About Our Privacy & Cybersecurity Group

Fenwick & West helps companies of all sizes manage the risks associated with the collection, use and disclosure of electronically stored information, including sales, research, consumer and employee information.

Companies rely on us to help them balance their ever growing—and increasingly challenging—needs to comply with the seemingly contradictory rules and regulations regarding privacy laws, audits, investigations and litigation while meeting their overall business objectives. Our clients span every industry sector and range from emerging innovators to market leaders, including Carrier IQ, Shutterfly, Deutsche Bank, Virgin America and Shaklee Corporation.

Our collaborative approach includes attorneys from our Intellectual Property, Litigation and Electronic Information Management practices. The group’s primary services include:

Counseling and Compliance

We counsel our clients on a full range of matters to ensure compliance with privacy laws and regulations, including:

  • Develop privacy and information-security practices and policies tailored to your website, business, industry, and geographic region
  • Create legally compliant and technologically sound data security procedures
  • Provide advice and counsel to mitigate cybersec​urity breaches
  • Analyze required and desirable incident-response measures as to data breaches
  • Advise on information retention and destruction requirements, information sharing, and information disclosure
  • Privacy and content risk analyses and audits
  • Ensure compliance with state, federal and foreign-jurisdiction regulations, including GLBA, HIPAA, CAN-SPAM, COPPA, and the European Union Privacy Directives
  • Maintain privacy of employment and medical records
  • Provide guidance on conducting lawful employee background checks, including compliance with FCRA/FACTA, California’s ICRAA, and other states’ statutory schemes
  • Advise on permissible monitoring of, and restrictions on, employee conduct and communications, including as to social-media
  • Prepare technology-acceptable-use policies as to employees and others granted network access
  • Perform misconduct investigations


Our privacy litigation attorneys have represented clients in a number of matters, including some of the highest profile consumer privacy litigation in the country. Experienced former federal prosecutors, including computer crime prosecutors, help clients navigate data breaches and coordinate with federal law enforcement authorities. Recent representations include:

  • Consumer class actions, including the FCRA and TCPA
  • Violations of the Computer Fraud and Abuse Act
  • Privacy rules under the Gramm Leach Bliley Act

Mergers and Acquisitions

We regularly advise our clients on employee and customer privacy issues arising in mergers and acquisitions, including:

  • Negotiate the transaction’s privacy and security terms
  • Advise on transfer of target company’s employee and customer information
  • Integrate the target’s and acquirer’s internal and public-facing privacy policies, data handling policies, and security procedures
  • Assess potential liability under state, federal, and international privacy laws