Since well before companies entered the age of “Big Data,” Benesch attorneys have been advising clients on privacy and data security issues including the protection of sensitive information and data both in the United States and around the world.

Today’s landscape for data security and privacy is characterized by increasing complexity. We have more computers, mobile applications, 24/7 connectivity and evolving security threats than ever before, while being subject to more stringent legal requirements and security standards. Additionally, certain industries, such as health care, financial services, and eCommerce have evolved such that data security and privacy have taken on extra significance. These changes, coupled with the recent surge in high-profile data security breaches, and increased enforcement by governmental bodies around the world, mean that privacy and data security compliance can no longer be placed on the back burner – it has become the among the highest priority issues for businesses of all sizes.

Benesch’s global data security and privacy team regularly assists clients from large, publicly traded companies to privately held middle market companies, in their global data security privacy compliance efforts, breach response and mitigation actions, and related issues.

The members of our global data security and privacy compliance team are CIPP certified privacy professionals. We do an extensive amount of data security compliance work helping our clients to comply with a variety of federal, state, local, or foreign laws, rules and regulations in jurisdictions including the US, Canada and the EU/EEA. These laws, rules and regulations include the EU GDPR and ePrivacy Directive, the EU/US privacy shield, HIPAA/HITECH, Gramm Leach Blilely, COPPA, FTC Act and US FTC Red Flag rule compliance, and Canadian PIPEDA. We also assist our clients with respect to the vast array of data security and privacy technical standards and guidelines with which they must comply including PCI-DSS, ISO 27001, ITIL, COBIT, and NIST standards, as well as with data classification, breach response and mitigation, and the creation and implementation of applicable policies/procedures. We are frequently engaged by clients to assist with stand-alone data security and privacy compliance needs (i.e., compliance outside of the context of a transaction or litigation) and are regularly engaged to handle data security and privacy issues within the context of a corporate transaction (merger, acquisition, divestiture, or reorganization), technology transaction, or other similar matter.

Examples of matters on which we have worked on the last 24 months include:

  • Full scale EU GDPR compliance for a major, publicly traded, manufacturer and distributor of consumer sports equipment in connection with the implementation of a new CRM system and the gathering of data remotely from Internet enabled (IOT) equipment;
  • US and Canadian data security and privacy compliance for a major, publicly traded, Fortune 200 manufacturer in connection with the roll out of an IOT based home lighting system;
  • Gramm Leach Bliley compliance for the in-house credit card issuer of a major international tire manufacturer;
  • Data breach response and mitigation for a major, international manufacturer in connection with a hack resulting in a trade secret theft;
  • Data breach response and mitigation for a major, publicly traded steel company in connection with a 50 state data breach resulting from a phishing scam; Data breach response and mitigation for a significant, privately held IRA custodian in connection with a data breach resulting from systems integration work following an acquisition;
  • US and EU data security and privacy compliance work for a major US manufacturer of graphite products;
  • The data security and privacy aspects of two significant acquisitions with deal value in excess of $400 million for a major, publicly traded provider of data processing services to credit card issuers and merchants at the point of sale; and
  • Data security and privacy due diligence on multiple acquisitions for national and regional privacy equity funds.

Benesch maintains distinct capabilities in support of privacy and data security through the joint efforts of its Innovations, Information Technology and Intellectual Property Practice Group (3iP); Health Care Practice Group; and Labor & Employment Practice Group. Working together, this interdisciplinary team provides insightful counsel and specialized depth of experience to clients across industries and situations.

You can trust the experienced team at Benesch to advise your company on domestic and international issues, to guide you through the compliance landscape, and to help you at critical times when a privacy or data security breach has occurred. We provide sensible guidance for business scenarios at all levels of complexity.

Innovations, Information Technology and Intellectual Property (3iP) Practice

Benesch works with companies of all sizes and in a variety of industries to enable technology investments to reach their full potential. The 3iP team is fully versed in the latest software, hardware and other technology solutions that are available to companies, and understands the nuances of the increasingly stringent regulations that govern how companies manage their information flow and storage.

We regularly work on privacy and data security-related matters as special outside counsel or through cost-effective onsite, short-term assignments to help clients with their compliance efforts.

Companies must also be prepared for data breaches and security threats, and Benesch provides the experience needed to respond quickly and effectively to data breach situations in an effort to mitigate exposure and risk.

The firm has a deep bench of talented team members, including those with significant in-house experience, to offer a comprehensive skill-set and experienced perspective in support of companies as they manage privacy and data security and privacy compliance and related issues. The firm frequently works on a proactive basis to identify areas of risk, and partners with technology vendors and consultants to implement solutions that are required under the expanding body of law in this area.

As businesses more frequently turn to technology when interacting with customers, connecting employees and storing sensitive information, Benesch acts as a valuable partner that enables businesses to maximize their level of safety, security and privacy, while minimizing risk to their stakeholders.


  • The Benesch 3iP Group is comprised of over 20 attorneys and patent agents, including one lawyer who came to Benesch after serving as an engineer and then in-house counsel attorney and Global Privacy Program Manager for a global Fortune 500 company.
  • Several lawyers in the group are members of the International Association of Privacy Professionals (IAPP) and have achieved the CIPP designation.
  • Several attorneys listed in information technology law among the Best Lawyers® “Best Lawyers in America” rankings by U.S. News & World Report, which assesses more than 10,000 US law firms in 80 national legal practice areas and 118 metro or state practice areas.

Service Examples

  • Comprehensive U.S. and global data security and privacy compliance including:
    • Gramm-Leach-Bliley;
    • Childrens' Online Privacy Protection Act;
    • FTC Privacy Guidelines;
    • FTC "Red Flag" (identity theft mitigation) rule; and
    • EU, ADEA and Swiss Data Protection Directives, including the EU General Data Protection Regulation, the EU ePrivacy Regulation, and the EU/US Privacy Shield
  • Document retention and destruction policies and related compliance;
  • Software, hardware and vendor services agreements including privacy and security aspects;
  • Usage and privacy policies for websites and web-based apps;
  • Document retention and destruction compliance;
  • Prevention and management of data security breaches;
  • The legal aspects of compliance with industry privacy and security standards including:
    • the PCI-DSS, NIST, ISO technical standards; and
    • the SSAE 16 audit standard

Healthcare Practice

Updates to HIPAA have rippled throughout the health care industry to now directly regulate vendors and other service providers to the health care industry (“business associates”), along with hospitals, health plans, doctor’s offices and others within the industry, who must take special care in managing information about patients and their care. One of the most noticeable trends in the industry is the movement to electronic medical records and use of electronic tools to manage care.

Benesch understands the tools used in and the regulations shaping the health care landscape. Our team members offer diverse perspectives and specialized knowledge and experience that provide an insider’s viewpoint and a unique understanding to each engagement. The team has worked directly with hospitals, device manufacturers, software makers, health insurers, long-term care facilities and others.


  • Benesch’s Health Care Practice Group draws on more than 200 years of combined experience in the health care industry to service clients.
  • Benesch's Health Care Practice Group received first-tier rankings in Cleveland and Columbus in 2014 for our health care practice in the Best Lawyers® “Best Law Firms” rankings by U.S. News & World Report, which assesses more than 10,000 US law firms in 80 national legal practice areas and 118 metro or state practice areas.

Service Examples

  • Experience serving physician organizations, health systems, long-term care and senior living facilities, behavioral health providers, diagnostic imaging enterprises, durable medical equipment manufacturers and suppliers, pharmaceutical retailers, wholesalers, distributors and manufacturers and more;
  • Business associate agreements;
  • Technology vendor selection and implementation;
  • Privacy policies and data security systems;
  • Data management, sharing and disclosure

Labor and Employment Practice

Employers face major regulatory challenges from the likes of HIPAA, the Fair and Accurate Credit Transactions Act (FACTA), the Americans with Disabilities Act (ADA) and others. Management of the resulting data is critical, which has put a premium on the increased use of technology for data storage, sharing and security.

Benesch offers highly knowledgeable professionals who provide pragmatic counsel to allow companies to protect themselves and their employees.

In today’s workplaces, it is important to have a partner who helps ensure the proper processes, policies and tools are in place to protect the sensitive information that belongs to your business, your employees and your customers.

Benesch has experience providing training to privacy officers to maintain compliance with data security regulations and working with companies to prevent data loss, or to help mitigate a data breach. In addition, the team is able to offer pragmatic advice on how to reduce the risk of employee data theft. An expansion of HIPAA has created compliance needs for companies doing business with entities in the health care industry. Additionally, more companies are moving to self-funded health plans, which require data security and compliance on par with what is expected of traditional health insurers.


  • One of our partners served on the president-appointed National Labor Relations Board and was recently reappointed by the Speaker of the House of Representatives to his third consecutive six-year term on the U.S. Commission on Civil Rights.
  • We are actively involved with clients in many industries such as retail, automotive, health care, manufacturing, trucking, technology, food and beverage distribution, industrial product distribution, professional services and banking, to name just a few.

Service Examples

  • Non-compete agreements & trade secret rights;
  • Employer policies on internet use, mobile devices and social media;
  • Counsel for HIPAA, FACTA and ADA compliance;
  • Corporate policies for voice mail, email, social media and internet use by employees;
  • Security measures for third-party providers;
  • Employee privacy issues, including searches of employee property and drug and alcohol testing;
  • Employee nondisclosure obligations for confidential and proprietary information;
  • Securing, maintaining and enforcing cyber insurance policies;