- Our People
What We DoPractice AreasHow We're Different
Explore our How We’re Different page to learn more.
- About MMM
We practice daily at the intersection of legal, policy, and technical cutting-edge cybersecurity and privacy issues. We offer solution-oriented guidance tailored to your industry and your data collection and use practices, leveraging years of experience and strategic partnerships to swiftly deliver direct, practical advice.
Our Cybersecurity & Privacy team covers compliance assessments under privilege to decrease corporate risk, working with in-house legal departments, information technology and security teams, C-suites, and boards of directors on proactive measures to improve preparedness and to effectively manage cyber-risk.
We serve as crisis managers in the event of a data breach, guiding you during the first hours of a data security incident investigation through post-breach litigation matters.
We have experience across a broad range of industries, including retail, healthcare, financial services, hospitality and lodging, ecommerce, manufacturing and educational services. Our team’s approach allows for integrated advice, incorporating diverse perspectives from our attorneys in related practice areas such as technology, insurance, litigation, and corporate matters. We scale the solution based on client needs. Components of your customized roadmap can include:
Even the most secure organizations will experience a data security event. We have deep experience responding to cybersecurity incidents across industry sectors, threat actors and threat vectors.
Our cyberattack and data security incident response practice is here to work with you in those first minutes and hours of becoming aware of a breach to mitigate harm, risk and liability. We direct physical and IT forensics investigations, coordinate with law enforcement agencies, provide guidance on how to manage business and reputational risks, internal investigations, and board-level and consumer communications, advise on regulatory and contractual data breach notification requirements in the United States and abroad, direct public relations and media strategy, represent clients in government investigations before state and federal regulators and non-U.S. data protection authorities, and defend clients in parallel proceedings, including civil class actions and arbitrations, and shareholder derivative litigation.
As soon as a client discovers an incident, our team is available 24/7, whenever a breach occurs.
Data drives the digital economy. Our team is at the forefront of critical issues, such as Big Data, Artificial Intelligence, Blockchain, Internet of Things, and the application of these technologies to our clients’ businesses. We assist clients in maximizing their rights to data, while addressing global data privacy requirements and proactively reducing security risk. We have represented more than 1,000 companies in their corporate transactions valued from a few million to many billions of dollars, throughout the U.S. and abroad. We are generally recognized as the leading M&A law firm in the Southeast in representing high-growth and middle market companies.
With business objectives in mind, we assist emerging and public companies in mitigating reputational, regulatory and litigation risks by creating global compliance programs. We advise companies on how privacy and data protection laws impact business operations, including customer service, HR functions, big data analytics, and product and service development.
Our team advises on compliance with a myriad of foreign regulations, including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Canada Anti-Spam Legislation (CASL) and the EU General Data Protection Regulation (GDPR). Determining the applicability of GDPR to your operations is a particularly critical business decision. Penalties for violations of the GDPR can amount to 4% of annual worldwide turnover. We can help you navigate this complex and strict privacy framework. Our team constantly advises clients on the right strategy to GDPR compliance and collaborates with clients to address accountability obligations, stronger rights and ongoing restrictions on international data flows. We have extensive experience evaluating the GDPR’s impact on our client’s data processing agreements, embedding privacy-by-design principles, selecting the appropriate mechanism for international data transfers, and crafting clear comprehensive privacy notices. We leverage relationships with strategic partners to offer our clients ready access to data protection officer and EU representative services.
Technology is significantly altering the way the hospitality industry operates, collects, uses, and transmits sensitive data. As a result, hotel owners, operators, management companies and other hospitality organizations must closely assess and manage these aspects of their business to comply with state, federal, and global data privacy laws and regulations. They also need to know where their risk lies in the use of data, from reservation systems and loyalty databases to point-of-sale software used at restaurants, bars and gift shops on property.
MMM’s Cybersecurity lawyers work closely with our Hospitality team to help clients manage risk and comply with regulations, including reviewing operational procedures with vendors, evaluating technologies, training employees and contractors and building compliance programs.
Our Cybersecurity & Privacy team regularly counsels client on compliance with numerous federal and state privacy laws, regulations and industry standards. Our broad experience includes programs involving the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Payment Card Industry Data Security Standard, the CAN-SPAM Act, Health Insurance Portability and Accountability Act (HIPAA), Telephone Consumer Protection Act (TCPA), Children’s Online Privacy Protection Act (COPPA), California Online Privacy Protection Act (CalOPPA), and most recently, the California Consumer Privacy Act (CCPA).
The passage of CCPA has radically altered U.S. data privacy law. Effective January 1, 2020, CCPA has an expansive, rights-based approach to privacy, providing consumers with more control over the personal information that businesses collect about them. Every company who has clients and consumers in California will need to evaluate whether the CCPA applies to their business, and if so, implement changes across business lines to comply with the CCPA.
CCPA also serves as a model for other states (and countries) crafting legislation around consumer privacy rights. MMM is working with clients to closely monitor similar laws and regulations enacted across the country, ensuring that the privacy and compliance programs developed address any potential impact of the changing legal and regulatory landscape.