We Simplify the Complex and Provide Businesses with Compliant Solutions.

Every business faces data protection, security, and artificial intelligence risks. Today, businesses operate in a patchwork of federal and state laws, regulations, litigation, and governmental guidance that requires sophisticated legal partners who understand the complexity of the landscape, legal issues, and risks posed to your business.

At Hinshaw, we create strategic and practical compliance solutions for data protection and security programs, cybersecurity incidents, and artificial intelligence systems. We also help businesses update their internal privacy policies and defend privacy claims asserted by private litigants, state attorneys general, and state and federal regulators.

Delivering Data Protection, Cybersecurity, and Artificial Intelligence Compliance Solutions to your Business

Data Protection and Governance

Whether you need to ensure that a new or existing product is designed with data protection and regulatory controls built-in; address how to legally collect personal information from consumers, employees, or your business-to-business clients; evaluate what data rights are required for an acquisition; or manage the numerous vendors handling your company’s data assets in your technology stack, our team offers creative legal solutions to business-orientated data protection.

We regularly help clients with:

  • Gramm-Leach-Bliley Act and the Privacy Rule and Safeguards Rule under Regulation P
  • Fair Credit Reporting Act and the Affiliate Marketing Rule under Regulation V
  • State privacy law compliance (including California Consumer Privacy Act and similar laws)
  • General Data Protection Regulation and ePrivacy compliance (including for cookies and similar technologies)
  • Cross-border data transfers, including in relation to standard contractual clauses, technical organizational measures, and the data privacy framework
  • Privacy notices and privacy policies
  • Internal privacy governance programs
  • Commercial transactions, including mergers and acquisitions, data licenses, data protection addenda, and vendor agreements
  • Product data protection, security, and artificial intelligence counseling
  • Employee privacy
  • Automobile and connected cars privacy
  • Comprehensive privacy and data protection assessments to evaluate existing controls, maturity levels, and process improvements
  • Data subjects’ rights and request management and response
  • Direct marketing and communications rules for emails, texts, phone calls, and other channels, including under the CAN-SPAM Act, Telephone Consumer Protection Act, Telemarketing Sales Rule, and Mortgage Acts and Practices Advertising Rule
  • State telemarketing, telephone solicitation, automatic dialing and announcing devices, and other consumer communications laws and regulations
  • Government or litigation-related demands for data
  • AdTech and MarTech privacy
  • HIPAA and health privacy
  • Financial privacy and fintech issues
  • EdTech, Family Educational Rights and Privacy Act (FERPA), and education privacy
  • Training and education
  • Data privacy and protection litigation, including Illinois Biometric Information Privacy Act (BIPA), Telephone Consumer Protection Act (TCPA), and data breach litigation
Proactive Cyber Counseling

Our proactive cyber legal defense team helps organizations of all sizes prepare for a cyber incident, assists after an incident, and puts the organization in the best possible position to respond to and mitigate the impact.

We take a business-oriented view of your cyber risks and implement practical, affordable strategies by:

  • Advising on security breach investigations, user requirements, insurance coverage issues, and defending any resulting regulatory inquiries and civil litigation
  • Conducting information security assessments
  • Developing and implementing policies and procedures to minimize vulnerabilities, including incident response plans, data breach notification procedures, record retention, and related policies
  • Advising on the security requirements of GLBA, FCRA, SEC, CFPB, federal and state banking regulators, state and local security breach notification laws, and other U.S. state, federal, and international security requirements
  • Performing information security (and data protection) due diligence for corporate acquisitions or equity investments
  • Demonstrating a cybersecurity posture and reviewing insurance coverages for these risks
  • Educating and training the C-Suite and other stakeholders about the potential threats, effective mitigation and prevention procedures, and how to respond to a cyber incident
Artificial Intelligence

Addressing artificial intelligence (AI) compliance is top of mind for many businesses today as regulators are increasingly focused on AI organizational compliance. Hinshaw provides clients with a multidisciplinary team of attorneys with legal experience in AI and machine learning counseling and guidance. We advise our clients on:

  • The use of AI in consumer credit products and services, including consideration of potential fair lending implications and risks of unfair, deceptive, and abusive acts and practices (UDAAPs)
  • The use of HR AI platforms and employment-related matters
  • AI third-party procurement and vendor contracts
  • Developing and implementing forward-looking and comprehensive AI compliance programs with a risk-based approach
  • Reviewing generative AI intellectual property and proprietary rights issues
  • Complex acquisitions and implementations of machine learning/AI systems, including navigating regulatory risks from numerous AI use cases
  • Negotiating complex transactions for AI third-party solutions
  • Regulatory compliance issues regarding the use of artificial intelligence in marketing and advertising programs
  • Advising AI and data companies on AI, data protection, intellectual property, cybersecurity, and other regulatory and best practice requirements for their AI product development, operations, and launch
Litigation Defense

Hinshaw is a leader in defending privacy claims. We have litigated thousands of privacy class actions in state and federal courts nationwide. Our team has defended privacy class actions including, but not limited to, claims for alleged violations of the Illinois Biometric Information Privacy Act (BIPA), Illinois Right of Publicity Act (IRPA), Telephone Consumer Protection Act (TCPA), Fair Debt Collection Practices Act (FDCPA), Fair Credit Reporting Act (FCRA), and the Video Privacy Protection Act (VPPA). Statutory damages under these acts can range from minor to catastrophic.

Our team draws on its vast experience and develops unique, fact-driven strategies and tactics for success. We employ strategies aimed at cutting off class actions as quickly and expeditiously as possible. If a case does move forward, we immediately engage in an active motion practice to thwart or halt the plaintiffs' momentum. At every step, we partner with you as we draw on our extensive courtroom and negotiating experience to provide unparalleled representation before regulators, attorneys general, judges, and juries.

Hinshaw's Privacy, Security & Artificial Intelligence team is dedicated to bringing you best practices and offering tips that we believe will be of value in managing data protection and security programs, cybersecurity incidents, and artificial intelligence systems.

Subscribe for Insights