Data Privacy and Cybersecurity

  • Overview
  • Team

Over the years, McAfee & Taft lawyers have represented clients with various privacy and cybersecurity issues specific to certain industries or matters.  This representation has included assistance with the Health Insurance Portability and Accountability Act (HIPAA) for clients in the healthcare industry, providing legal expertise for financial institutions pertaining to the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, and consultation and guidance for clients’ compliance efforts with the CAN-SPAM Act and the Children’s Online Privacy Protection Act (COPPA) and their impact on online marketing and promotion. In recent years, privacy and cybersecurity compliance has grown more complex due to technological advancements and an ever-changing legal landscape. Today, in addition to assisting with legal issues specific to certain business sectors, the firm assists clients with data breaches, updating externally facing privacy policies to comply with applicable law, and revising internal policies and data governance policies.

The firm’s Data Privacy and Cybersecurity Group is made up of numerous attorneys practicing in a broad range of disciplines that regularly encounter issues in this niche area of law.  Leveraging our industry-specific command of privacy and cybersecurity issues, McAfee & Taft has customized solutions and advice to meet each client’s business needs. This is made possible by years of experience encountering clients’ privacy and cyber security issues as well as additional training and certifications by firm attorneys in this area.   Three of the firm’s attorneys have earned a Certified Information Privacy Professional (CIPP/US) designation from the International Association of Privacy Professionals, and two have earned the credential of being a Certified Information Privacy Manager (CIPM).

Comprehensive Legal and Business Services

Legal Compliance and Transactional

As technology becomes more complex in how data may be collected and analyzed, so too has the legal framework governing that collection and use.  Currently, there is no federal law that generally concerns all data use and collection, so compliance requires an in-depth knowledge of the patchwork of federal, state, and potentially foreign laws that may apply to your business. McAfee & Taft assists clients in identifying and assessing its legal risk and strategic needs in collecting, using, storing, and securing information of its customers and employees that covers three aspects of our clients’ businesses:

  • Review of internal practices and procedures for comprehensive and customized privacy and cybersecurity policies that address business needs.
  • Implementation of public-facing policies that inform employees and customers of your data practices in a manner that addresses applicable legal requirements.
  • Consultation on contingency plans for management of any possible data breach, including manners to mitigate business risk in the event of an incident.

McAfee & Taft attorneys have reviewed internal and external policies across numerous business sectors concerning data and cybersecurity issues, including the impact of the General Data Protection Regulation (GDPR) on global data collection issues.  Our data and cybersecurity representation has been for Fortune 100 companies as well as start-ups concerning the constantly changing universe of rights, responsibilities, and risks that accompany data collection in the modern world.

In addition to assistance with day-to-day operations, McAfee & Taft assists clients with data privacy and cybersecurity issues related to business transactions.  Our services have included due diligence for privacy, data security and information rights, and negotiating representations, warranties, and risk allocation concerning the same in business transactions, including merger and acquisition transactions.

Data Breach Litigation and Investigations

Our attorneys also work closely with clients in security breach matters, ensuring swift, effective, and confidential response plans.  We have assisted numerous clients with data breach incidents affecting employees and consumers throughout the United States.  We assist in all aspects of a data breach, from the initial response, to working with forensic companies to ascertain the cause of the breach in a manner to maintain privilege, to providing notification to those affected by a data breach.

Our team also advises clients when purchasing cybersecurity coverage to ensure that a policy matches a business’s specific needs.  Today, many policies are not tailored toward cybersecurity issues, or explicitly exclude them.  Leveraging our expertise and professional relationships, our attorneys work with clients to understand their own coverage and to find policies that may be better suit their needs.  As a result, in the unfortunate event of a data breach, we can help you navigate the legal and practical hurdles of cybersecurity forensics, insurance coverage, and – where necessary – preparing notifications mandated by state and federal law.

Sasha L. Beling
Shareholder, Industry Group Leader
(405) 270-6011
William J. Holland
(918) 574-3027
Robert T. Luttrell, III
Of Counsel, Practice Group Leader
(405) 552-2291
Zachary A.P. Oubre
Shareholder, Industry Group Leader
(405) 270-6023
Patricia A. Rogers
(405) 235-9621
Chase C. Webb
(405) 552-2280
Anna E. Wolfe
(918) 574-3048


CCPA deadline looms
cybersecurity coronavirus

COVID-19 Impacts: Data Privacy and Cybersecurity

McAfee & Taft LINC |

Yes, even your IT systems are susceptible to COVID-19

McAfee & Taft LINC Alert |
internet data privacy

Push for data privacy increases

The Journal Record |

Would you like some milk with your cookies? 5 months post-GDPR

McAfee & Taft tIPsheet |

Speedier service or biased browsing?

The Journal Record |

Is the internet neutral and does it really matter?

McAfee & Taft tIPsheet |

Preventing data breaches

The Journal Record |

Legal risks on the rise for businesses that auto‑dial, text

McAfee & Taft tIPsheet |

FTC amends Children’s Online Privacy Protection Rule

McAfee & Taft tIPsheet |

Canada’s Anti-Spam Legislation to impact electronic marketing and communications

McAfee & Taft tIPsheet |

At The Podium

Data Insecurity

2019 Corporate Counsel Seminar
Oklahoma City, OK | December 5, 2019

Data Insecurity

2019 Corporate Counsel Seminar
Tulsa, OK | December 4, 2019

A Practical Overview of Privacy and Security for In-House Counsel

Oklahoma County Bar Association CLE Seminar
Oklahoma City, OK | November 15, 2019

Online Privacy

IABC of Central Oklahoma
Oklahoma City, OK | November 7, 2019

Westward Bound? How the CCPA Will Affect You

2019 InnoTech Oklahoma Conference
Oklahoma City, OK | October 22, 2019

Data Privacy and IT in this Technological World: A guide to ensuring compliance

2019 Regional Corporate Counsel Seminar
Springdale, AR | July 25, 2019

Invasion of the Data Snatchers

Healthcare Headlines Seminar
Tulsa, OK | March 29, 2018

Invasion of the Data Snatchers

Healthcare Headlines Seminar
Oklahoma City, OK | March 27, 2018

Activating Your Cyber Insurance

TechAdvantage 2018 Conference & Expo
Nashville, TN | February 26, 2018

Cybersecurity and Risk Shifting

2017 Corporate Counsel Seminar
Oklahoma City, OK | December 7, 2017

Cyber Security for Law Firms and Those Who Retain Them

LEO Cyber Security Law Conference
Oklahoma City, Oklahoma | November 9, 2017

Cyber Security for Law Firms and Those Who Retain Them

LEO Cyber Security Law Conference
Tulsa, Oklahoma | November 8, 2017

Industry Group Leaders