Wiley’s Privacy, Cyber & Data Governance Practice advises clients pursuing mergers, acquisitions, joint ventures, and other transactions involving companies collecting, using, and sharing consumer data. Federal, state, and international laws widely regulate companies’ use and management of data, and companies’ data management practices can create significant risk in transactions. Additionally, these laws are not static, and a company can face significant liabilities if it is unprepared to deal with evolving laws and expectations around data privacy and security. We advise clients on effective due diligence to understand legal obligations and risks in a world where companies now routinely collect and use extensive amounts of personal data.
We have expertise in helping companies understand their overall data governance practices, identifying and applying any relevant law, and advising on risks and best practices. We regularly counsel clients on privacy laws ranging from the European Union’s General Data Protection Regulation (GDPR), to federal privacy laws enforced by the Federal Trade Commission (FTC), to state laws such as the California Consumer Privacy Act (CCPA) and the Illinois Biometric Information Privacy Act (BIPA) – and we monitor and track potential developments at the congressional, agency, and state levels. We also counsel on risks and best practices in cyber and data security, including FTC requirements, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, state laws including California’s Internet of Things (IoT) data security law and the New York Department of Financial Services Cybersecurity Regulation, and other information security requirements. We advise clients across a wide range of sectors, including technology, media, financial services, insurance, government contractors, retail, and telecom providers.
Our privacy, security, and data governance counseling builds on Wiley’s decades of expertise in advising on regulatory aspects of complex and high-profile media and telecom transactions. With the emergence of such laws as the GDPR and CCPA, the proliferation of litigation and regulatory interest around data breaches and biometric data collection, and the prospect of more laws to come, diligence on privacy, cyber, and data governance has become a critical part of evaluating and structuring transactions.