Data Security and Privacy Law


Representative Matters

Cybersecurity remains a hot topic and of relevance to law firms and their clients, particularly insurers who collect personal data of their policyholders. Recently, both American and European regulators have announced major initiatives on privacy and data security.

Butler Rubin’s team includes a former in-house general counsel who has worked on privacy and data security in the cyber arena for more than 20 years, as well as two other partners who are certified as CIPP/US, a Certified Information Privacy Professional designation for the U.S. private-sector from the International Association of Privacy Professionals.

Firm offerings include:

Assessment/Policy Drafting/Best Practices

This offering consists of a number of steps to address your organization’s cyber needs.

Steps include:

  • Draft Coverage Clash/Policy Wording for Insurers
  • Inventory/Assessment
  • IT Phishing and Penetration Testing- Partnering with vendors, these tests would indicate your organization’s vulnerabilities
  • Prepare Incident Response Plans
  • Privacy Policies and Procedures
  • Training and Policies Rollout


Butler Rubin has long been a leader in ADR and counsels a major dispute resolution association on cyber issues. We have developed extensive experience in privacy and data security and the combination of these two areas benefits our clients who are seeking resolution of disputes in arbitration.

Data Breach Coverage Litigation

Butler Rubin has a long history of litigating disputes for our insurance and reinsurance clients on complex coverage and insurance issues. Given that experience as well as our regulatory practice, we are equipped to represent you should a cyber dispute arise.

The following describes some of the firm’s representative experience involving cyber and privacy:

  • Advise an organization on its privacy processes and procedures and recommend adoption of best practices to enhance its privacy.
  • Advise a client on vendor contract revisions and best practices to address data and privacy concerns.
  • Train a law department of a large multinational insurance organization on the Rules of Professional Conduct and technology and privacy laws.
  • Train general counsel organization on the Rules of Professional Conduct and technology and privacy laws.
  • Research and analyze privacy and email rules and data retention laws and requirements on a worldwide basis for a client.