Privacy & Cybersecurity

Best Best & Krieger LLP takes an inter-disciplinary approach to privacy and cybersecurity, integrating attorneys from across practice groups with backgrounds and training in relevant areas, such as health privacy and security, employee data privacy, business and customer records and government records. Serving multiple sectors, including health care, business, local government and education, BB&K attorneys work closely with clients to understand their organizations and provide timely and responsive advice on privacy policies and approaches to real-world problems that arise. We bring a depth of experience in California law, litigation and information technology to assist clients with drafting policies related to privacy and cybersecurity, public record disclosure and retention, personnel issues and technology agreements.

Online Privacy
The BB&K team works with businesses and public agencies on issues related to online privacy, including compliance with the California Consumer Privacy Act, or CCPA, and the European Union General Data Protection Regulation, known as GDPR. We develop website privacy policies and advise on data disclosure, user consent and data storage and retention in relation to personal and financial information collected through websites or applications.
We also help clients draft online privacy policies and disclosures to meet the requirements of the California Online Privacy Protection Act, or CalOPPA, Controlling the Assault of Non-Solicited Pornography and Marketing Act, best known as CAN-SPAM, the Children’s Online Privacy Protection Act, known as COPPA, the Telephone Consumer Protection Act, known as the TCPA, the Stored Communications Act and federal fair information practices.
Data Incident Preparedness & Response
BB&K attorneys counsel clients on data breach reporting responsibilities, data breach responses, responses to ransomware and other hacking incidents, and investigations by federal and/or state regulators. When an incident occurs, we assist with forensic investigations and crisis management activities, press releases, notifications to affected individuals, communications with regulators and credit card issuers and responding to federal and state regulatory inquiries and investigations.
Health Care Industry & Health Data
BB&K attorneys are well-versed on, and routinely advise both public sector and private sector clients on, health privacy laws, including the Health Insurance Portability and Accountability Act, known as HIPAA, the California Confidentiality of Medical Information Act, federal Substance Abuse Confidentiality regulations and California laws governing sensitive records, such as HIV test results and mental health records subject to the Lanterman-Petris-Short Act. Our attorneys also have experience with health care security standards, including National Institutes of Standards and Technology standards.  

Supply Chain Issues and Technology Contracting
BB&K attorneys work regularly with management and staff of private companies and public agencies on the drafting and negotiation of contracts for services, technology and the development and financing of critical infrastructure and capital projects, including the replacement of major software systems. This work includes taking the lead role in the drafting and negotiation of software and hardware agreements, technology licensing and other related technology contracts. Further attention is given to examining security issues in vendor agreements and protection of trade secrets in the supply chain. 

Employees & Remote Working
BB&K attorneys counsel employers on the cybersecurity risks presented by remote working and BYOD, or “bring your own device” policies. We counsel employers on creating a culture of cybersecurity within their organization through the use of administrative, technical and physical safeguards. We also counsel employers on the privacy implications of employee monitoring and obligations imposed on employers by legislation, such as the Stored Communications Act.

Public Agency Experience
With one of the largest public agency-focused practices in the U.S., BB&K attorneys are distinctly qualified to counsel public entities on privacy and cybersecurity issues that are unique to the public sector. These include the privacy of government records, in particular:

  • Confidentiality of police department and criminal records
  • Transportation records and smart city privacy and data sharing issues
  • Customer records held by local government (e.g., related to utilities)
  • Employee privacy issues, including laws regulating the collection, use and/or handling of applicant data and personnel records, privacy policies and record retention
  • Data breach reporting laws, including the California Information Practices Act
  • Ways that the CCPA and GDPR may impact government records

Our Services
BB&K provides privacy and security services including the following:

  • Conducting and overseeing Privacy Impact Assessments, compliance audits and security risk assessments
  • Providing day-to-day privacy compliance counseling
  • Developing and presenting training on privacy and security compliance
  • Developing and reviewing customized privacy, security and incident-response policies
  • Guiding data breach response and reporting
  • IT contracting, including negotiating licensing agreements and privacy and security contract provisions for vendor agreements
  • Counseling on privacy of government records and providing California Public Records Act guidance and response
  • Developing strategies for data sharing and information exchange and agreements care functions
  • Developing website privacy policies and data retention and storage strategies
  • Cyber insurance coverage issues and claims

Privacy and Security of Health and Personal Information

  • Developed and reviewed privacy policies for national health providers, California hospitals, Medi-Cal health plans, education-related service providers, and telemedicine, digital health and medical device companies and mobile applications.
  • Assisted a Louisiana state hospital system to disaffiliate data systems and information, and developed contractual agreements related to data ownership, data access and custody and compliance with federal and state law.
  • Advised Los Angeles County and the California Association of Public Hospitals on data sharing arrangements and approaches for Whole Person Care and related programs.
  • Counseled California county hospitals and a major national health system on health information exchange participation strategy, developed privacy policies and participation agreements for regional data exchanges and county Social Services and Health Information Exchange and negotiated data sharing agreements.
  • Assisted California counties and businesses with analysis of breach reporting options, assisted with breach reporting and investigations by, and response to, Office for Civil Rights.
  • Counseled a university to ensure its privacy policy is consistent with GDPR.
  • Counseled on cybersecurity “red flags,” i.e., signs of an attempt to breach system security or obtain confidential information.

Employee Data Privacy

  • As an appointee to the California Fair Employment and Housing Act, worked on the so-called “ban-the-box” regulations governing an employer’s use of criminal history records.
  • Served as a workplace investigator for public employers, which implicated the Stored Communications Act and case law concerning reasonable expectation of privacy in workplace electronics.

Government Records

  • Helped more than 20 law enforcement agencies traverse a significant change in the laws governing the privacy of peace officer personnel records.
  • Regularly assists public agencies in the applicability of the Marken case to personnel records, including a disclosure procedure that protects employee privacy rights.
  • Advised the Orange County Social Services Agency on confidential welfare matters, including reviewing the Agency’s contracts.
  • Advised the Orange County Sheriff’s Department on litigation matters, including a case involving Special Masters.


  • Advised the cities of Redwood City and Palm Springs and the Santa Clarita Valley Water Agency on the implementation of new financial and Enterprise Resource Planning software projects.
  • Reviewed and advised a client about the terms of a cybersecurity liability insurance policy.

Online Data Privacy

  • Represented an email marketing company involved in a significant data breach. The representation involved responding to multiple state attorney generals, who inquired about potential violations of state data breach laws. It also involved client’s response to several false publications that were harmful to its reputation and business.
  • Drafted privacy policies and disclosures for clients that conduct business online and advised on data collection, use and storage practices, including compliance with the CCPA, TCPA and GDPR.
  • Conducted privacy impact assessment and advised on privacy and security approach for online educational business.
Areas of Focus: Business | Business Litigation | Eminent Domain | Labor & Employment Litigation | Real Estate
Areas of Focus: Business | Health Care
Areas of Focus: Business | Business Litigation | Business Transactions | Intellectual Property | Labor & Employment | Labor & Employment Litigation
Areas of Focus: Business | Business Litigation | Real Estate
Areas of Focus: Business | Environmental Law & Natural Resources | Intellectual Property | Real Estate | Renewable Energy | Special Districts

Christine N. Wood

Director of PRA Services and E-Discovery Counsel

(213) 542-3861

Areas of Focus: ARC: Advanced Records Center | Board Governance & Administration | California Public Records Act | Government Policy & Public Integrity | Municipal Law | Public Agency Litigation
Press Releases Mar 31, 2021

Partner Leeann Habte Named a Woman of Influence: Health Care

Los Angeles Business Journal Recognizes Those Who Contribute to the Community’s Health in Extraordinary Ways

Authored Articles & Publications Jan 08, 2021

Best in Law: Protecting Privacy on COVID-19 Contact Tracing Apps

Glen Price Discusses Privacy Issues Around COVID-19 CA Notify App and Others

Press Releases Jan 04, 2021

New Partner, Leaders and Diversity Committee

BB&K Announces Changes for 2021

BB&K In the News Dec 08, 2020

BB&K Attorney and Barrett, The Honors College at ASU Alum Christina Morgan Profiled

The Business Practice Group Member Featured in Alumni Newsletter

Press Releases Nov 11, 2020

BB&K Attorney Christina Morgan Named a San Diego Next Top 40 Business Leaders Finalist

San Diego Business Journal Recognizes Professionals Under Age 40

Press Releases Oct 06, 2020

California Trailblazer: BB&K’s Christine N. Wood Honored for Public Records Work

The ARC: Advanced Records Center Leader Recognized by The Recorder

Authored Articles & Publications Jul 27, 2020

The CCPA's Impact on Public Agencies

BB&K's Gregg Kettles Writes About the California Consumer Privacy Act in PublicCEO

Legal Alerts Jul 14, 2020

CCPA Enforcement Begins as AG Proposes Rules

Final Regulations to Help Businesses Comply with California Consumer Privacy Act; Ballot Measure Could Expand Privacy Protections

Authored Articles & Publications Feb 24, 2020

Best in Law: The Significant Business Expense of Unlicensed Software

Partner Glen Price Explains the Importance of Understanding Software Licensing for the Southern California Newspaper Group

Authored Articles & Publications Nov 27, 2019

GDPR Compliance

BB&K's Christina Morgan Talks About Data Privacy in Riverside Lawyer Magazine

Authored Articles & Publications Oct 30, 2018

Best in Law: Talking Bots

Partner Glen Price Writes About AI Communication Law for the Press-Enterprise

Legal Alerts Aug 13, 2018

Public Agencies and GDPR Compliance

Government Entities Should Evaluate Data Collection and Use Practices

Authored Articles & Publications May 15, 2017

Best in Law: How to Better Ensure Company Information is Secure

The Weakest Link in Security May be a Vendor, Partner Glen Price Warns in the Press-Enterprise

Authored Articles & Publications Nov 30, 2015

Best in Law: Data Security and the Inside Job

BB&K Partner Glen Price Writes About the Biggest Threat to Business Owners in the Latest Press-Enterprise Best in Law Column

Cookie Consent

By clicking “Agree,” you agree to the storing of cookies on your device to enhance website navigation, analyze website usage and assist in our marketing efforts. View our Cookie Notice here.