Cyber Security & Data Protection

Scarinci Hollenbeck’s cyber security and data protection team regularly handles “crisis litigation,” including emergency applications before the courts, representing individuals, businesses, and government agencies and implementing data breach response programs in compliance with the laws and standards that regulate the collection, use, sharing, storage and protection of personal and business.

Our Approach

The Scarinci Hollenbeck Cyber Security and Data Protection Group is led by Fernando M. Pinguelo, 2015 winner of The National Law Journal’s “Trailblazer Award” for Cybersecurity and Data Privacy.

At the intersection of business, information, technology and law, the eWorld moves rapidly— and the failure to stay abreast and in compliance can have devastating consequences. Cybercrime is estimated to cost the global economy more than $500 billion per year. In the United States, firms under $50 million in revenue experience the most attacks and the number of targeted attacks on small businesses doubled in 2014 and continued at that same pace for 2015.

Coupled with our Crisis and Risk Management Group and our renowned E-Discovery team, the Cyber Security and Data Protection group is built to respond rapidly to the threat and actuality of data breach and its ramifications, both business and regulatory.

Well experienced in the development and implementation of data breach response, Scarinci Hollenbeck is prepared to assist clients with the coordination of criminal, civil, regulatory and, if need be, public responses following a data breach.

Businesses that possess personally identifiable information have numerous obligations and responsibilities under state, federal, and – in some cases – international law. Our local access to federal and state authorities and a global alliance of legal and technical professionals enables our team to address these most urgent of client needs in a prompt, thorough and effective manner.

Businesses and their upper-level management, regardless of size, have been found to bear responsibility to shareholders, employees, and customers to safeguard proprietary, confidential, and trade-secret information.

In order to reduce the exposure to risk and liability, in addition to itsdata breach (i.e., hacking) response capabilities, the Cyber Security & Data Protection Group also assists clients in understanding their responsibilities under this complex and ever-evolving legal landscape and in implementing systems to effectively comply with the applicable laws and standards that regulate the collection, use, sharing, storage and protection of personal and business data.


We understand how information-use business models and how information flow generates revenue for our clients. Our lawyers have extensive experience in technology, banking and finance, consumer protection, employment, international law, intellectual property, health care, and litigation. In addition, our lawyers have hands-on business experience that enables us to provide strategic business consulting on all aspects of information policy, including privacy, information security, and records management.

We play an important role in the development of public policy regarding the future regulation of cyber issues and are recognized as authorities in the field. For example, we have offered commentary on U.S. federal legislation, lectured internationally, written comprehensive, scholarly articles on cyber topics, and been quoted in media reports addressing cyber issues. In addition, the group chair has been designated as a Fulbright Specialist in the area of how technology impacts the law, created and teaches an innovative law school course on the topic, and founded and contributes to a blog that monitors cyber and data privacy initiatives and policies that emanate from The Office of the President of the United States, eWhite House Watch.

The Cyber Security & Data Protection Group is dedicated to providing guidance to address the proliferation of information technology vulnerabilities that have made it difficult for clients to safeguard and manage critical information, and is committed to offering solutions to reduce risk and comply with the patchwork of laws and regulations that administer information governance.

Cyber Security & Data Protection Group Services Include:

  • fpinguelo@sh-law.com
  • Defense of actions brought against businesses as a result of breaches, including actions filed under federal laws such as Gramm–Leach–Bliley Act, Computer Fraud and Abuse Act, Electronic Communications Privacy Act, HIPAA, and individual state and local consumer protection laws.
  • Assistance with dispute resolution, management of consumer concerns, response to allegations of misuse of data, state and federal investigations (including actions and requests for information from state attorneys general, DOJ, and the Federal Trade Commission), and litigation.
  • Address issues concerning consumer and employee privacy, online advertising and behavioral marketing, social media and data sharing, and data retention policies.

The Cyber Security & Data Protection Group invites you to learn more about our services and subscribe to our mailing list to receive articles and notices about upcoming seminars. Please contact us at fpinguelo@sh-law.com.

Read about the latest developments and cases affecting the world of cyber security and data protection at eWhite House Watch blog.

  • Serve as national coordinating counsel to Opice Blum Advogados Associados, Brazil’s premier cyber law firm.
  • Led efforts in the U.S. in conjunction with Brazilian legal efforts concerning a significant data security breach; filed unique federal pre-lawsuit action that compelled cloud-based website to produce user information for use by international IT security firm in its investigation of highly confidential reports.
  • Led and coordinated efforts to contain company’s data security breach and address data security obligations under the relevant federal and state laws.
  • Assessed client’s lost data event and determined that state data breach notification requirements did not compel company-wide employee notification.
  • Successfully addressed breach of security issues for client under New Jersey’s Identity Theft Prevention Act.
  • Secured removal from YouTube of video that disparaged client’s integrity and caused a negative economic impact on its business.
  • Successfully addressed online social networking (OSN) issues for employer whose employees abused the use of OSN sites.
  • Represent TV news anchors, reporters, meteorologists, and sports casters, including Emmy Award-winning talent, regarding cyber security/privacy issues concerning their Internet reputation. Representative clients include on-air talent who broadcast out of local and affiliate TV stations across the U.S., including in Boston, Chicago, Los Angeles, Minneapolis, and New York.