Fredrikson’s Data Protection & Cybersecurity Group partners with all manner of corporate clients—from emerging growth companies to large financial and healthcare institutions—to address and resolve issues relating to the ever-changing online environment including:

  • Cybersecurity and Privacy Assessments, Counseling, and Compliance Programs
  • Vendor Contracting and Management
  • Data Breach Planning and Response
  • Privacy Litigation and Regulatory Investigations
  • Cybersecurity and Privacy Diligence for Mergers and Acquisitions

As the headlines demonstrate, companies face unprecedented challenges in protecting sensitive information and minimizing cybersecurity risks. Utilizing an experienced team of litigation, health care, financial services, transactional, employment and internet technology attorneys, the Data Protection & Cybersecurity Group is uniquely poised to help clients meet and overcome these challenges.


Fredrikson attorneys have deep experience across a broad range of industries, acquired through our work on compliance and litigation matters for organizations ranging from large public entities to emerging growth companies. Our attorneys provide practical and strategic advice to help our clients mitigate risk, manage security breaches and handle litigation and matters before key agencies and courts. Our experience includes:

Financial Services, Banking & Credit Cards

  • Confidentiality requirements for former investment advisors
  • Customer information sharing requirements among affiliates and non-affiliates
  • Document destruction requirements and policies
  • Foreign outsourcing requirements
  • Industry standard privacy practices
  • Information Security policy and procedure audits
  • Joint marketing program requirements
  • Ownership of financial client files
  • Payment Card Industry Data Security Standards
  • Prescreened customer marketing requirements
  • Privacy notice requirements including delivery and amendment related rules
  • Responses to regulatory subpoenas and other inquiries
  • Spousal financial privacy obligations
  • State banking and insurance customer financial privacy requirements
  • Vendor management and related contractual provisions

Collecting & Protecting Consumer Data

  • Drafting privacy policies for websites, apps, and internal policies and procedures
  • Advising on privacy notice requirements
  • Facilitating cross border transfer of personal data
  • Developing COPPA (Childrens’ Online Privacy and Protection Act) policies and practices for online sales directed to children
  • Coordinating risk mitigation involving internet and computer insurance issues for data losses

Data Protection Issues in Information Technology

  • Developing diligence questionnaires to assess the capabilities of vendors who handle personal data and competitively sensitive information
  • Developing standard contractual provisions addressing privacy and security of data for vendors handling personal data and competitively sensitive information
  • Negotiating contractual protections for customers purchasing services from vendors handling personal data or proprietary information
  • Addressing data rights in ‘Big Data’ created through shared and aggregated data bases

Data Breach & Breach Response

  • Developing cybersecurity incident response plans and breach notification practices
  • Drafting and auditing cybersecurity policies
  • Advising on Federal and State cyber breach notification requirements
  • Negotiating regulatory enforcement actions following an information security breach
  • Advising on responding to regulatory subpoenas and other information requests following an information security breach

Employment & Trade Secrets

  • Creating policies and procedures to address BYOD (Bring your own device, and privacy issues associated with BYOD)
  • Creating policies and procedures for managing sensitive HR data, including benefits data
  • Litigating and advising on employee disputes involving theft of company information and trade secrets
  • Advising on employee disputes involving monitoring of employee activity and privacy implications of that monitoring activity
  • Developing of social media, confidentiality, codes of conduct and appropriate use policies
  • Creating strategies for managing movement of employee data across borders
  • Advising clients on identifying, marking, and protecting trade secret information, including data protected by privacy statutes
  • Litigating claims related to employee data theft, including data protected by privacy statutes

Mergers & Acquisitions Transactions

  • Handling diligence requests to avoid inadvertent disclosures of protected personal data
  • Conducting diligence on privacy and security practices, including cloud-based vendor diligence, to assess risk
  • Drafting and negotiating key protections in transactional documents to limit exposure on past ‘bad acts’
  • Providing advice to integrate acquired protected data into existing systems

Third Party Claims, Investigations & Litigations 

  • Litigating claims related to electronic fraud
  • Negotiating with third parties regarding reimbursement of unauthorized payments

Data Loss Litigation

  • Enforcing of vendor and indemnification agreements in the wake of security breaches
  • Litigating allegations of inadequate cybersecurity and data protection measures
  • Litigating breaches of privacy policies
  • Litigating claims related to alleged failure to ensure reasonable and appropriate protection of consumer information or protected health information

HIPAA, Medical & Health Information

We have worked with dozens of healthcare clients (and their business associates) to develop their internal policies and procedures to try to head off potential privacy problems before they start. We have worked with clients on privacy breaches large and small, including responses to HIPAA breaches and responses to investigations by the Office for Civil Rights and state Attorneys General related to disclosures or losses of protected health information.

We have worked to shepherd clients through investigations and/or criminal enforcement actions brought by the Department of Justice for alleged violations of criminal privacy protection laws including the Computer Fraud & Abuse Act, the Stored Communications Act, the Wiretap Act, the Foreign Intelligence Surveillance Act, and the Economic Espionage Act.


Ethical Considerations for In-House Counsel in a Connected World, Fredrikson & Byron Health Law Webinar Series, Sten-Erik Hoidal and Megan Bowman, May 10, 2023

Best Practices in M&A for Analyzing a Target Company’s Privacy and Data Security, 2023 Midwest Legal Conference on Data Privacy and Cybersecurity, Minnesota CLE, Sten-Erik Hoidal, February 2023

Cybersecurity Basics: What Every Health Care Lawyer Should Know about Current Threats, Fredrikson & Byron’s Health Law Webinar Series, Sten-Erik Hoidal, January 19, 2022

Targeting the C-Suite: Business Email Compromises—Prevent, Identification, and Response, 2020 Midwest Legal Conference on Privacy & Data Security, Sten-Erik Hoidal, February 14, 2020

Cybersecurity Due Diligence in M&A, DealLawyers.com Webcast, Sten-Erik Hoidal, January 23, 2020

Privacy and Security in Cross-Border Investigations, Fredrikson & Byron’s Cross-Border Investigations Seminar, Sten-Erik Hoidal, November 12, 2019

Mergers and Acquisition Trends: What You Need to Know about Privacy & Security, Association of Corporate Counsel, Iowa Chapter, Sten-Erik Hoidal, May 31, 2019

GDPR, CCPA, and the Coming Wave of Privacy Regulations: Risk or Opportunity?, Minnesota High Tech Association Annual Spring Conference, Sten-Erik Hoidal, May 9, 2019

The Rise of Privacy: Oversight, Compliance and Management, Fredrikson & Byron program co-hosted with Baker Tilly, Sten-Erik Hoidal, March 8, 2019

The Rising Tide of Individual Privacy Rights: What Does It Mean for Minnesota Businesses?, Association of Corporate Counsel Minnesota Lunch & Learn, Sten-Erik Hoidal, January 17, 2019

Focus on Privacy and Data Security within a Healthcare Transaction, Health Law Practicum, Sten-Erik Hoidal, December 10, 2018

What’s Trending in the World of Advertising Law?, Fredrikson & Byron program co-hosted with Ad Fed, Sten-Erik Hoidal, September 13, 2018

Hot Topics: What You Need to Know Now—GDPR, Fredrikson & Byron program co-hosted with Ad Fed, Sten-Erik Hoidal, September 13, 2018

M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cyber Security, Minnesota CLE, Sten-Erik Hoidal, September 7, 2018

Don’t be Caught Off Guard: Strategies to Manage Risk for Investment Advisors, Fredrikson & Byron program co-hosted with Charles Schwab and BMO Global Asset Management, Sten-Erik Hoidal, June 26, 2018

Data as Asset, Key Issues Driving the M&A Market, Fredrikson & Byron Seminar, Sten-Erik Hoidal, June 19, 2018

New SEC Guidance on Cybersecurity Disclosures, Strafford Webinar, Sten-Erik Hoidal, June 12, 2018

M&A Transactions: Due Diligence, Reps and Warranties Related to Data Privacy and Cybersecurity, 2018 Midwest Legal Conference on Privacy and Data Security, Sten-Erik Hoidal, January 26, 2018


News & Insights

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.