; and providers evaluating electronic medical record vendor contracts and controls.  We understand the rules that come into play when a security breach involves health information, and have coached many clients through their response to a security incident related to health information.

Insurance Coverage

Blank Rome’s insurance coverage attorneys have significant experience helping clients maximize the value of their policies in the area of cyber risk. Through a combination of proactive counseling and vigorous advocacy work, our team has helped numerous insureds enhance their cyber coverage and respond to attempts by insurers to deny coverage for cyber losses.

Government Contracts

Blank Rome’s multidisciplinary team of cyber-savvy attorneys assists our government contractor clients in protecting Unclassified Controlled Technical Information (UCTI), Covered Defense Information (CDI), export controlled information, and trade secrets. Importantly, we offer a privileged relationship through which our clients can identify and manage their security risks, protect their digital assets, quickly respond to cyber threats, and determine whether mandatory reporting of cyber incidents to the government is required. Cybersecurity is a crucial compliance element for all government contractors; non-compliance with applicable regulations can result in non-responsibility determinations, contract terminations, and even False Claims Act liability.

Cloud Services, Websites, Mobile Applications

Many websites, software applications, cloud services, and other network technologies process personally identifiable information and, as a result, may be subject to various federal and state privacy and security laws. Our attorneys are versed in evaluating the risks associated with these products and services and regularly advise technical teams and executives on mitigating those risks, whether in agreements and other transaction documents or in practical everyday operations. We have particular experience drafting privacy policies for websites and mobile applications, advising businesses on their internal corporate policies for processing personal information, negotiating software licenses and technology services agreements, and prosecuting and analyzing patents that relate to data privacy and cybersecurity systems. We understand the serious privacy risks with networked technologies and appreciate that each business has special needs when it comes to mitigating those risks. We take pride in crafting practical solutions for the unique circumstances of each of our clients.