Fredrikson’s Data Protection & Cybersecurity Group partners with all manner of corporate clients—from emerging growth companies to large financial and healthcare institutions—to address and resolve issues relating to the ever-changing online environment including:

  • Cybersecurity and Privacy Assessments, Counseling, and Compliance Programs
  • Vendor Contracting and Management
  • Data Breach Planning and Response
  • Privacy Litigation and Regulatory Investigations
  • Cybersecurity and Privacy Diligence for Mergers and Acquisitions

As the headlines demonstrate, companies face unprecedented challenges in protecting sensitive information and minimizing cybersecurity risks. Utilizing an experienced team of litigation, health care, financial services, transactional, employment and internet technology attorneys, the Data Protection & Cybersecurity Group is uniquely poised to help clients meet and overcome these challenges.


Fredrikson attorneys have deep experience across a broad range of industries, acquired through our work on compliance and litigation matters for organizations ranging from large public entities to emerging growth companies. Our attorneys provide practical and strategic advice to help our clients mitigate risk, manage security breaches and handle litigation and matters before key agencies and courts. Our experience includes:

Financial Services, Banking & Credit Cards

  • Confidentiality requirements for former investment advisors
  • Customer information sharing requirements among affiliates and non-affiliates
  • Document destruction requirements and policies
  • Foreign outsourcing requirements
  • Industry standard privacy practices
  • Information Security policy and procedure audits
  • Joint marketing program requirements
  • Ownership of financial client files
  • Payment Card Industry Data Security Standards
  • Prescreened customer marketing requirements
  • Privacy notice requirements including delivery and amendment related rules
  • Responses to regulatory subpoenas and other inquiries
  • Spousal financial privacy obligations
  • State banking and insurance customer financial privacy requirements
  • Vendor management and related contractual provisions

Collecting & Protecting Consumer Data

  • Drafting privacy policies for websites, apps, and internal policies and procedures
  • Advising on privacy notice requirements
  • Facilitating cross border transfer of personal data
  • Developing COPPA (Childrens’ Online Privacy and Protection Act) policies and practices for online sales directed to children
  • Coordinating risk mitigation involving internet and computer insurance issues for data losses

Data Protection Issues in Information Technology

  • Developing diligence questionnaires to assess the capabilities of vendors who handle personal data and competitively sensitive information
  • Developing standard contractual provisions addressing privacy and security of data for vendors handling personal data and competitively sensitive information
  • Negotiating contractual protections for customers purchasing services from vendors handling personal data or proprietary information
  • Addressing data rights in ‘Big Data’ created through shared and aggregated data bases

Data Breach & Breach Response

  • Developing cybersecurity incident response plans and breach notification practices
  • Drafting and auditing cybersecurity policies
  • Advising on Federal and State cyber breach notification requirements
  • Negotiating regulatory enforcement actions following an information security breach
  • Advising on responding to regulatory subpoenas and other information requests following an information security breach

Employment & Trade Secrets

  • Creating policies and procedures to address BYOD (Bring your own device, and privacy issues associated with BYOD)
  • Creating policies and procedures for managing sensitive HR data, including benefits data
  • Litigating and advising on employee disputes involving theft of company information and trade secrets
  • Advising on employee disputes involving monitoring of employee activity and privacy implications of that monitoring activity
  • Developing of social media, confidentiality, codes of conduct and appropriate use policies
  • Creating strategies for managing movement of employee data across borders
  • Advising clients on identifying, marking, and protecting trade secret information, including data protected by privacy statutes
  • Litigating claims related to employee data theft, including data protected by privacy statutes

Mergers & Acquisitions Transactions

  • Handling diligence requests to avoid inadvertent disclosures of protected personal data
  • Conducting diligence on privacy and security practices, including cloud-based vendor diligence, to assess risk
  • Drafting and negotiating key protections in transactional documents to limit exposure on past ‘bad acts’
  • Providing advice to integrate acquired protected data into existing systems

Third Party Claims, Investigations & Litigations 

  • Litigating claims related to electronic fraud
  • Negotiating with third parties regarding reimbursement of unauthorized payments

Data Loss Litigation

  • Enforcing of vendor and indemnification agreements in the wake of security breaches
  • Litigating allegations of inadequate cybersecurity and data protection measures
  • Litigating breaches of privacy policies
  • Litigating claims related to alleged failure to ensure reasonable and appropriate protection of consumer information or protected health information

HIPAA, Medical & Health Information

We have worked with dozens of healthcare clients (and their business associates) to develop their internal policies and procedures to try to head off potential privacy problems before they start. We have worked with clients on privacy breaches large and small, including responses to HIPAA breaches and responses to investigations by the Office for Civil Rights and state Attorneys General related to disclosures or losses of protected health information.

We have worked to shepherd clients through investigations and/or criminal enforcement actions brought by the Department of Justice for alleged violations of criminal privacy protection laws including the Computer Fraud & Abuse Act, the Stored Communications Act, the Wiretap Act, the Foreign Intelligence Surveillance Act, and the Economic Espionage Act.


Data Security Series: Developing and Implementing a Data Breach Response Plan—Best Practices to Minimize the Impact of a Breach, Minnesota CLE, Sten-Erik Hoidal, October 17, 2017

Cybersecurity Risk Management—What Boards Need to Know, Society for Corporate Governance, Twin Cities Chapter Meeting, Sten-Erik Hoidal, October 5, 2017

There has been a Material Adverse Change—What Happens Now? (How to Deal with Cyber Security or Data Breach during a Transaction), Transaction Advisor’s Chicago M&A Conference, Ann Ladd, September 14, 2017

The Three Most Overlooked Cybersecurity Risks: Human Factors, Information Control and Third-Party Vendors, Association of Corporate Counsel Minnesota Lunch & Learn, Sten-Erik Hoidal, September 12, 2017

Cyber Liability: What the Board Needs to Know, Minnesota High Tech Association Spring Conference, Sten-Erik Hoidal, May 9, 2017

Strategies to Manage Cybersecurity Risks for the Financial Industry, Fredrikson & Byron and Charles Schwab Cybersecurity Program, Surly Brewing, Sten-Erik Hoidal, Ann Ladd, Terrence Fleming and Sandra Smalley-Fleming, February 1, 2017

Avoiding an Incident Response Hangover: Data Breaches and Departing Employees, Cybersecurity and Trade Secrets Group Event, Surly Brewing, Sten-Erik Hoidal, May 17, 2016

Data Security: Is Your Data Safe, Association for Corporate GrowthMinnesota Chapter, Monthly Luncheon and Panel Discussion, Beau Hurtig, October 20, 2015

Privacy and Security Risks in Vendor and Supply Chain Contracts, Midwest Privacy & Data Security Conference, Minnesota Bar Association, Steven Helland, January 14, 2016

Insider Threats: Identifying and Deterring Company Information Theft, Fredrikson & Byron’s 31st Annual Employment & Labor Law Seminar, Sten-Erik Hoidal, November 6, 2015

Protecting Your Company From A Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact, Iowa Association of Corporate Counsel, Corporate Counsel Forum, Sten-Erik Hoidal and Ann Ladd, October 30, 2015

Developing and Implementing a Data Breach Response Plan: Best Practices to Minimize the Impact of a Breach, Minnesota CLE, Data Breach Preparedness and Response Seminar, Sten-Erik Hoidal, October 2, 2015

Lessons Learned from Recent HIPAA and Big Data Breaches, Fredrikson & Byron Health Law Webinar, Briar Andresen, Katherine Ilten and Ann Ladd, August 12, 2015

Computer Crime: How Are We Vulnerable?, Lockton, Sten-Erik Hoidal, May 1, 2015

Insulate Your Company from a Cyber Breach—Proactive Steps to Minimize Breach Risks & Impact, Association of Corporate CounselMinnesota Chapter, Ann Ladd and Sten-Erik Hoidal, February 19, 2015

Legal Guide to Privacy and Data Security, Minnesota State Bar Association CLE, Legal Guide to Privacy and Data Security, Steven Helland, August 18, 2014

Data Privacy & Security, Legal and Financial Implications, Trust Executive Round Table, Steven Helland and Teresa Thompson, June 26, 2014

Fredrikson & Byron HIPAA Training: Direct Training Session for Health Care Staff, Fredrikson & Byron Health Law Webinar, Briar Andresen and Katherine Ilten, September 11, 2013

Countdown to HIPAA Enforcement Date: Checklist of Last Steps for Complying with New HIPAA Regulations, Fredrikson & Byron Health Law Webinar, Briar Andresen and Katherine Ilten, July 10, 2013

Data & Health: The New and Necessary Frontier, The Collaborative’s Tech.2013: Data, the Cloud, Commerce, Social, Platforms, Niche Tech, Enterprise & Health, Ann Ladd, May 2, 2013

Data Privacy & Security: A View from the Board Room and C-Suite, Data Privacy and Security for In-House Counsel, Steven Helland, March 21, 2013

Data Privacy & Security in M&A Transactions, Data Privacy and Security for In-House Counsel, Ann Ladd, March 21, 2013

Revenge of HIPAA: What You Need to Know About the New HIPAA Regulatory Scene, Fredrikson & Byron Health Law Webinar, Briar Andresen and Katherine Ilten, February 13, 2013

Business Associates, 2010 Twin Cities Privacy Professionals Retreat, Ann Ladd, February 26, 2010

Data Privacy for Small Business, Data Privacy & Security Conference, Minnesota Better Business Bureau, Ann Ladd, September 2009


News & Insights

Jump to Page

Fredrikson & Byron, P.A. stores cookies on your device to enhance site navigation, make your browsing experience as useful as possible, and analyze site usage. By accessing this website with cookies enabled in your web browser, you agree to the storing of cookies on your device. Please read our Privacy Policy and our Disclaimer.