Privacy & Data Security


Keesal, Young & Logan regularly advises clients on data security, cybersecurity and data privacy issues by drawing on its unique team of privacy and technology-certified attorneys and IT/information security professionals.  We pride ourselves on working closely with our clients to fully understand their organizational objectives, priorities and concerns so that together we can achieve a successful outcome.

Privacy and Cybersecurity.  We help clients develop data privacy compliance programs that incorporate principles of fairness, transparency, data minimization, and security, with plainly written public-facing privacy notices and internal standards, training and practices.  We also guide clients in their compliance with (and defense of claims asserting violations of) numerous federal and California laws regulating privacy and security, including the Gramm-Leach-Bliley Act and Regulation S-P, the Fair Credit Reporting Act, the federal and California Right to Financial Privacy Acts, the California Financial Information Privacy Act, the Stored Communications Act, the Computer Fraud and Abuse Act, the California Consumer Privacy Act, the California Online Privacy Protection Act, the European Union’s General Data Protection Regulation (GDPR) and others.  We help clients assess and implement security controls consistent with industry-recognized cybersecurity frameworks such as the U.S. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF), the Center for Internet Security Critical Security Controls (CIS), and the International Standards Organization (ISO) frameworks ISO 27001 and 27002.  In addition, we advise clients at the outset of new projects by implementing principles of privacy by design, and help clients manage crisis response when needed, such as in the event of data breaches, phishing scams and ransomware attacks.

Third-Party Relationships.  We recognize that no one goes it alone, and successful organizations use a variety of third-party vendors to help them efficiently and seamlessly deliver products, services and information to their customers and clients.  As a result, the responsibility to maintain the confidentiality, integrity and availability of the data extends beyond organization’s own walls.  In that context, we evaluate and negotiate contracts with third-party vendors that provide outsourced services, cloud-based computing (SaaS – software as a service), and on-premises software solutions.  We also evaluate and negotiate the licensing agreements and Terms of Service/Terms of Use that accompany these relationships.  And our InfoSec team also regularly conducts vendor assessments to test and evaluate the confidentiality and security of data while in the vendor’s control.

Websites and E-Commerce.  Our client-focused approach includes advising clients on website legal review for compliance with and defending claims alleging violations of federal and California laws (such as the Americans with Disabilities Act and the Unruh Civil Rights Act), and assessing compliance with the Website Content Accessibility Guidelines (WCAG) 2.1 standards.

Information Technology & Management.  Our law firm’s IT and InfoSec professionals have been repeatedly recognized in the industry for their experience developing and implementing new technologies, and those professionals often support our legal team in client projects.  Our sister company, Keesal Propulsion Labs (KP Labs), also provides unique advantages to the firm and our clients.  KP Labs currently provides digital transformation services to 20 Fortune 500 companies and has developed a portfolio of automated workflows that seamlessly connect HR, sourcing and procurement, and contracting processes with privacy, infosec and compliance workstreams.

Sign Up for KYL News & Alerts