<< All Practices

Information Security

If you collect data in any part of your business — financial, health, human resources, online behavioral data, private user communications and images — you face increasing financial and regulatory pressures to protect it. Threats come from all directions – disgruntled employees, lost laptops, organized crime syndicates, underground hacker groups, and foreign governments. The cost of a security breach is significant. You could lose intellectual property or trade secrets, sensitive consumer data, or customers’ trust and confidence. Running afoul of regulators and privacy watchdog groups is just as perilous to your bottom line.

We develop consumer-facing and internal privacy and security policies and incident response plans that can bring your company into compliance with applicable laws and help you keep pace with developing industry standards. Specifically, we help our clients with:

  • Compliance with the EU General Data Protection Regulation (GDPR), EU-U.S. Privacy Shield, HIPAA, COPPA, Gramm-Leach Bliley, FCRA, FTC Rulings and Consent Decrees, and compliance with other federal, state, and international privacy laws.
  • Development of privacy policies that articulate corporate practices in a way that satisfies legal requirements and meets industry best practice guidance for plain language and transparency.
  • Development of written information security programs and incident response plans.
  • Internal mechanisms to facilitate the transfer of data to affiliates, foreign data storage locations, service providers, partners, and advertisers.
  • Internal reviews and checklists for determining compliance with regulatory requirements.
  • Contract provisions regarding data protection requirements.
  • Compliance plans for sensitive data, including data related to children, health, or other sensitive areas.
  • Employee training.

We can also help:

  • Advise on security breach investigations, user requirements, and defend resulting regulatory inquiries and civil litigation.
  • Conduct information security assessments.
  • Develop and implement policies and procedures to minimize vulnerabilities, including incident response plans, data breach notification procedures, record retention, and related policies.
  • Advise on the security requirements of HIPAA, COPPA, GLB, FCRA, state and local security breach notification laws, and other U.S. state, federal, and international security requirements.
  • Perform information security due diligence for corporate acquisitions or equity investments.

Billing Philosophy

We believe the existing hourly law firm model is outdated and misaligns the interests of lawyers and their clients. That’s why we have alternative pricing models. On every matter, our goal is to find the right pricing structure to align our incentives with your success.

Learn more →

Trusted by some of the biggest names in tech.

“I have ZwillGen on speed dial ... Their deep substantive knowledge of our industry and the inner workings of start-ups enable them to offer pragmatic, actionable guidance quickly and at great value.”

Stephanie King, Former GC, AdRoll

“Whether it’s for a deep analysis of a complicated legal issue or just to bounce ideas off of experienced outside counsel with incredible responsiveness and sound judgement, I recommend ZwillGen.”

Belinda Johnson, Airbnb

“There isn't a single other law firm that projects as much joy as ZwillGen does.”

Kai Lee, Oak Hill Advisors