Data privacy and cybersecurity increasingly affects all businesses and industries. To handle this complex and rapidly changing area of law, our Data Privacy + Cybersecurity practice group collaborates with lawyers throughout Robinson+Cole’s diverse practice areas.

Each member of our highly experienced team understands the spectrum of challenges businesses may face with evolving digital technologies. We are dedicated to helping you achieve success, providing you with the right resources to match your specific business needs.

Our Services

Our clients include public and private companies in all industries, including:

• Software companies
• Companies with websites and mobile apps
• Health care providers and hospital systems
• Retail and marketing companies
• Higher education providers
• Start-up companies
• Tax-exempt organizations
• Utilities, manufacturing, energy, and wireless telecommunications service providers

Our team regularly works with federal and state data privacy and security rules and regulations, including:

• California Consumer Privacy Act (CCPA) and Privacy Rights Act and implementing regulations and state data privacy laws and emerging privacy regulations
• Laws and regulations applicable to tracking technology and pixels
• Children's Online Privacy Protection Act (COPPA)
• Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act)
• European Union (EU) General Data Protection Regulation (GDPR) and revised Standard Contractual Clauses (SCCs)
• Fair Credit Reporting Act (FCRA)
• Family Educational Rights and Privacy Act (FERPA)
• Federal Aviation Administration’s (FAA) Small Unmanned Aerial Systems (UAS) regulations (Part 107), and state and local laws related to the use of UAS and privacy concerns
• Federal Trade Commission Act (FTC Act)
• FTC's Telemarketing Sales Rule (TSR)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• New York Department of Financial Services Cybersecurity Regulations
• Consumer protection enforcement actions by Attorneys General or federal agencies including the Office for Civil Rights and the Federal Trade Commission
• SEC cybersecurity regulations
• State data security laws and regulations, including implementation of statutorily required Written Information Security Programs
• State and federal data privacy and security laws and regulations related to employee and workplace privacy
• State specific biometric information privacy laws and regulations
• Telephone Consumer Protection Act (TCPA)
• Video Privacy Protection Act (VPPA)

Our lawyers are knowledgeable about data collection technology, including the use of tracking technology like cookies and pixels for targeted advertising and behavioral advertising. We also understand the value and risks of collecting and using data for marketing and strategic purposes.

The team has a significant HIPAA compliance practice and assists covered entities and business associates navigate the intricacies of HIPAA, guidance from the OCR, and OCR enforcement actions. We have vast experience with HIPAA data breach response and statutory requirements.

Our Financial Services Cyber-Compliance team helps protect our banking, insurance, and financial services clients on a wide range of issues, including implementation of enterprise-wide cybersecurity programs, and adoption of required written cybersecurity policies and procedures to comply with state and federal laws.

Our Team

Our team is well-versed in incident and data breach response, mitigation, remediation, coordination, and litigation, including investigations by the U.S. Office for Civil Rights and state Attorneys General (AGs). We coordinate forensic investigations and mitigation tactics in the event of ransomware or other cyber attacks.

Our attorneys advise our clients in data mapping and development of enterprise-wide privacy and security plans, and compliance with privacy requirements and industry-specific regulations. We also advise on sharing and transfer of collected data and assist with strategy to minimize risk associated with the collection, use and disclosure of data. We regularly structure arrangements relating to data transfer, and prepare technology contracts and information security addenda to outline appropriate protection obligations for the sharing and care of customer and patient data.

We promote practices and policies to safeguard data against accidental or deliberate disclosure, including security programs. We provide tailored education programs for employees, executives and boards. We have completed dozens of cybersecurity tabletop exercises, which are designed to experience a live cybersecurity event and response.

Our lawyers also work with clients to develop website and mobile app privacy policies and terms and conditions of use, and social media policies, practices, and procedures.

Our Robinson+Cole team members also author the Data Privacy + Cybersecurity Insider blog, providing clients with timely, thoughtful, and cutting-edge legal news and perspectives about data privacy and cybersecurity issues. The widely-recognized blog has received multiple Readers Choice Awards distinction from JD Supra and featured in FeedSpot's "100 Best Infosec Blogs and Websites in 2025."

We actively speak at industry-sponsored programs on data privacy and cybersecurity developments, cases, trends, and agendas. We proactively track updates to federal and state privacy and security laws and proposals.

Our Data Privacy + Cybersecurity team is here to help you navigate the ever-evolving complexities of nationwide laws and regulations, providing skilled legal services for businesses in the digital sphere.