Network engineer check racks at data center

Privacy, Data Protection & Data Security

ArentFox Schiff is a one-stop shop for privacy and data security compliance and investigations. Our team handles the full scope of issues, from CCPA/CPRA and other state privacy laws, to the GDPR and the FTC Act. We regularly represent clients in high-stakes regulatory investigations, when experience matters. Our goal is to help you navigate a rapidly changing legal, regulatory, and business environment, while enhancing your brand with innovative solutions and protecting it from challenges.

Read Our Privacy Counsel Blog

Read the premier legal blog for data security news and insights.

Our Focus

The regulatory environment for privacy and data security changes rapidly, almost daily. ArentFox Schiff helps clients navigate this reality.

Our Privacy, Cybersecurity & Data Protection team advises a diverse set of companies, including well-known brands in the advertising, consumer products, data, health care, hospitality, media and entertainment, nonprofits and trade associations, retail, and technology sectors.

As industry insiders on privacy, information governance, and data security, our group helps clients establish best practices and comply with state, federal, and global laws, regulations, expectations, and norms, while providing sophisticated legal and business solutions that anticipate tomorrow’s opportunities and challenges.


Our Team

Our team, with decades of experience in the field, frequently advises clients on how to safeguard their data, and how to maintain trust with business partners, employees, and consumers, whether around the corner or around the globe.   

The firm stands apart because of our experience and our integrated and innovative approach to problem-solving. From regulatory requirements and transactional counseling to managing investigations and developing new technologies, we are a destination firm for companies looking to protect and grow their brands with innovative solutions and to protect their brands from challenges.

How We Help

  • FTC Compliance and investigations
  • General Data Protection Regulation (GDPR) compliance California Consumer Privacy Act (CCPA),  California Privacy Rights Act (CPRA) and other state law compliance and defense
  • Cross-border data transfer issues
  • End-to-end partner in data breaches and ransomware incidents
  • Health information privacy, data security, and breach notification
  • Internal investigations and governance programs
  • Internet of Things (IoT) compliance
  • Data protection agreements
  • NIST, ISO, PCI-DSS, and other security standards compliance
  • Payment security and mobile payment compliance
  • M&A, due diligence and, transactional work

Key Contacts