Practice Area

Privacy & Data Security Group

BHGR’s Privacy & Data Security Group brings a depth of knowledge and experience in privacy and data security matters, offering clients a host of services designed to mitigate and address the risks inherent in conducting business in a digital world.

Our attorneys represent private and public companies of all sizes in privacy and data security matters.

Our

services

Corporate Services

Data Inventory & Risk Assessment

Our attorneys assist clients with data inventory and privacy and security risk assessments to help them develop and implement best practices to mitigate the risk of data breaches, state and federal investigations, and lawsuits.

Regulatory Compliance Assessment

We advise clients on compliance with privacy laws and industry standards in the U.S., EU, and U.K., including but not limited to, the California Online Privacy Protection Act (CalOPPA), California Privacy Rights Act (CPRA), CAN-SPAM Act, Children’s Online Privacy Protection Act (COPPA), Colorado Consumer Protection Act (CCPA), Colorado Privacy Act (CPA), Electronic Communications Privacy Act (ECPA), ePrivacy Directive, Fair Credit Reporting Act (FCRA), Fair Debt Collection Practices Act (FDCPA), General Data Protection Regulation (GDPR), Gramm-Leach-Bliley Act (GLBA), Lei Geral de Protecão de Dados (LGPD), Personal Information Protection and Electronic Documents Act (PIPEDA), Stored Communications Act (SCA), and Telephone Consumer Protection Act (TCPA).

Policies, Procedures, Notices, Protocols & Employee Training

Once the inventory and assessment process is complete, our attorneys assist our clients in drafting privacy and data security policies, procedures, online notices. Our attorneys also work with clients to develop and draft incident response plans to help clients quickly and appropriately respond to privacy and data security incidents. This includes drafting notification protocols and forms consistent with the jurisdictional requirements where the business is operating. After we have worked with clients to develop policies, procedures, protocols, and forms, we assist them in training their employees on how to understand and use those items.

Insurance Coverage Analysis

Our attorneys routinely assist clients in securing appropriate cyber insurance coverage to protect against potential liability and ensure business assets are protected. We also review and negotiate insurance policies to minimize the likelihood that disputes with insurance carriers will arise after a claim is reported, saving our clients time and money. We routinely work with brokers to obtain quotes and negotiate appropriate privacy and data security policy endorsements for clients.

Data Transfers

Our attorneys have significant experience negotiating, drafting, and reviewing agreements for domestic and international data transfers.

Due Diligence

When our clients are looking to merge with or acquire another company, we perform due diligence analysis on the target company’s privacy and data security practices, identifying potential risks and post-transaction integration issues which can then be addressed as part of the deal.

Data Breach Response Services

If our clients suffer a suspected data breach, our attorneys walk them through the response effort. We work with IT and forensic experts to identify the nature and scope of the incident and advise our clients on the appropriate response. We also interface with law enforcement, as necessary.

Administrative Investigation Services

Our attorneys guide our clients through privacy and data security state and federal investigations and assist them with responding to administrative inquiries.

Litigation Services

Consumers are increasingly using old plaintiff-friendly state laws like the California Invasion of Privacy Act (CIPA) (which was enacted in the 1960s) to sue companies with business websites on claims of invasion of privacy and wiretapping simply because the companies’ websites are accessible by consumers in those states. In addition, Texas, Oregon, Illinois, and Pennsylvania, as well as other states, have enacted consumer data privacy laws, giving state governments the ability to sue companies for failing to comply with those laws. Our litigators have represented companies in numerous civil and administrative actions of these types and are well-versed in the claims and defenses asserted in these cases. We have extensive experience representing defendants in state and federal courts throughout the United States. We provide our clients with pre-litigation claims analysis and investigation, draft answers, draft and file pre-trial motions and briefs, prepare and respond to written discovery requests, attend depositions and pre-trial hearings, try cases to judges and juries, file post-trial motions and briefs (including motions for attorneys’ fees and costs), and assist clients with post-trial judgment filings, discovery, and collection. For more information on the rise of these types of claims, read BHGR’s blog on What to Know About Increasing Cyber and Security State Law Claims Against Companies with Websites.

Notable Experience

On June 24, 2025, BHGR’s Privacy & Data Security Group succeeded in obtaining a dismissal at the pleading stage in a website tracking lawsuit in Garcia v. Diversified Foodservice Supply, LLC, No. 24STCV19784, (Cal. Super. Ct. L.A. Cty. June 24, 2025). The court sustained Diversified Foodservice Supply’s (Diversified’s) demurrer without leave to amend, ruling that the plaintiff lacked standing and failed to state a viable claim under CIPA, Penal Code § 638.51(a). Read more about this case here: Rudy Verner and Azar Khazian Win Full Dismissal of CIPA Litigation.

Our Approach

BHGR’s Privacy & Data Security Group believes that the best way to protect your business and minimize the risk of costly privacy and data security investigations and claims is to implement robust data privacy and cybersecurity best practices. For that reason, we assist our clients on the front end in conducting privacy and cybersecurity risk and regulatory compliance assessments, drafting privacy and data security policies, and procedures, as well as, incident response plans, and providing related employee training. Our attorneys also advise clients on cyber security insurance coverage and negotiate, draft, and review agreements for domestic and international data transfers. When clients are looking to merge or acquire another company, we perform privacy and cybersecurity due diligence. On the back end, if clients experience a data breach or become the subject of a state or federal investigation, our attorneys guide them through the process and, when necessary, our seasoned litigators zealously defend clients in state and federal courts from privacy and data security claims.

Our Privacy & Data Security Team

Partners + Counsel

Azar Khazian

Azar Khazian Senior Counsel

Rudy Verner

Rudy Verner Partner

Associates

Jacob Scarr

Jacob Scarr

 Associate

BHGR Toolbox 

Legal Due Diligence in Mergers & Acquisitions

Mergers and acquisitions are sophisticated, multi-faceted transactions which are as varied as the companies involved in the transaction. Once the parties have entered into an agreement for the sale of the business but before the transaction closes, the buyer will be...

Legal Insights 

Private Equity Dry Powder May Drive Mergers and Acquisitions in 2026

Private equity financing is frequently an attractive option for funding mergers and acquisitions, and industry experts are predicting that significant amounts of “dry powder” held by private equity companies will be deployed in 2026. This article discusses what dry...