Nashville Cybersecurity Specialists

The cybersecurity landscape can be difficult to navigate, which is why our law firm provides strategic cybersecurity services for entrepreneurs, small business owners, business franchise owners, and corporations of all sizes. Our cybersecurity lawyers are experts in all areas of privacy protection and information security. Whether you require legal assistance for implementing cybersecurity best practices to keep your company data confidential, need help understanding how to protect against identity theft, or need legal counsel to appropriately respond to a data breach, you can count on our law firm to assist you.


Our Cybersecurity Services

At Thompson Burton, we are dedicated to helping our clients prepare in case of a cyber attack or privacy issue. However, should a cybersecurity threat arise, our attorneys have effective strategies in place to help clients act as swiftly as possible. Our full range of cybersecurity services includes:
  • Cybersecurity risk assessment
  • Cybersecurity litigation management
  • Cybersecurity insurance
  • Data security policy creation
  • General data protection regulation
  • Data breach notification laws
  • Identity theft laws
  • Information security
  • Cyberbullying laws
  • Invasion of privacy claims
We also assist clients among various industries, including health care, finance, education, government, and information technology to ensure they meet all federal and state privacy laws and regulations.  

Contact Our Cybersecurity Lawyers

Without careful development, implementation, and enforcement of information security policies, privacy policies, and other cybersecurity best practices, companies become more vulnerable to cyber attacks and potential lawsuits. Our attorneys at Thompson Burton want to make sure this never happens to your company. Contact us to learn more about our cybersecurity services and how we can help you keep all sensitive business information confidential and protected.  
Contact Us

ABA Warns Lawyers That Data Breaches Raise Ethical Issues

The phrase “looking back to the past with an eye on the future” is one that could adequately describe the legal profession’s current attitude towards technological innovation. An industry historically reliant on antiquated methodologies and formal training now has little choice but to embrace the current “Golden Age” of technology. This technological evolution in law is no more readily apparent than in the dramatic changes to legal research (out with the case reporters and in with Westlaw & LexisNexis), writing (“to put pen to paper” now replaced by “to affix fingers to keyboard”), and file retention (goodbye Bankers boxes, hello cloud storage). With such technological advancement comes innumerable challenges to one of, if not, the most important ethical obligations of an attorney – the protection of client information. The American Bar Association’s Standing Committee on Ethics and Professional Responsibility (“the Committee”) emphasized this point through the  formal guidance issued at […]

Continue Reading

State Attorneys General: The New Iron Fist of Data Protection and Privacy

As high-profile data breaches continue to befall major companies, a flurry of actions by state Attorneys General — not that of Congress nor the Federal Trade Commission — continue to land the biggest data protection punches. Recent breaches suffered by Target, Uber, and Neiman Marcus have produced multi-state lawsuits from all over the country. This all begs the question: Is state data protection and privacy enforcement just a passing trend or here to stay? On What Authority? State Attorneys General act as key consumer protection advocates, wielding authority over data privacy through state consumer protection laws (often referred to as Unfair or Deceptive Acts or Practices, or UDAP, laws). These UDAP laws act as miniature versions of the FTC Act but feature one very important distinction with respect to punitive measures. While the FTC’s pursuit of civil penalties is a painstaking and circuitous process, UDAP laws provide a much more […]

Continue Reading

SEC Continues to Urge Companies to Prioritize Cybersecurity Through Section 21(a) Report

In a new investigative report[1] released this week, the Securities and Exchange Commission (“SEC”) again stressed the need for public companies to prioritize cybersecurity measures. The SEC’s Report signifies the agency’s ongoing emphasis of cybersecurity initiatives this year. For those of you keeping track at home (as I know so many of you are), 2018 thus far has seen the SEC put out interpretive guidance for public companies on cybersecurity disclosure requirements (I wrote about it here) and initiate its first enforcement action against a registered investment-adviser over a violation of the Identity Theft Red Flags Rule. This proactive approach is indicative of the belief put forth by Chairman Jay Clayton earlier this year that “cybersecurity is critical to the operations of companies and our markets,” and as such, calls for the SEC to “continue to evaluate developments in this area and consider feedback about whether any further guidance or […]

Continue Reading

The 10 Things Businesses Must Think About After a Data Breach: Part One

In a perfect world, companies would prepare ahead of time for a problem that on average costs them $7.91 million. This “not if, but when” problem? *Cue Jeopardy response*: What is a “data breach”. In this two-part series, I want to discuss the ten things every organization must consider when dealing with a data breach. This post deals with considerations applicable to what I like to call “data breach triage”. In Part 2 of this series, I’ll conclude with the remaining 5 things companies must think about when putting public data breach response plans into action (PR, notifications, etc). 1. Any suspicion of a data breach should immediately prompt a call to outside counsel Yes, the clock is ticking and time indeed is very precious, but outside counsel as first point of contact accomplishes a number of important objectives. For starters, outside counsel should first assess whether the incident in question […]

Continue Reading

Ohio’s Data Protection Act: A Cooperative Approach to Cyber Legislation

Ohio’s recent enactment of a new cybersecurity law could provide a blueprint for other states to pass similar cyber legislation. In a political climate dominated by the fear of excessive government oversight, an alternative route for states to implement new cybersecurity policy is through voluntary, incentive-based laws. Cooperative versus Coercive Cybersecurity Legislation Jeff Kosseff, in the illuminating article “Defining Cybersecurity Law,” talks about the dichotomy between coercive and cooperative aims underlying cybersecurity legislation. The idea behind coercive lawmaking is legislation intended to deter certain behavior. In the context of cybersecurity, a coercive law would deter inadequate data protection practices. An example of a coercive cybersecurity law is Massachusetts’ data security law (Chapter 93H and 201 CMR 17.00). This law requires all businesses in possession of personal information on Massachusetts residents to enact minimum security standards such as a written information security program (“WISP”). Cyber Legislation based upon the principle of […]

Continue Reading