Data, Privacy & Cybersecurity | White & Case LLP International Law Firm, Global Law Practice
Data, Privacy & Cyber Security
Data, Privacy & Cyber Security

Data, Privacy & Cybersecurity


The frictionless flow of information is a defining feature of today's information economy. The ability to transfer customer data, employee files, financial records, and other information around the globe quickly and cheaply has opened up a world of opportunity for many businesses. It also presents a new world of risks.


Managing risk and adopting sound privacy and security standards

The potential for misuse of sensitive personal information has triggered legislative and regulatory action worldwide - the risks are high.  Privacy laws are continually evolving, vary by jurisdiction, are interpreted unpredictably, and are in a constant state of flux. Even the most well-meaning, conscientious company can make a false step as it captures, uses, transfers and discloses personal information. The same applies to cyber security, which is becoming increasingly complex. The consequences can be serious: heavy fines, injunctions, government audits, even criminal liability. Perhaps more importantly, companies that run counter to privacy and cyber security standards find themselves open to negative media attention and the immeasurable damage of lost consumer trust and confidence.

These risks have led a growing number of multinational companies to turn to our global data privacy and cyber security group for help in adopting sound privacy and security practices, ensuring regulatory and legal compliance, and protecting their competitive advantage.


Advising clients around the world in their compliance efforts

With one of the largest and most experienced data privacy and cyber security groups in the world, our global team is on hand to guide clients through the relevant data protection legislation in the jurisdictions in which they are active. Seamlessly working with their counterparts in other practice areas, our global team has the depth of resources to provide integrated, creative and practical advice on the privacy-related concerns faced by our clients, wherever they are located.

Our experience spans the full range of industry sectors including financial institutions and banking, biotechnology, pharmaceuticals and chemicals, construction and engineering, consumer goods and retail, automotive, hotels and leisure, IT, telecommunications, manufacturing and electronics, publishing and media.

Specific data privacy and cyber security services we provide for our clients include:

  • Cross-border data transfer (both intra-group and with third parties)
  • Binding Corporate Rules (BCR) and APEC Cross-Border Privacy Rules System
  • Privacy and cyber security policies
  • Privacy and cyber security audits
  • Data security breach preparedness and response
  • Privacy-related claims and disputes
  • Privacy statements for online activities
  • Employee privacy
  • Financial privacy
  • Healthcare privacy
  • Marketing policies
  • Privacy and cyber security aspects of cloud computing and other sourcing arrangements
  • Data processing and data transfer agreements
  • Privacy aspects of investigations and e-discovery
  • Due diligence and warranty negotiation for M&A


View all lawyers in Data, Privacy & Cybersecurity



"Adept at handling cross-border matters from offices in the USA, Europe and Asia. Experience covers BCR applications and the data protection aspects of technology transactions."
Chambers Global 2015

"Very helpful in identifying the best strategy to meet our unique needs."
Chambers UK 2015

"Law Firm of the Year 2015" for Information Technology
JUVE 2015/2016

Recognized as "leading" for data protection. 
JUVE 2014/2015
The Legal 500 – Germany 2015

"Its highly varied workload includes a number of IT sourcings, providing insight into cloud computing technologies combined with deep reserves of corporate transactional experience."
Chambers Global 2014

"They stand out for their understanding of the nuances and interaction between business, law and technology, as well as a wide array of commercial issues."
Chambers Global 2014

"This group wins praise… for its ability to provide seamless cross-border advice on data protection issues…The firm is also increasingly active in matters relating to cyber security and liability."
Chambers Global 2013

"Responsive, knowledgeable and extremely helpful lawyers who are very smooth internationally."
Chambers Global 2013 

"This team is noted for its expertise in data protection, privacy compliance and online behavioural advertising."
Chambers UK 2012


Global consumer goods company
White & Case is providing this confidential client with advice and strategic guidance on global data protection compliance matters including, but not limited to, compliance with the forthcoming General Data Protection Regulation, the implementation of Binding Corporate Rules, support on data processing agreements and related data protection compliance initiatives. This project is global in scale, involving entities in all major markets around the world.

Privacy-related disputes for social media company in the EU
Advising a leading social media company in relation to privacy-related disputes in several EU jurisdictions.

Multi-country review of in-vehicle systems for car manufacturer
Assisting a leading car manufacturer with respect to the privacy and telecommunications law aspects of in-vehicle systems in 52 jurisdictions.

Multi-country review of security policies for international banking group
Review of the information security policies of an international banking group under the legal and regulatory framework of various major jurisdictions.

Global data privacy compliance project for pharmaceutical manufacturer
Advising an international pharmaceutical manufacturer in relation to a global data privacy compliance project with a particular focus on healthcare privacy.

Cross-border data privacy issues for manufacturer of electronic devices
Advising a multinational manufacturer of electronic devices on all issues related to European, Asian, South American and Pacific human resources and client personal data, including performance of a data privacy audit, drafting of intra-group privacy policies and contracts, assisting with European works council laws, and preparation of binding corporate rules.

Intra-group transfer of personal data for energy supplier
Advising an international energy supplier on the intra-group transfer of personal data (included related agreements with employee representatives).

HR management data protection issues in 30 countries
Review of the proposed introduction of a group-wide HR management system by a leading manufacturer of wires and cables under the data privacy laws of more than 30 countries.

Establishment of shared services centres for international consumer goods manufacturer
Advising a leading international consumer goods manufacturer on data privacy and employment law related matters in 25 countries worldwide with regard to the establishment of intra-group shared services centres for certain HR functions.

Privacy aspects of investigations and e-discovery for financial institutions
Advising several leading financial institutions on data privacy issues in relation to civil, criminal and competition investigations and disputes.

Security breach and notification obligations in various industries
Advising companies in various industries on their respective obligations under federal and state security breach and notification laws.