Skip to navigation.


Personal information of customers, employees, and vendors is one of the most valuable assets held by a company and also, increasingly, one of the most vulnerable to unlawful disclosure. Personal information essentially includes anything that can be used to identify a particular person. This includes obvious items like names, photos, and social security or other identification numbers. Sometimes it also includes less obvious data points such as computer IP addresses, geolocation information, genetic identifiers, and voice prints. With the proliferation of privacy laws around the world, all aimed at protecting an individual’s ability to control the use and spread of their personal information, companies must perform an analysis of the information they collect and their privacy practices to ensure that they comply with these privacy laws.

Depending on a company’s business footprint and data collection activities, it may be subject to several privacy laws, including, for example, several U.S. state and federal laws, as well as the EU’s new privacy regulation. Each of these laws comes with its own set of complex requirements around the collection and use of personal data, a company’s ability to share it with others, restrictions on transfers across international borders, and obligations arising from data breaches. While a privacy policy that informs your customers, employees, and vendors of the information you collect and the steps you take to protect it is a good start, compliance with these global privacy laws comes from company-wide projects designed to strategically protect and limit use of the personal information.

Protorae Law’s Privacy and Cybersecurity Practice is a proactive, holistic, strategic counseling practice focused on guiding clients through the review of their corporate activities, data flow, and systems, and modification of their practices to support compliance with the relevant laws. We work collaboratively with clients to deeply understand the information collected, where it lives within the company, how it is used, and with whom it is shared. We then help companies develop the internal policies and practices, information governance systems, and compliance programs necessary to come into compliance with privacy laws that affect their business. Through it all, we focus on creative and cost-effective solutions that match our clients’ goals and budgets.


All computer systems are vulnerable to attack. Corporate and customer information are valuable assets and the penetration methods used by hackers to take them have become increasingly sophisticated. Spoofing (faking credentials to trick legitimate users into giving up information or access), typosquatting (diverting users to acquire their information or access by using emails or URLs that are similar in appearance but incorrect), and ransomware (code that locks users out of their system until ransom is paid and access restored) are just some of the methods used to steal money, information, influence, and to disrupt individuals, companies, and government entities of all kinds.

Cybersecurity law is a growing field of law that focuses on answering two broad questions: (1) how can companies better protect themselves from computer-based intrusion; and (2) if such an intrusion occurs, what steps must a company take to minimize additional intrusion and to notify its users and customers?

Protorae’s Privacy and Cybersecurity Practice is a proactive, strategic counseling practice aimed to help companies identify the weaknesses in their information governance systems and implement internal policies, processes, education, and physical and technical security measures to minimize their business risks associated with unauthorized activities involving company data. We counsel clients from government contractors to international agencies to multi-national corporations on the appropriate steps to mitigate the risk of a cybersecurity attack and support compliance with an ever-growing set of regulations governing collection, processing, use, and destruction of their business’s digital information.

We work closely with our clients to understand their information technology systems and how the employees of the organization interact with those systems. After analyzing and understanding data flows, we help clients reduce their vulnerabilities, speed up their ability to recover from attacks, and identify the resources they need to enhance their cybersecurity and comply with relevant regulations.

We invite you to read our blog for new and interesting developments involving privacy, cybersecurity, and intellectual property law and the ever-changing technology that people and businesses interact with every day.

  • David C. Johnson
  • Associate
  • 703.639.0683
  • Email