Data Privacy and Cybersecurity

  • Overview
  • Team

Over the years, McAfee & Taft lawyers have represented clients with various privacy and cybersecurity issues specific to certain industries or matters.  This representation has included assistance with the Health Insurance Portability and Accountability Act (HIPAA) for clients in the healthcare industry, providing legal expertise for financial institutions pertaining to the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, and consultation and guidance for clients’ compliance efforts with the CAN-SPAM Act and the Children’s Online Privacy Protection Act (COPPA) and their impact on online marketing and promotion. In recent years, privacy and cybersecurity compliance has grown more complex due to technological advancements and an ever-changing legal landscape. Today, in addition to assisting with legal issues specific to certain business sectors, the firm assists clients with data breaches, updating externally facing privacy policies to comply with applicable law, and revising internal policies and data governance policies.

The firm’s Data Privacy and Cybersecurity Group is made up of numerous attorneys practicing in a broad range of disciplines that regularly encounter issues in this niche area of law.  Leveraging our industry-specific command of privacy and cybersecurity issues, McAfee & Taft has customized solutions and advice to meet each client’s business needs. This is made possible by years of experience encountering clients’ privacy and cyber security issues as well as additional training and certifications by firm attorneys in this area.   Three of the firm’s attorneys have earned a Certified Information Privacy Professional (CIPP/US) designation from the International Association of Privacy Professionals, and two have earned the credential of being a Certified Information Privacy Manager (CIPM).

Comprehensive Legal and Business Services

Legal Compliance and Transactional

As technology becomes more complex in how data may be collected and analyzed, so too has the legal framework governing that collection and use.  Currently, there is no federal law that generally concerns all data use and collection, so compliance requires an in-depth knowledge of the patchwork of federal, state, and potentially foreign laws that may apply to your business. McAfee & Taft assists clients in identifying and assessing its legal risk and strategic needs in collecting, using, storing, and securing information of its customers and employees that covers three aspects of our clients’ businesses:

  • Review of internal practices and procedures for comprehensive and customized privacy and cybersecurity policies that address business needs.
  • Implementation of public-facing policies that inform employees and customers of your data practices in a manner that addresses applicable legal requirements.
  • Consultation on contingency plans for management of any possible data breach, including manners to mitigate business risk in the event of an incident.

McAfee & Taft attorneys have reviewed internal and external policies across numerous business sectors concerning data and cybersecurity issues, including the impact of the General Data Protection Regulation (GDPR) on global data collection issues.  Our data and cybersecurity representation has been for Fortune 100 companies as well as start-ups concerning the constantly changing universe of rights, responsibilities, and risks that accompany data collection in the modern world.

In addition to assistance with day-to-day operations, McAfee & Taft assists clients with data privacy and cybersecurity issues related to business transactions.  Our services have included due diligence for privacy, data security and information rights, and negotiating representations, warranties, and risk allocation concerning the same in business transactions, including merger and acquisition transactions.

Data Breach Litigation and Investigations

Our attorneys also work closely with clients in security breach matters, ensuring swift, effective, and confidential response plans.  We have assisted numerous clients with data breach incidents affecting employees and consumers throughout the United States.  We assist in all aspects of a data breach, from the initial response, to working with forensic companies to ascertain the cause of the breach in a manner to maintain privilege, to providing notification to those affected by a data breach.

Our team also advises clients when purchasing cybersecurity coverage to ensure that a policy matches a business’s specific needs.  Today, many policies are not tailored toward cybersecurity issues, or explicitly exclude them.  Leveraging our expertise and professional relationships, our attorneys work with clients to understand their own coverage and to find policies that may be better suit their needs.  As a result, in the unfortunate event of a data breach, we can help you navigate the legal and practical hurdles of cybersecurity forensics, insurance coverage, and – where necessary – preparing notifications mandated by state and federal law.

Sasha L. Beling
Shareholder, Industry Group Leader
(405) 270-6011
Kate N. Dodoo
Of Counsel, Practice Group Leader
(405) 270-6057
William J. Holland
(918) 574-3027
Todd G. Lamb
Of Counsel
(405) 552-2354
Robert T. Luttrell, III
Of Counsel, Practice Group Leader
(405) 552-2291
Jenny M. Odom
(405) 270-6018
Zachary A.P. Oubre
Shareholder, Industry Group Leader
(405) 270-6023
Patricia A. Rogers
(405) 235-9621
Joshua M. Snavely
Of Counsel
(405) 270-6027
Chase C. Webb
(405) 552-2280
Anna E. Wolfe
(918) 574-3048


Lock sitting on a laptop keyboard
Data privacy and security concept art
Padlock sitting on a laptop keyboard

Oklahoma Legislature looks to pass numerous new consumer privacy laws

McAfee & Taft Data Privacy and Cybersecurity Alert |
Digital fingerprint on a circuit board

New bill aims to protect data privacy of Oklahoma residents

The Journal Record |
Digital fingerprint on a circuit board

Oklahoma the latest state to consider consumer data privacy legislation

McAfee & Taft Data Privacy and Cybersecurity Alert |

Will even stricter California privacy law spark push for national consumer privacy reform?

McAfee & Taft tIPsheet Alert |

Tips to jump-start cybersecurity preparedness

The Journal Record |

National Cybersecurity Awareness Month: 3 tips to jump-start your cybersecurity preparedness

McAfee & Taft tIPsheet |

Despite pandemic, CCPA enforcement deadline looms while businesses still wait for final regs

McAfee & Taft LINC |

COVID-19 Impacts: Data Privacy and Cybersecurity

McAfee & Taft LINC |

Yes, even your IT systems are susceptible to COVID-19

McAfee & Taft LINC Alert |

New year to ring in nation’s most comprehensive privacy law

McAfee & Taft tIPsheet |

Push for data privacy increases

The Journal Record |

Privacy Gone Public: How growing push for privacy laws may affect U.S. businesses

McAfee & Taft tIPsheet |

Would you like some milk with your cookies? 5 months post-GDPR

McAfee & Taft tIPsheet |

Biometric privacy laws pose new challenges, risks for employers

McAfee & Taft EmployerLINC |

Biometrics usher in new era of privacy laws, litigation risks

McAfee & Taft tIPsheet |

Speedier service or biased browsing?

The Journal Record |

Is the internet neutral and does it really matter?

McAfee & Taft tIPsheet |

Preventing data breaches

The Journal Record |

Legal risks on the rise for businesses that auto‑dial, text

McAfee & Taft tIPsheet |

FTC amends Children’s Online Privacy Protection Rule

McAfee & Taft tIPsheet |

Canada’s Anti-Spam Legislation to impact electronic marketing and communications

McAfee & Taft tIPsheet |

At The Podium

Cyber Hygiene: An Apple (or PC) Defended a Day Keeps the Hacker Away

University Faculty Institute
Langston, OK | August 2021

First-Skill, Reskill, Upskill

National Initiative on Cybersecurity Education
Oklahoma City, OK | May 2021

A Playbook for Cyber Resilience: Basics & Best Practices

William J. Holloway American Inn of Court
Oklahoma City, OK | March 2021

Decrypting Diversity: The Secret Key to Cybersecurity

Providence, RI | February 2021

Cyber Resiliency Planning: The Basics & Best Practices for Business

Oklahoma Small Business Development Network
Oklahoma City, OK | October 2020

Cybersecurity Playbook: Fundamentals & Strategies for Business

Oklahoma Small Business Development Network
Oklahoma City, OK | October 2020

The Cyber Range – A Guide

National Initiative on Cybersecurity Education
Oklahoma City, OK | June 2020

#CyberDiversity – New Decade, New Rules

RSA Conference 2020
San Francisco, CA | February 2020

Data Insecurity

2019 Corporate Counsel Seminar
Oklahoma City, OK | December 5, 2019

Data Insecurity

2019 Corporate Counsel Seminar
Tulsa, OK | December 4, 2019

A Practical Overview of Privacy and Security for In-House Counsel

Oklahoma County Bar Association CLE Seminar
Oklahoma City, OK | November 15, 2019

Online Privacy

IABC of Central Oklahoma
Oklahoma City, OK | November 7, 2019

Westward Bound? How the CCPA Will Affect You

2019 InnoTech Oklahoma Conference
Oklahoma City, OK | October 22, 2019

Data Privacy and IT in this Technological World: A guide to ensuring compliance

2019 Regional Corporate Counsel Seminar
Springdale, AR | July 25, 2019

The Intersection of Cybersecurity & the Fourth Estate

Aspen Institute
Washington, DC | September 2018

Sleepless in Cyberspace: Navigating the Threat Landscape

American Bar Association Cyber Legal Task Force
Washington, DC | September 2018

Invasion of the Data Snatchers

Healthcare Headlines Seminar
Tulsa, OK | March 29, 2018

Invasion of the Data Snatchers

Healthcare Headlines Seminar
Oklahoma City, OK | March 27, 2018

Activating Your Cyber Insurance

TechAdvantage 2018 Conference & Expo
Nashville, TN | February 26, 2018

Cybersecurity and Risk Shifting

2017 Corporate Counsel Seminar
Oklahoma City, OK | December 7, 2017

Cyber Security for Law Firms and Those Who Retain Them

LEO Cyber Security Law Conference
Oklahoma City, Oklahoma | November 9, 2017

Cyber Security for Law Firms and Those Who Retain Them

LEO Cyber Security Law Conference
Tulsa, Oklahoma | November 8, 2017

Fundamentals of Cybersecurity Law & Policy

Washington, DC | September 2017

Security vs. Security – A Conversation with Facebook

American Bar Association’s Homeland Security Law Institute
Washington, DC | September 2017

The Cybersecurity Information Sharing Act: An Overview and Update

American Bar Association’s Homeland Security Law Institute
Oklahoma City, OK | April 2017

An ‘Apple’ a Day Keeps the Hacker … or the Government … Away?

Rotary Club of Oklahoma City
Oklahoma City, OK | April 2016

A Deep Dive on Cyber & Incident Response Plans

The National Summit on Homeland Security Law: The State of Cyber
Oklahoma City, OK | April 2016

The Rule of Law – Security vs. Liberty

The National Summit on Homeland Security Law
Oklahoma City, OK | April 2015

Homeland and National Security – The Evolution of Domestic Extremism

American Bar Association Midyear Meeting
Houston, TX | February 2015

Practical Considerations in Advising and Representing Clients in Anti-Terrorism & Homeland Security

Investigations and the Realm of National Security Law
Oklahoma City, OK | June 2014

Industry Group Leaders