Return to Mobile Site

Data Security and Privacy

AALRR has a dedicated team of lawyers and professionals focusing on advising clients about all aspects of data security, privacy and e-Discovery. From minimizing risks through compliance counseling, to implementing crisis management strategies and tools to minimize and mitigate our clients’ losses, to recovering stolen data through aggressive litigation, we have the expertise to assist you.

Compliance Counseling
Our clients operate in a fast-paced electronic landscape that includes ever-increasing threats of data theft, hacking, malicious infiltration, and employees engaging in deliberate sabotage or making inadvertent mistakes.  Every business must be proactive in implementing proper policies to safeguard the privacy rights of its employees and customers.  We have helped countless clients by informing them about their obligations under ever-changing breach notification laws and help them discharge their obligations in the short time frames that those laws impose. 

We are frequently retained to assist our clients navigate other issues related to data theft, including by drafting and implementing personal device use and policies, document retention policies, and terms of service and use agreements.  We have also advised our clients with respect to search and seizure issues, First Amendment rights, electronic discovery obligations, identity theft monitoring, the growing BYOD movement, use of social media and the internet in employment hiring practices, and the ways in which mobile workforce practices can affect an employer’s wage and hour obligations.  We are frequently asked to give advice about these issues in the context of a comprehensive review of our clients’ policies governing the management of human resources.

AALRR also offers a wide array of data security- and privacy-related transactional services.  We routlinely draft and negotiate purchasing and licensing agreements for hardware, software, database management, cloud storage, and Software as a Service.  We also regularly work with in-house counsel, CTOs and CIOs, and records management personnel to design and implement effective document retention and destruction practices.

To help our clients better understand and manage data and privacy risks, our attorneys are frequently give presentations on these issues throughout California, including at AALRR’s annual EdLawTech and Employment Law Conferences, as well as events hosted by the American Bar Association, the Public Agency Risk Managers Association, and the California Chief Information Security Officers Association.  AALRR is a thought leader, committed to advancing law and policy by staying current and working closely with the industry.  Several of our attorneys are certified members of the International Association of Privacy Professionals.

Crisis Management
Even those companies that are most vigilant about protecting their employees’ and customers’ personal data can fall victim to security breaches.  Without experienced counsel, such breaches can result in staggering costs throughout the organization, in terms of money, employee time, and reputation.  However, those costs can be contained and minimized with proper advice from our battle-tested experts.  When the security of our clients’ electronically stored information has been compromised, we spring into action to confidently navigate our clients through their legal and reporting responsibilities.  We advise our clients on the availability of insurance coverage under their policies, and coordinate messaging for public relations.  While no legal counsel is a substitute for security experts and electronic forensic examiners, our team works seamlessly with such experts to mitigate the damages, control notification messaging, and review and improve policies to help protect data and company assets going forward.

Litigation Support
Our Data Security and Privacy Team works closely with our litigators whenever issues arise concerning the use of data.  Whether a client needs injunctive relief to recover critical misappropriated trade secret data, or simply the most efficient e-discovery strategy possible under the particular circumstances of their case, our solution-oriented professionals will handle the job quickly, thoroughly, and cost-effectively.

Our attorneys and technical litigation support staff have a wealth of experience providing our clients with expert e-discovery services, including document collection and review.  We prepare and send litigation hold notices, and then work closely with our clients on the ensuing document collection, privilege review and production.  Our comprehensive knowledge of the strengths and weaknesses of the latest e-discovery software tools and platforms enables us to craft the best solution for each case.  Where appropriate, we use the most advanced predictive review tools to identify responsive documents without forcing our clients to pay for associates and paralegals to review and code millions of pages.  Our expert reviewers carefully draft search queries to locate the key documents in the shortest possible time, using AALRR’s electronic data processing and review tools.  Our expertise and flexibility keeps the costs of discovery for our clients well below the opposition. 

Every case is unique, so we choose the tools that help us complete the job at hand in the most efficient way possible.  We select e-Discovery, computer forensics, cyber security and document review service providers that will help us most efficiently craft a well-organized, easy-to-use document management system that fully equips our litigators to have what they need, when they need it, to win our clients’ cases. 

AALRR has a dedicated team of lawyers focusing on advising clients and litigating regarding e-Discovery, data security and privacy and technology issues.  The firm’s representative experience in these areas includes:

Data Privacy and Security

  • Successfully defended publicly traded social media company in complex litigation against accusations of data theft.
  • Obtained injunction and favorable settlement for large general contractor, preventing any dissemination or use of illegally downloaded data and emails to external hard drives. 
  • Investigated unauthorized release of workers’ compensation and payroll information of our client’s employees without their consent.  We determined the source of the breach to be an external payroll provider and successfully demanded that it immediately remedy the breach at its full expense. 
  • Represented school district against multiple insurance companies’ mishandling its employees’ personal information.  We successfully resolved the matter by demanding that the insurance companies provide all necessary data breach notifications and reimburse the school district for its costs.
  • Represented an international bank in an internal investigation regarding the disclosure of confidential information by an insider to an outsider.  We were able to identify the insider, who was subsequently terminated.
  • In defending a school district against wrongful termination claims brought by a former employee, we discovered that the plaintiff had hacked into student and employee accounts to send defamatory, racially and sexually inappropriate emails. Shortly after we made this discovery, the employee dismissed the case.

Social Media, Intranet and Websites

  • Represented corporation against a competitor who was posting defamatory information on social media sites.  AALRR was able to determine the identity of competitor and stopped the conduct. 
  • Represented multiple clients in obtaining removal of unauthorized content from various online sites.
  • Advised clients in connection with privacy issues online, as well as policies for websites.
  • Advised clients regarding use of “behavioral cookie targeting” and other data gathering devices.


  • Obtained a $5.2 million dollar terminating sanction in connection with the destruction of a hard-drive in a multi-million-dollar construction dispute.
  • Represented school district for alleged wrongful termination action filed by a whistle-blower.  We were able to forensically demonstrate false emails were sent by whistle-blower prior to termination.
  • Represented multiple public and private clients in text messaging harassment lawsuit.
  • Prepared document retention and preservation policies for public and private clients.

Purchasing and Contracting

  • Negotiated terms and conditions for purchase of hardware and software licenses, implementation and service agreements, and agreements for cloud computing.
  • Represented public institutions and agencies regarding financial management systems, student information systems, data management systems, offsite data storage, financial aid disbursement, and website terms of use and privacy policies.