Privacy & Cybersecurity


Crowell & Moring regularly advises high-profile retailers on the full range of federal, state, and international laws governing the collection, use, transfer, and protection of data. We counsel clients on securing and working with data about consumers, employees, and customers; developing internet privacy statements; developing contracts for cross-border transfers of data; and coordinating privacy and data security laws and requirements with employment, contract, and other laws. We use our deep knowledge of our clients’ business needs, risk profiles, and the retail industry to help them develop effective and practical privacy and cybersecurity policies, procedures, and strategies.

We can assist retailers with the following areas:

  • Risk assessment, compliance, and incident response planning
  • Developing and implementing global privacy and data protection programs
  • Crisis management, investigations, and incident response
  • Regulatory and litigation defense for data breaches, cyber incidents, and privacy issues
  • Critical infrastructure risk management
  • Cybercrime enforcement
  • Cyber reputation
  • Bringing Internet of Things (IoT) products to market

We also have notable experience helping clients navigate some of the thorniest legal regimes for retailers, including:

  • European General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • State Breach Notification Laws
  • Federal Trade Commission Investigations
  • Payment Card Industry Data Security Standard (PCI DSS)
  • California and Oregon IoT Security Laws
  • Children’s Online Privacy Protection Act (COPPA)
  • Telephone Consumer Protection Act (TCPA)
  • CAN-SPAM Act