Morris Manning & Martin, LLP

Cybersecurity & Privacy

We practice daily at the intersection of legal, policy, and technical cutting-edge cybersecurity and privacy issues. We offer solution-oriented guidance tailored to your industry and your data collection and use practices, leveraging years of experience and strategic partnerships to swiftly deliver direct, practical advice.

Our Cybersecurity & Privacy team covers compliance assessments under privilege to decrease corporate risk, working with in-house legal departments, information technology and security teams, C-suites, and boards of directors on proactive measures to improve preparedness and to effectively manage cyber-risk.

We serve as crisis managers in the event of a data breach, guiding you during the first hours of a data security incident investigation through post-breach litigation matters.

We have experience across a broad range of industries, including retail, healthcare, financial services, hospitality and lodging, ecommerce, manufacturing and educational services. Our team’s approach allows for integrated advice, incorporating diverse perspectives from our attorneys in related practice areas such as technology, insurance, litigation, and corporate matters. We scale the solution based on client needs. Components of your customized roadmap can include:

  • Audits and data mapping
  • Data privacy in commercial transactions
  • Data security governance and regulatory compliance and policies
  • Global data transfer management programs
  • Third party vendor management
  • Security consultant retention
  • Incident response planning and execution
  • Cyberattack and data breach response and notification
  • Crisis management and communications
  • Security incident investigations
  • Cyber insurance coverage solutions and recovery
  • Post-breach litigation and regulatory matters

Areas of Focus

Cyberattack & Data Breach Response

Meet the Team »

Even the most secure organizations will experience a data security event. We have deep experience responding to cybersecurity incidents across industry sectors, threat actors and threat vectors.

Our cyberattack and data security incident response practice is here to work with you in those first minutes and hours of becoming aware of a breach to mitigate harm, risk and liability. We direct physical and IT forensics investigations, coordinate with law enforcement agencies, provide guidance on how to manage business and reputational risks, internal investigations, and board-level and consumer communications, advise on regulatory and contractual data breach notification requirements in the United States and abroad, direct public relations and media strategy, represent clients in government investigations before state and federal regulators and non-U.S. data protection authorities, and defend clients in parallel proceedings, including civil class actions and arbitrations, and shareholder derivative litigation.

As soon as a client discovers an incident, our team is available 24/7, whenever a breach occurs.

Representative Experience:

  • Counseled national construction company through all stages of a data breach incident, including incident analysis and breach containment, notification in compliance with all regulatory requirements, loss mitigation, and remediation.
  • Represented client in significant data breach of cardholder information, which at the time was the largest cardholder data breach in U.S. history.
  • Advised multiple clients through all stages of data breach incidents resulting from W-2 phishing scams, including developing tailored guidance for affected employee populations.
  • Represented third-party payment service provider in notifying customers of breach pursuant to service agreement obligations and under state laws.

Data-Driven Transactions & Data Management

Meet the Team »

Data drives the digital economy. Our team is at the forefront of critical issues, such as Big Data, Artificial Intelligence, Blockchain, Internet of Things, and the application of these technologies to our clients’ businesses. We assist clients in maximizing their rights to data, while addressing global data privacy requirements and proactively reducing security risk. We have represented more than 1,000 companies in their corporate transactions valued from a few million to many billions of dollars, throughout the U.S. and abroad. We are generally recognized as the leading M&A law firm in the Southeast in representing high-growth and middle market companies.

Representative Experience:

  • Represented an international auto manufacturer in the review and revision of vendor and certain data sharing agreements.
  • Reviewed target company’s information security program and procedures and advised on risk allocation in business transaction.
  • Prepared enterprise-wide global privacy policy and procedures for financial services institution.
  • Drafted data processing addendum for service providers and customers.

Global Compliance Programs & EU General Data Protection Regulation (GDPR)

Meet the Team »

With business objectives in mind, we assist emerging and public companies in mitigating reputational, regulatory and litigation risks by creating global compliance programs. We advise companies on how privacy and data protection laws impact business operations, including customer service, HR functions, big data analytics, and product and service development.

Our team advises on compliance with a myriad of foreign regulations, including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Canada Anti-Spam Legislation (CASL) and the EU General Data Protection Regulation (GDPR). Determining the applicability of GDPR to your operations is a particularly critical business decision. Penalties for violations of the GDPR can amount to 4% of annual worldwide turnover. We can help you navigate this complex and strict privacy framework. Our team constantly advises clients on the right strategy to GDPR compliance and collaborates with clients to address accountability obligations, stronger rights and ongoing restrictions on international data flows. We have extensive experience evaluating the GDPR’s impact on our client’s data processing agreements, embedding privacy-by-design principles, selecting the appropriate mechanism for international data transfers, and crafting clear comprehensive privacy notices. We leverage relationships with strategic partners to offer our clients ready access to data protection officer and EU representative services.

Representative Experience:

  • Advised many clients on EU General Data Protection Regulation compliance implementation.
  • Counseled manufacturer regarding cross-border data transfers, social networking matters, and e-mail marketing campaigns.
  • Counseled many clients on the development of global privacy policies and terms of service for e-commerce websites and mobile applications, including drafting the policies and related agreements.
  • Advised an international auto manufacturer regarding privacy and data security employee training, including drafting various training documents.

Hospitality Industry Depth

Meet the Team »

Technology is significantly altering the way the hospitality industry operates, collects, uses, and transmits sensitive data. As a result, hotel owners, operators, management companies and other hospitality organizations must closely assess and manage these aspects of their business to comply with state, federal, and global data privacy laws and regulations. They also need to know where their risk lies in the use of data, from reservation systems and loyalty databases to point-of-sale software used at restaurants, bars and gift shops on property.

MMM’s Cybersecurity lawyers work closely with our Hospitality team to help clients manage risk and comply with regulations, including reviewing operational procedures with vendors, evaluating technologies, training employees and contractors and building compliance programs.

Representative Experience:

  • Represented lodging real estate investment trust in data breach liability assessment related to Marriott/Starwood data breach.
  • Counseled multiple hotel management companies concerning the collection and processing of guest data.
  • Advised hospitality client regarding partnership with Microsoft AI for marketing initiative.
  • Represented an international hotel company in creation of CCPA and GDPR compliance programs.

U.S. Regulatory Compliance

Meet the Team »

Our Cybersecurity & Privacy team regularly counsels client on compliance with numerous federal and state privacy laws, regulations and industry standards. Our broad experience includes programs involving the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Payment Card Industry Data Security Standard, the CAN-SPAM Act, Health Insurance Portability and Accountability Act (HIPAA), Telephone Consumer Protection Act (TCPA), Children’s Online Privacy Protection Act (COPPA), California Online Privacy Protection Act (CalOPPA), and most recently, the California Consumer Privacy Act (CCPA).

The passage of CCPA has radically altered U.S. data privacy law. Effective January 1, 2020, CCPA has an expansive, rights-based approach to privacy, providing consumers with more control over the personal information that businesses collect about them. Every company who has clients and consumers in California will need to evaluate whether the CCPA applies to their business, and if so, implement changes across business lines to comply with the CCPA.

CCPA also serves as a model for other states (and countries) crafting legislation around consumer privacy rights. MMM is working with clients to closely monitor similar laws and regulations enacted across the country, ensuring that the privacy and compliance programs developed address any potential impact of the changing legal and regulatory landscape.

Representative Experience:

  • Represented an international hotel company in creation of a CCPA compliance program.
  • Built robust CCPA compliance and training plan for a US-based international retailer with both physical retail stores and an online store.
  • Assisted a manufacturer of children’s products and toys in the formation of a CCPA compliance program.