Data Privacy and Security


Increasing cyber threats and subsequent data regulations are impacting how companies do business. The business and legal implications of data security breaches are complex and serious, from loss of customer loyalty, to regulatory and compliance issues, to litigation.

Prince Lobel’s multidisciplinary team of lawyers helps you review your data protection practices and policies to comply with vast state, federal, and international laws and regulations. Our attorneys draw upon their broad experience in the fields of law, compliance, information technology, finance, and public policy to assist clients with effective data privacy and protection plans and breach responses.



We advise clients on business compliance implications and the protection of data under applicable privacy and/or data protection acts, regulations or rulings, such as:

  • The Gramm-Leach-Bliley Act of 1999 and related rules and regulations;
  • The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), and its Privacy, Security, and Breach Notification Rules;
  • The General Data Protection Regulation (officially Regulation 2016/679) (GDPR), the EU Cookie Directive, and the (proposed) E-Privacy Regulation
  • Data security law and regulations in Singapore, Hong Kong, Russia, and the Middle East;
  • Regulations of the Securities and Exchange Commission, the Federal Trade Commission, the Financial Industry Regulatory Authority, Inc., and the United Kingdom’s Financial Services Agency;
  • The reconciliation of the Cybersecurity Information Sharing Act, the Protecting Cyber Networks Act, and the National Cybersecurity Protection Advancement Act;
  • Advising clients on industry “best practices” for data privacy preservation and protection for corporate risk management and compliance programs;
  • Advising clients anticipating the results of the Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience;
  • Reviewing and negotiating Business Associate Agreements on behalf of health care providers and contractors to health care providers;
  • Providing Massachusetts Written Information Security Plan (WISP) training and compliance;
  • Representing employers and businesses (including retailers) that have experienced internal, external, and third-party vendor data security compromises, breaches and/or network or device intrusions;
  • Reviewing and negotiating cyber liability insurance coverages;
  • Drafting and updating HIPAA policies and procedures;
  • Advising clients in compliance with data breach notification statutes and regulations and preparation of all required notices to regulators, law enforcement personnel, and any affected individuals concerning any reportable event;
  • Representing businesses, including retailers that have experienced security breaches and intrusions, facing regulatory enforcement or civil litigation (including civil class action litigation);
  • Advising clients responding to HIPAA privacy and security breaches;
  • Defending businesses, (including retailers, against regulatory enforcement actions or civil litigation (including civil class action litigation) in all state and federal courts;
  • Assisting business clients with crisis response, customer relations guidance, call-center establishment, and customer interface information; and
  • Advising and assisting clients in forensic investigations of the cause of potentially criminal and/or fraudulent data security compromises, breaches and/or network or device-based intrusions and facilitating proper cooperation, communication, and reporting to federal, state and local law enforcement or other investigative personnel.