Practice Areas & Industries: Duane Morris LLP


Group Profile Lawyers in this Group Offices Locations for this Group

Practice/Industry Group Overview

Cybersecurity is one of the big issues of our times and continues to grow. It affects more and more corporations as they fall the victim of attacks from activists, competitors and even other countries' governments. These attacks are growing in frequency, complexity and ferocity. Companies, large and small, are increasingly a target of sophisticated attempts to steal their data and compromise their systems. Lawmakers around the world are struggling to keep up with this rapidly changing environment and even the requirements for publicly reporting security breaches once discovered remain in flux.

Duane Morris lawyers have more than a decade of experience dealing with these type of attacks. We have assembled a dedicated group of technology-savvy lawyers with vast industry-specific experience who utilize an interdisciplinary approach to help clients in these areas.

Duane Morris lawyers often get involved in cross-disciplinary teams to respond to an attack using the benefit of our extensive contacts to help an organization detect, contain and respond to an attack. As experienced multi-national counsel, Duane Morris lawyers can respond 24x7x365. In most jurisdictions, the attorney client privilege of our lawyers will be recognized with an appropriately structured team.

The Duane Morris Cybersecurity Response Team includes lawyers in Asia, Europe and the U.S. with extensive knowledge of the technology, regulatory compliance, media relations, public perception and potential liability issues that come with these attacks. From preventative planning, through discovering a breach and dealing with its aftermath, we help our clients protect themselves, their data, their customers and employees and, most of all, their future.

Representative Matters

  • Counseled numerous large companies on electronically stored information (ESI) and e-discovery.
  • Advising a sports franchise concerning their privacy and security issues, as well as electronic health records for the players and the sports league.
  • Counseled a healthcare-related nonprofit in its handling of a security breach when a disgruntled employee removed a flash storage drive containing thousands of patients' personal and medical information.
  • Represented a long-term care pharmacy in providing privacy and compliance support for a mobile health application providing long-term care pharmacy support.
  • Represented a healthcare technology company in providing privacy and security compliance support for an application targeted for prescriptions and mobile health wellness support for diabetes.
  • Represented a healthcare technology company in providing FDA, privacy and security compliance support for a mobile health application targeted at cardiac conditions.
  • Provided corporate and regulatory support concerning assumption of risk and consent documents and privacy issues for a company providing clinical decision support software using evidence-based risk assessment tools to assist case managers to make data-driven decisions at discharge.
  • Designing Medicare Downstream and HIPAA Privacy & Security compliance programs for a private equity backed media group that provides medical content and direct mail services for payor education programs, provides e-prescribing and discharge medical content (e.g. dosage information) for providers, and provides medical content through mobile applications.
  • Routinely assist multinational medical device company in privacy and security issues.
  • Designed privacy and security program for international data analytics company.
  • Assisted major U.S. internet security company with cybercrime investigation and enforcement under the Digital Millennium Copyright Act against entities engaged in illegal online file sharing.
  • Obtained judgment dismissing consolidated federal class actions alleging claims under Electronic Communications Privacy Act, Stored Communications Act, Computer Fraud and Abuse Act, as well as state common-law and statutory claims. Plaintiffs alleged that Zynga shared personally identifiable information with advertisers through the transmission of referrer headers that linked to Facebook user pages – allegations that were based on an October 18, 2010, front-page Wall Street Journal article. Zynga argued that any leakage did not involve the "contents" of any communications under the federal privacy statutes, that any transmissions resulted from standard web-browser operations and that plaintiffs had not alleged any actual harm. In May 2014, the Ninth Circuit affirmed the dismissal of all claims against Zynga and the dismissal of most claims against Facebook in the parallel Facebook Privacy case. In re: Zynga Privacy Litigation, No. 11-18044, ___ F.3d ___, 2014 U.S. App. LEXIS 8662, 2014 WL 1814029 (9th Cir. May 8, 2014).

Group Presentations
  Duane Morris' Scott Gluck to Present at Capital Roundtable's Conference on PE Fund Administration & Compliance , New York City , October 6, 2016
Duane Morris Partners Lisa Clark and John Neclerio to Present at 4A Healthcare Data Security & Privacy Symposium , Drexel University - LeBow Hall, Philadelphia, PA , October 4, 2016
Philly Tech Week: Cybersecurity Policies and Best Practices , Duane Morris LLP, Philadelphia , May 5, 2016
Duane Morris Partner Joseph M. Burton to Present at Information Security Media Group's Fraud & Breach Prevention Summit , Hilton Financial District, San Francisco , March 22, 2016
Cybersecurity in Healthcare: Legal and Reputational Risks and Responses , Duane Morris LLP, New York City , March 9, 2016
Articles Authored by Lawyers at this office:

Seller Beware: Recent Lawsuits Under N.J. Truth-in-Consumer Contract, Warranty and Notice Act Target E-Commerce Businesses
, August 17, 2016
Online retailers across the United States have one more issue to consider as they prepare for the next sale: a growing number of lawsuits under the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (TCCWNA) alleging that standard online terms of service agreements on websites violate...

Russia's Personal Data Localization Law: Expanding Enforcement
, August 02, 2016
Confusion and concern have surrounded Russia’s personal data localization law since it went into effect on September 1, 2015. The law mandates that data operators that collect personal data about Russian citizens “record, systematize, accumulate, store, amend, update and retrieve”...