Privacy, Data Protection, and Cybersecurity

From critical communications infrastructure industries to any business with a website, app, or internet-based operations, almost every company must comply with a wide range of privacy, data protection, and cybersecurity laws, regulations, and guidelines. Lerman Senter has guided numerous companies through decades of dramatic technology-propelled changes, helping clients remain in compliance and advance their business goals effectively.

Ranked by U.S. News-Best Lawyers as a Tier 1 firm in Washington, DC for Privacy and Data Security Law, our expertise spans relevant state, federal and international statutes, regulations, and guidelines, some of which our attorneys have played a direct role in formulating. We assist clients with policy development, consumer-facing agreements and terms of use/service, and vendor/service provider contracts, enabling them to adopt best practices and avoid compliance issues from the start, or expand into new digital and tech ventures. Additionally, our services include security breach response; counsel on enforcement issues; training of C-suite personnel, employees, and vendors/service providers; and development of customized training protocols (including table-top exercises). We welcome you to contact us for more information about our Privacy, Data Protection, and Cybersecurity practice.

Lerman Senter attorneys provide comprehensive, forward-thinking Privacy, Data Protection, and Cybersecurity services, including:


  • Counseling on federal telemarketing law compliance, such as the Telephone Consumer Protection Act (TCPA), FTC Telemarketing Sales Rule, FCC Robocall Mitigation, and STIR/SHAKEN regulations
  • Counseling on electronic marketing issues under federal, state, and international laws, such as the federal CAN-SPAM Act, EU General Data Protection Regulation (GDPR) and Canada’s Anti-Spam Legislation (CASL)
  • Counseling on compliance with laws related to minors, such as the Children’s Online Privacy Protection Act (COPPA) and state registries
  • Counseling on compliance with new state privacy laws, such as the California Consumer Protection Act, as amended by the Consumer Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act
  • Drafting and negotiating contracts for vendors and service providers supporting digital content, services, and marketing activities
  • Counseling and developing privacy and other consumer-facing agreements and disclosures, including terms of use/service agreements, content submission agreements, licenses for third-party sharing, and publicity and liability releases related to websites, mobile apps, and Internet of Things components

Data Protection

  • Counseling on security breach investigation, mitigation, and corrective action
  • Counseling on compliance with state security breach notification laws
  • Counseling on compliance and enforcement issues related to Customer Propriety Network Information (CPNI) regulations, and other telecommunications and broadband-related data protection statutes and regulations
  • Counseling on compliance with Electronic Communications Privacy Act (ECPA) and Foreign Intelligence Surveillance Act (FISA) requirements and enforcement action response
  • Counseling on internet taxation, e-commerce/mobile payments, and payment card standards
  • Counseling on and formulating policy and agreements related to database management and storage
  • Counseling and developing written personal information security standards and policies


  • Counseling on network security requirements and best practices for broadcast, cable, information, and telecommunications providers
  • Counseling on compliance and enforcement issues related to the Communications Assistance for Law Enforcement Act (CALEA)
  • Interfacing with state and federal agencies, and counseling on state and federal cybersecurity policies, regulations, and best practices for critical infrastructure industries
  • Counseling and developing written cybersecurity and information security standards and policies

Representative Matters

  • Assisted new start-up internet marketing company with the launch of its online service and platform, and drafted licensing agreements, public-facing documents and notices, and information security policy
  • Counseled broadcast, wireless, and internet platform clients involved in mergers and acquisitions regarding privacy and data security issues and the proper transfer of databases
  • Conducted an extensive audit for a Fortune 100 media company of various websites and mobile apps for federal and state privacy and data security legal compliance
  • Represented state-funded non-profit in developing guidance for compliance with the Telephone Consumer Protection Act and Telemarketing Sales Rule, including creation of a 50-state survey of telemarketing regulations and registration requirements
  • Represented a large media client in responding to an inquiry from a state consumer protection agency regarding consumer complaints alleging Do-Not-Call registry and state telemarketing law violations
  • Represented various clients regarding compliance with state privacy, data security, consumer protection, and net neutrality transparency laws, and industry obligations such as PCI-DSS
  • Represented mid-size internet service provider regarding an FBI investigation of alleged state-sponsored unauthorized access to the company’s network
  • Participated in rulemaking proceedings related to federal and state security and data regulations, including meeting with governmental agency heads and staff, writing comments, and building consensus with industry, public interest, and civil rights organizations

Key Client Categories

Traditional and digital media companies, suppliers and vendors; traditional information, wireless, cable and MVNO, and telecommunications providers; online platform and app providers; online payment services; SMS and voice service aggregators; Software as a Service (SaaS) providers; electric and gas utilities; colleges, universities, and state agencies; any business with a website, app or digital presence.