resilience through diligence

Cybersecurity, Privacy & Social Media


In a world dependent on information technology, networked operations and mobile connections, businesses face an increasing array of cybersecurity and data privacy challenges. Dorsey offers a coordinated worldwide team that helps assess your data flows and guide compliance efforts.  When a security incident occurs, Dorsey’s team can respond immediately with a complete range of services to help you meet this challenge.  Increasingly, privacy compliance is table stakes in vendor relationships and mergers and acquisitions.  Dorsey helps its clients negotiate contracts, draft privacy and security policies, and consider privacy challenges raised by cutting-edge technologies.

Dorsey provides proactive planning and assessment of rapidly-evolving legal requirements and can handle cyber threats and incident response whether you are a Fortune 100 multinational company or a start-up.  We stay on the forefront of evolving technologies, regulatory requirements, and industry best practices to provide you with comprehensive and practical legal solutions.

Video: Five Steps to Prepare for a Data Breach

Top Infosec and Privacy Issues

Biometrics + -
General Data Protection Regulation (GDPR) + -
Incident Response + -
Information Security Policies + -
Mergers and Acquisitions + -
NIST Cybersecurity Framework Menu + -
Proactive Steps to Protect Data + -
Responding to a Data Breach + -
Technology Contracts + -
Vendor Management + -
Website and App Privacy Policies + -


Data Breach Investigation and Response

  • Dorsey recently was approached by a number of California wineries who had been notified by a common vendor that their customer information may have been hacked. We put together a team overnight to provide breach notifications to customers of over 30 wineries for 48 different jurisdictions and to dozens of state Attorneys General within 24 hours of being retained. While the Krebs blog had a head start on us, by the time it “broke the story,” customers had already been notified, and the media ignored the event.
  • Dorsey developed immediate response measures for a large agricultural cooperative whose sensitive payroll information of high-level executives had been compromised as well as emergency communication procedures. Within an hour of the incident we assessed the potential scope of disclosure, possible methods for retrieval to minimize potential dissemination of material, and assessed reporting obligations.
  • Our cybersecurity team assisted a health care provider with a data breach response involving unauthorized disclosure of PHI by an employee. Our team assessed potential notification requirements, retrieved data from various devices used by the former employee and her family, and developed creative alternatives to address emerging issues not covered by regulatory guidelines.
  • Members of Dorsey’s data protection team represented a health care organization in an Office of Civil Rights investigation of potential HIPAA violations following a data breach involving over 38,000 individuals.
  • Dorsey represented a human capital management company in a class action lawsuit arising from a third-party hacker. Plaintiffs alleged that because the hacker accessed their personal information, they faced an increased risk of identity theft, and were forced to pay for credit monitoring and identify theft protection. A New Jersey trial court granted Dorsey’s motion to dismiss on the grounds that Plaintiffs lacked standing to sue absent alleged actual misuse of their personal information or actual identity theft. The Third Circuit affirmed.

Proactive Prevention

  • A Fortune 500 multi-national corporation turned to Dorsey to assess its privacy and data protect policies and procedures, and completely update them. Our attorneys worked with a multi-dimensional in-house team to determine data collection, flow, retention and destruction; access protocols; EU-data transfers; certification requirements; and ongoing compliance monitoring.
  • A Dorsey cybersecurity team analyzed potential privacy and data protection issues associated with a risk management solutions company’s potential acquisition of a mobile app authentication service.
  • Dorsey counsels a nationwide retailer on the constantly evolving best practices for structuring communications to customers of its pharmacy operations.
  • Dorsey’s privacy group drafted a complex set of website terms for use in 21 countries, with significant user-generated content issues, using its knowledge of international privacy laws to provide insight and practical advocacy.
  • Our team assisted a Fortune 100 insurance company in drafting and implementing an internal social networking policy.
  • Dorsey regularly advises clients with European online presence on how they can benefit from immunity from liability in relation to user-generated content under the eCommerce Directive and on the pit-falls presented by the Privacy in Electronic Communications legislation in relation to matters, such as the use of cookies in websites and the challenges of targeted advertising.
  • We have deep experience in registering both generic and country code domain names for clients and in counseling clients on managing their domain name portfolios to deter cybersquatters.


  • A Native American gaming organization turned to Dorsey for assistance in developing assessment mechanisms to ensure compliance with guidelines and regulations for data and privacy protection and reporting. This project included assessment of applicability of state breach laws to a sovereign tribe, potential waiver consequences associated with voluntary compliance and mechanisms for ongoing assessment and improvement of policies and procedures.
  • Dorsey served as general counsel to a public-private Health Information Exchange formed to facilitate the exchange of health information electronically in compliance with HIPAA/HITECH.
  • Working with app developers, our privacy compliance professionals have counseled on designing apps in compliance with the FTC’s endorsement guidelines.
  • Dorsey has extensive experience with counseling clients on complying with and drafting policies concerning the Digital Millennium Copyright Act, the CAN-SPAM Act, the Communications Decency Act, the Children’s Online Privacy Protection Act, online behavioral advertising principles, and other internet-related laws.
  • Dorsey has helped numerous app developers design online advertising platforms and draft user rules in compliance with the FTC’s endorsement guidelines.
  • Our Financial Services privacy lawyers develop and audit internal privacy procedures to address both Graham-Leach-Bliley Act compliance and customer expectations for their personal financial information.
  • Dorsey Financial Services privacy practitioners also assist in dealing with subpoenas and other legal processes served on clients that trigger Graham-Leach-Bliley issues.
  • When two of its former financial advisors refused to return confidential client information, a financial services company hired our cybersecurity litigators to represent it in two different state court actions implicating the Gramm-Leach-Bliley Act. In both matters, the courts granted motions for a temporary restraining order preventing a former financial advisor from using or further disclosing the confidential information. FINRA (Financial Industry Regulatory Authority) arbitration panels subsequently approved the company's requests for a permanent injunction requiring the former advisor to, among other things, return the information.
  • A brokerage firm relied on Dorsey’s cybersecurity practitioners to handle a class action suit relating to a database containing certain confidential personal and financial information of approximately 250,000 of the client’s then current and former customers. The database was compromised by a computer hacker who illegally obtained access to the information through a sophisticated network intrusion. Plaintiffs alleged violations of the Fair Credit Reporting Act, breach of contract, violations of the Montana Consumer Protection Act, negligence and negligence per se. After our client filed its motion to dismiss, the parties entered into a class-wide settlement agreement, which was approved by the Court.


US News Best Lawyers 2022 Leading Technology Law Firm

USNews Trademark Law Firm of the Year 2017 wht

Legal 500 2016 IP

US News Best Lawyers 2021 Tier 1 IP Litigation Firm

Best Lawyers

Best Law Firms-25 Nationally Ranked Dorsey Practices 2021

US News Best Lawyers 2021 Tier 1 Patent Litigation Law Firm

Chambers Leading Firm USA 2023

BTI Client Service A-Team 2022

Our Cybersecurity, Data Privacy and Social Media lawyers include:

  • four certified information privacy professionals (CIPP)
  • a member of the Sedona Conference Working Group 11 Drafting Team on Data Security
  • a member of the CIPP/US exam development board of the International Association of Privacy Professionals (IAPP)
  • a co-chair the IAPP’s Minneapolis KnowledgeNet
  • a member of the Internet Committee of the International Trademark Association, Who Is and Privacy Issues Subcommittee


Jamie Nafziger
Practice Group Chair

Industries & Practices

  • Consumer Financial Services
  • Corporate Governance & Compliance
  • Healthcare Transactions & Regulations
  • Intellectual Property Litigation
  • Labor & Employment
  • Technology Commerce
  • Trademark, Copyright + Advertising