Data Privacy, Cybersecurity & Artificial Intelligence

Winthrop & Weinstine provides a wide range of data privacy and security legal services as cybersecurity threats mount around the world. With data breaches making headlines, Winthrop & Weinstine’s Data Privacy, Cybersecurity & Artificial Intelligence (AI) Practice helps clients navigate the most complex and most current data privacy legislation and regulations, including global privacy regimes such as the General Data Protection Regulation (GDPR), to manage their data privacy and cybersecurity risk.

Our Approach

Our experienced team of attorneys combines up-to-date legal acumen with the technological know-how to provide successful cybersecurity solutions. Members of our practice include attorneys recognized as Certified Information Privacy Professional/United States (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E), and Certified Information Privacy Manager (CIPM). In addition, our interdisciplinary team advises clients on the full range of matters that may arise in relation to data privacy and security, spanning counseling, regulatory compliance and enforcement by regulatory authorities, as well as litigation, should it arise.

Counseling

Our team of experienced data privacy professionals work closely with clients on the front end to develop policies and procedures to enhance and protect security, reduce risk, and assess preparedness should a data security incident occur. We advise clients on the appropriate ways to collect, maintain, and use data for their businesses while still complying with the many-and-increasing data privacy laws in the United States and globally.

Develop and implement policies and procedures
Assess preparedness and advise on changes
Counsel on collection, maintenance, use, and retention of data
Review, negotiate and draft contracts and other agreements (vendor agreements, cloud computing, SaaS agreements, and business associate agreements)
Website privacy policies

Compliance and Investigations

Privacy laws apply to nearly everyone who controls personal data – including your business. With the alphabet soup of state, federal and international laws, often with overlapping and different requirements, it can be challenging to keep up with all of the compliance needs. Our team is well-versed in these laws, and advises clients on appropriate protection of personal information, protected health information, and other private data under those laws. In addition, we guide clients who may be the subject of investigation by regulatory authorities, whether they have experienced a breach or not. We help clients respond to requests and interact with regulatory agencies, relying on our extensive experience that includes time working in the Attorney General’s office, as well as before a wide range of agencies, and the knowledge of strict policies and procedures that come along with audits and complaints.

Gramm-Leach-Bliley Act (GLBA)
Stored Communications Act (SCA)
Health Insurance Portability and Accountability Act (HIPAA)
Fair Credit Reporting Act (FCRA)
Computer Fraud and Abuse Act (CFAA)
Do Not Call Registry
Family Educational Rights and Privacy Act (FERPA)
Federal Trade Commission’s Red Flag Rule
The Fair and Accurate Credit Transactions Act (FACTA)
Automatic Renewal Laws (ARL)
Telephone Communications Protection Act (TCPA)
California Consumer Privacy Act 2018 (CCPA)
California Privacy Rights Act (CPRA)
Standard Contractual Clauses for data transfers under the GDPR
Minnesota Health Records Act (MHRA)
Health Information Technology for Economic and Clinical Health Act (HITECH)
Consumer Protection Act (CPA)
42 CFR Part 2

Notable Experience

Represent corporate travel technology startup in connection with implementing policies and practices required by the GDPR
Represent international wearable IoT company in connection with HIPAA compliance
Drafted and reviewed HIPAA Security Manual for health care client
Advise incident response team of an international food manufacturing company
Assisted communications company with a potential data security incident
Defended client in litigation brought in relation to a Business Email Compromise incident

Dedicated Attorneys and Professionals

Shareholder

Gerald H. Fornwald P / 612.604.6584 E / [email protected]

Shareholder

Nadeem W. Schwen P / 612.604.6456 E / [email protected]

Counsel

Lisa B. Ellingson P / 612.604.6573 E / [email protected]

Counsel

Jacob S. Woodard P / 612.604.6775 E / [email protected]

Associate

Megan M. Miller P / 612.604.6394 E / [email protected]