O’Melveny Worldwide

Data Strategy, Security & Privacy

Your company’s data generates tremendous value—and tremendous risk. O’Melveny helps you both manage and navigate the complex data compliance landscape.

Your company’s data generates tremendous value—and tremendous risk. O’Melveny helps you both manage and navigate the complex data compliance landscape.

As our clients collect and generate more data, we help make sure that data is an asset, not a liability, by developing policies and practices that keep clients in line with evolving cybersecurity and privacy obligations. Our lawyers counsel clients through the entire life cycle of privacy and data security concerns—from advising on global data privacy compliance, product development, and data-related transactions, to crafting privacy and data security programs and policies, managing incident response, and conducting internal investigations, litigation, and regulatory proceedings.

Our team has helped leading companies face today’s biggest privacy and data security challenges. Whether you’re dealing with the repercussions of a ransomware attack; facing the growing web of international, federal, and state privacy laws governing everything from biometrics to financial data; or responding to inquiries from regulators and attorneys general, we’ve got you covered.

We represent companies across industries, including hospitality, transportation, energy, health care, financial services, pharmaceuticals, gaming, consumer products, crypto and blockchain technology, and emerging Web3 and AI technologies. Senior business executives, company boards, technology leaders, and corporate legal departments look to our team to anticipate challenges, shape strategies, and address the business, legal, and policy issues surrounding privacy and cybersecurity.

Our capabilities include:

  • Global Data Privacy Compliance – advising companies on implementing policies and practices to comply with a wide range of data privacy laws, including state laws such as the the California Consumer Privacy Act and California Privacy Rights Act, and international laws such as the EU General Data Protection Regulation.
  • Advertising and Marketing Practices – advising companies on data privacy and security compliance for the advertising and marketing campaigns.
  • Product counseling – working with companies to ensure they design new products with privacy requirements in mind.
  • Privacy Diligence in M&A Transactions – conducting diligence on target companies to identify and mitigate privacy risks.
  • Data Protection and Data Transfer Agreements – drafting and negotiating agreements for data transfers between parties.
  • Cross-Border Transfers and Transfer Impact Assessments – advising companies on the requirements for cross-border data transfers, including preparation of transfer impact assessments.
  • Health Information Privacy – advising healthcare providers, pharmaceutical companies, and insurers on compliance with HIPAA and state laws governing medical privacy and genetic data.
  • Financial Information Privacy – advising companies on compliance with state and federal financial-privacy laws, including Gramm Leach Bliley.
  • Children’s Privacy – advising companies on compliance with the Children’s Online Privacy Protection Act.
  • Data Minimization and Record Retention – developing record-retention and data governance policies that ensure compliance legal requirements.
American Airlines

Obtained dismissal of a biometric privacy class claim in a first-of-its-kind decision, critically important to the industry as a whole, amid states’ increasing efforts to adopt biometric privacy laws.

Financial Services Company

Advised a major consumer finance company on developing a program that is compliant with the CCPA and CPRA and GLBA.

Geolocation Company

Assisted a geolocation company revise their privacy policies and respond to state attorney general and congressional inquiries.

Global Data Privacy Compliance

Advising dozens of clients across a range of industries—including hospitality, financial services, technology, health care, pharmaceutical, consumer products, professional services, marketing, and financial services—develop and implement global data-privacy compliance policies, respond to data subject requests, and manage and respond to data breaches. We also counsel clients on cross-border data transfer, litigation, internal investigations, and data-collection matters.

Global Technology and Manufacturing Companies

Advised global technology and manufacturing companies on US restrictions of information communications technology.

Life Sciences Companies

Assisted numerous immunotherapy and life science companies on developing global compliance programs and addressing potential security incidents.

Major Airline

Assisted a major airline to develop policies and procedures to incorporate artificial intelligence into their ticketing operations and customer management.

Major Insurance Company

Advised a major insurance company on the legal risks of incorporating artificial intelligence into the company’s claims processing.

Major Insurance Company

Assisted a major insurance company revise their cyber insurance policy to institute a novel framework for covering and mitigating systemic cyber risk in the cyber insurance marketplace, and refined the policy’s Act of War clauses to account for how cyber operations are conducted and perceived by nation states.

Technology Manufacturer

Advised a technology manufacturer on their response to a data security incident involving US Securities and Exchange Commission reporting.