413-781-2820 413-781-2820

Cybersecurity Practice Group

Bulkley Richardson advises businesses, medical providers, and individuals on data protection and privacy laws. We regularly assist organizations in formulating or revising data protection and privacy policies to comply with federal and state statutes and regulations. This includes – but is not limited to – bringing clients into compliance with the Massachusetts Standards for the Protection of Personal Information, as well as the requirements of the Health Insurance Portability and Accountability Act and other federal legislation.

Our team also advises companies on the data privacy and security implications of mergers and acquisitions, outsourcing arrangements, cross-border data transfers, and other transactions. We assist in responding to inquiries from federal and state regulators, including the Center for Medicare and Medicaid Services, the Federal Trade Commission, and state attorneys general.

We work to protect clients both before and after a data breach. This includes helping companies prevent a breach by, for example, developing or improving policies with respect to employee use of IT services, social media, and personal devices. We and our technical partners help clients develop incident response plans through risk assessments in order to minimize the risk of a data breach and to put our clients in the best position to respond if a breach occurs. In the event of a breach, we and our technical partners provide rapid and comprehensive incident response, including handling communications with cyber insurance carriers and performing after-action analysis.

Bulkley Richardson also performs contract reviews for clients to ensure that vendors protect our clients’ data, and maintain the confidentiality, integrity, and availability of data stored offsite with vendors or in the cloud. We also assist in reviewing cyber insurance policies to ensure that clients receive the best coverage at the lowest cost.

Recent News

Representative Matters

  • Counseled a public company after a data breach involving a recently-purchase subsidiary.
  • Represented a mid-sized company in responding to a suspected breach of customer credit card information due to Russian hackers. We handled reporting to state regulators and negotiations with the client’s vendors.
  • Counseled a major medical center on suspected computer intrusions.
  • Assisted a large medical facility in revising existing data privacy and security policies and in adopting new policies to keep current with changing regulatory requirements.


  • MCLE Conference on Sophisticated Issues in Massachusetts Family Law, “Cyber Issues in the Probate and Family Court: Authenticity, Legality and Admissibility,” February 27, 2013.
  • National Information Security Group – Boston Chapter, “Staying Out of Prison: A Cyber Law How-to Guide,” September 18, 2013.
  • Boston Security Conference, “A Cyber Law How-to Guide,” February 10, 2014.
  • Western New England University School of Law, “Recent Developments in Cyber Law,” February 3, 2015.
  • Massachusetts Bar Association, Lifecycle of a Business Part III: Intellectual Property and Data Security and Privacy, “Federal Computer Crime and Privacy Statutes,” May 24, 2016.
  • Massachusetts Bar Association, 14th Annual In-House Counsel Conference: What Keeps Counsel Up at Night, “Cyber Attacks on Business,” December 1, 2016.
  • Massachusetts Bar Association, Lifecycle of a Business Part II: Cyber Security, “Cyber Security Concerns for Businesses,” April 27, 2017.