Holland & Knight - Data Strategy, Security and Privacy by Holland & Knight

Practice Profile Our Data Strategy, Security & Privacy Team helps clients capitalize on data and tech capabilities, while managing associated risks and incidents that arise. We have advised and represented clients on many of the largest public (and nonpublic) data issues and security incidents in the U.S. Our practice spans a full spectrum of proactive and reactive services:  Counseling and Program Management  Government Policy and Regulatory Compliance  Litigation and Class Action Defense

 Incident Response, Crisis Management and Insurance  Investigations and Regulatory Enforcement

With dozens of attorneys in our practice, and backed by Holland & Knight's global team of approximately 1,700 lawyers and other professionals operating from 32 offices worldwide and admitted to practice in nearly every U.S. jurisdiction, we pride ourselves on being a diverse team, and believe diversity of thought and perspective enables us to best serve our clients. Our team is sensitive to unique data, security and privacy needs of different clients and is closely integrated with the firm's other highly knowledgeable attorneys across many industry sectors:

Financial Services

Healthcare & Life Sciences

Retail & Consumer Products

Technology & Telecommunications

Real Estate & Hospitality

Transportation & Infrastructure

We deliver: 1) pragmatic business-oriented solutions to address legal needs, 2) documentation you need for legal compliance and contracting, and 3) strategic representation during an incident, as well as in investigations and litigations that may follow. We do it efficiently, with transparent budgeting and billing.

Counseling and Program Management IT PAYS TO BE PROACTIVE. There is an important "upside" to the nature of legal risk associated with data privacy and security – it heavily depends on privacy and security practices in place before an incident or legal action. Legal exposure hinges on a lack of preparedness and perceived failure to comply with laws, public representations and contractual obligations. Organizations experiencing the same incident can face different outcomes, depending on their preexisting practices and preparedness. When it comes to legal risk, preparation makes all of the difference. We provide a number of solutions and deliverable-oriented counseling services on this front:

PRIVILEGED RISK ASSESSMENTS Our team conducts a variety of risk and compliance assessments around data, cybersecurity and privacy, including a review of legal, operational and technical policies and practices in view of applicable laws, industry standards and public norms. Attorney-client privileged reviews provide a safer environment to assess practices, identify potential gaps and facilitate candid discussions with stakeholders in order to enhance the go-forward posture and further mitigate risk. Some examples of the assessments that we perform include:  Privacy Program Review to assess internal practices with respect to the 10 key privacy principles (management; notice; choice and consent; collection; use, retention and disposal; access; disclosure to third parties; security; quality; and monitoring and enforcement). This project includes a review and feedback for both public-facing documentation (e.g., website privacy policy) and internal processes (e.g., data life cycle and use cases; internal procedures).  Cyber Program Review to assess the maturity of a cybersecurity program with respect to technical, business and legal risks based on relevant laws and industry best practices, such as those described in the NIST Cybersecurity Framework.  Enterprise Risk Audit is a more focused review aimed at assessing legal and contractual risk mitigation controls that could be put in place to manage risk exposure, such as class action waivers, arbitration clauses, among others, as well as more specific audits on issues such as potential liability under the Telephone Consumer Protection Act (TCPA).

POLICIES AND PROGRAM MANAGEMENT A robust set of documentation promotes mature business operations, while also evidencing reasonable practices in the event of regulatory investigations or legal disputes. We work with clients on publicfacing materials (e.g., website terms of use and privacy policies) as well as their internal cybersecurity, privacy, incident response and employee practices (e.g., acceptable use; social media). We also advise clients on the use of data analytics, machine learning (ML) and artificial intelligence (AI), advertising, marketing, sales and other data utilization opportunities involving personal data. Copyright © 2022 Holland & Knight LLP All Rights Reserved

We assist clients on documenting and operationalizing programs in compliance with a vast spectrum of federal, state and foreign legal obligations, including the FTC, GLBA, HIPAA, FCRA, COPPA, DPPA, VPPA, CalOPPA, CAN-SPAM, TCPA, state privacy and security laws and PCI. Some examples of the policies and programs that we assist with include:  public-facing website and mobile app policies  consumer data use practices and data subject rights (under GDPR, CCPA, etc.)  behavioral advertising and consumer marketing  procedures for emerging tech (data analytics, AI/ML, blockchain, FinTech)

We advise dozens of clients of all sizes on significant General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) projects, along with assistance on other evolving data protection requirements.

 internal privacy, employee privacy and data protection practices (code of conduct, employee handbook, social media, bring your own device (BYOD), acceptable use policy, and other HR policies and procedures)  written information security program (WISP) and incident response plan (IRP)  data classification and retention policies  employee training and awareness

THIRD-PARTY RISK MANAGEMENT, CONTRACTING AND DEAL SUPPORT Vendors and other third-party relationships present one of the largest cyber and privacy risk vectors, and many of the worst incidents in the past decade were attributed to such relationships. Therefore, we advise clients on vendor risk management programs, contract provisions and negotiation strategies to address intellectual property (IP) and data rights, cybersecurity, data privacy and liability/indemnity obligations. Our work includes an array of cloud services, customer-supplier deals, software agreements and data licensing. Some examples of our contracts and vendor management services include:  Third-Party Risk Management (TPRM) guidance for establishing a program to manage governance, due diligence, contracting, monitoring and termination of commercial relationships.  Standard template provisions addressing IP, data ownership and licensing, cybersecurity and data privacy for commercial agreements that are tailored to the client's particular industry and needs. This can include security exhibits and data processing agreements (DPAs).  A Checklist and/or Negotiation Playbook that procurement and sales teams can use as a guidepost for potential compromises during contract negotiations. We also advise on mergers and acquisitions (M&A) and other corporate transactions with appropriate due diligence support on information technology, IP, cybersecurity and data privacy assessments and recommendations, with appropriate representations and warranties, and, if necessary, advise on other risk mitigation strategies in view of the particular deal economics. Copyright © 2022 Holland & Knight LLP All Rights Reserved

BREACH PREPARATION: INCIDENT RESPONSE PLANNING AND TABLETOP EXERCISES Security incidents are inevitable in today's interconnected world. It pays to be prepared, and that means having an effective Incident Response Plan (IRP) along with a cross-functional team that knows how to use it. We support internal efforts in a few key respects:  We help develop a practical IRP that functions as a playbook for guiding the response team through an incident investigation and key decision points.  We also assist in reviewing the plan through a Tabletop Exercise during which the designated response team meets to work through hypothetical scenarios and "test" the IRP – confirming that it meets the organization's needs and effectively addresses roles and responsibilities, communication needs and decision-making tasks. We facilitate these exercises and provide a privileged after-action report summary, with observations on what worked well and what, if anything, might be improved.

CYBER LIABILITY INSURANCE Transferring exposure is a core risk management function. We advise clients on suitable cyber insurance terms and coverage amounts to address their enterprise risk tolerance. Our advice helps clients improve policy language and maximize insurance recoveries. These services often include:  assessment of cyber risk  understanding and negotiating coverage, such as  breach response (costs for counsel, forensic investigations, notifications and call centers)  loss containment (third-party liability, regulatory enforcement and penalties, online media liability)  theft and property loss (data loss, cyber extortion, computer fraud, improper transfer of funds)  business interruption  managing crossover with other lines of coverage (directors and officers, errors and omissions, commercial general liability, fiduciary liability, employment practices, crime and fidelity)  maximizing recovery following a claim and navigating logistics issues (notice, coverage overlaps and allocation, choice of counsel, exclusions and carve-outs) We literally wrote the book on cyber insurance, and have strong relationships with insurance carriers and brokers to strategically collaborate with them to drive the best outcome for clients. See A Buyer's Guide to Cyber Liability Insurance Coverage.

Government Policy and Regulatory Compliance Holland & Knight is recognized among the top 5 federal lobbying and law firms in Washington, D.C., with a strong bipartisan government affairs team and deep ties across federal legislative and agency bodies. Our firm's D.C.-led Public Policy & Regulation Group represents clients on the public policy, government relationships and legislative front, advising on the evolving – and often conflicting – patchwork of state, local, federal and international regulatory environments.  Public Policy. Our team helps clients present their cyber and privacy perspectives to key decisionmakers on government policies, legislation and regulation. Our attorneys and policy advisors can provide up-to-the-minute insights on how the executive branch and Congress are approaching these issues so clients can address legislative developments.  Regulatory Management. We also have significant experience working with the regulators building and evolving the intricate web of federal and state regulations on cybersecurity and privacy across many industry sectors, and advise on rulemaking and compliance.  International Treaties and Cooperation. We assist more complex client needs around the evolving and conflicting patchwork of international regulatory regimes. Members of our team have served in government as regulators and negotiators, enabling us to provide in-depth advice and counsel to clients on European Union treaties and regulations, G-7 and G-20 trade negotiations, Asia-Pacific Economic Cooperation (APEC) Cross Border Data Rules and other U.S. bilateral and multilateral negotiations such as the Trans-Pacific Partnership (TPP) and Transatlantic Trade and Investment Partnership (TTIP).

Incident Response, Crisis Management and Insurance We have consulted on more than a thousand actual or suspected incidents of loss, theft or misuse of data or information systems to date. In no event has a client that we counseled been later subject to legal action. We serve as trusted allies and coaches to clients experiencing a data breach or privacy incident, or building resiliency to prevent, detect or quickly respond to one. We advise on the full range of legal, technical and reputational challenges that arise in such events. Our clients cover a variety of industries, spread across financial services, healthcare and life sciences, utilities, national retailers, tech and consumer products, media and entertainment, and franchise organizations. We are well versed in, and routinely navigate, the relevant demands of public law (e.g., GLBA, HIPAA, DoD requirements for contractors, SEC guidance, state breach law) as well as private law (e.g., PCI DSS and card brand rules) in these emergency circumstances. We have counseled on breaches involving dozens of corporate counterparties, incidents involving information about tens of millions of persons, intrusions that compromised the integrity of medical records, and on breaches impacting consumers and regulators globally.

In all of this, we work closely with a client's other trusted third parties, including forensic investigators, crisis management and public relations teams, and cyber insurance carriers. Every step of the response and recovery is carefully and strategically executed to ensure the best possible outcome, including:  immediate response and triage  coordinating with internal stakeholders and external specialists  directing technical investigations to advise on legal risks and obligations  engaging with law enforcement and regulatory authorities as needed  public relations, notifications, call centers and credit monitoring  working with insurance carriers and brokers on coverage

Investigations and Regulatory Enforcement Our team has extensive proficiency with privileged internal investigations and regulatory actions, with attorneys who previously served in corresponding government roles and practitioners who regularly appear before federal and state agencies. Our team has significant experience working closely with – and, where needed, in opposition to – the leading cybersecurity and privacy regulators. Our team has represented clients in significant matters before the FTC, HHS OCR, SEC, CFTC, FINRA, DOJ, CFPB, Secret Service, FBI, state attorneys general and other state regulators, including insurance and banking regulators. For example, we have:  Represented an e-commerce company accused in the investigation of one of the world's largest publicly reported breaches, both in the company's security breach investigation and response and in the defense of the company in investigations initiated by U.S. and international regulators, including a nonpublic investigation initiated by the FTC; the FTC closed its multiyear investigation of the company without taking further action  Counseled a client in negotiating the resolution of the first significant joint FTC/HHS OCR investigation on data security for pharmacies  Obtained no-action letters from the California attorney general investigating apps offered by leading providers  Represented a specialty credit reporting agency in investigations by multiple state attorneys general (following a highly critical front-page New York Times article on a specific service line)  Secured the resolution of a detailed investigation by the New York attorney general's Internet Bureau regarding third-party data collection and tracking in child-focused websites  Represented a global organization in the transportation industry in the investigation and response to a security vulnerability reported by an information security researcher, including counseling the client through the investigation and remediation providing advice and counsel regarding engagement with the researcher, who, to date, has not made public their findings and represented the plan to keep the matter confidential

Our firm's government affairs practice regularly assists clients in connecting with, and presenting cases to, government agencies, staffers and Congress. We have assisted clients and trade organizations in response to inquiries on cyber risk, data breaches and privacy issues before all levels of government.

Litigation and Class Action Defense Our seasoned team of data privacy and cybersecurity litigators has defended approximately 120 privacy class actions, multidistrict litigations (MDLs) and other "bet-the-company" suits throughout the U.S. Class actions are a common and challenging consequence of privacy In 2022, Chambers USA and data security incidents, and increasingly extend to even mainstream ranked practice leader data collection and usage practices. We have a team of nationally Mark Melodia as one of recognized litigators who defend clients in privacy class actions based the top privacy and data on a wide variety of alleged claims, including breach of contract, breach security litigators in the of warranty, fraudulent representations, negligence, breach of state country. privacy and security laws, breach of state consumer fraud laws, the Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act (CFAA), as well as the DPPA, VPPA and TCPA, to name a few. In so doing, we often work closely and collaboratively with carriers providing coverage. Some exemplary cases include:  In Re: Countrywide Financial Corp. Customer Data Security Breach Litigation, 2012 WL 2873892 (W.D. Ky.). Defended client from more than 40 putative class actions arising from the alleged theft and resale of mortgage-related consumer information; obtained full release for class exceeding 17 million persons, resolved billions in potential liability; further opt out litigation dismissed on our motion in Holmes v. Countrywide Financial Corp., 2012 WL 2873892 (W.D. Ky. July 12, 2012).  Lockwood v. Certegy Check Services, Inc., No. 07-CV-01434 (M.D. Fla.). Defended a series of five putative national class actions arising from the theft of consumer information; plaintiffs sought to impose up to $8.5 billion in statutory liability under the FCRA; highly favorable settlement provided complete releases from in excess of 30 million consumers.  Bell v. Blizzard Entertainment, Inc., Case No.: 12-CV-09475 (C.D. Cal.). Successfully defended worldwide video game developer and publisher in nationwide class action over its alleged data security practices in relation to an alleged breach. No class action certified and settled on an individual basis. We have often been able to structure cost-effective means of resolution in these cases. For example, in the Lockwood case, we worked closely with Certegy to decide what could be offered as settlement consideration in lieu of cash. We determined that at virtually no cost, Certegy could monitor an enormous number of points of sale to see if checks were being fraudulently presented in the name of breach victims. Thus, Certegy offered "bank account monitoring" in the settlement, and the Court approved it. This novel solution served potentially affected individuals without cash payments.

We also have defended numerous class actions seeking extraordinary damages based on statutory fines. For example, lawsuits against West Publishing/Thomson Reuters claimed a breach of DPPA obligations, which protects motor vehicle records. Plaintiffs sought a statutory fine of $2,500 for each of the 200 million driver's records maintained by West Publishing. We challenged plaintiffs' interpretation of the DPPA on multiple fronts:  In the same court where another defendant paid $10 million-plus and agreed to major limitations, we won a motion to dismiss West Publishing outright on all DPPA claims from a putative class action. Young v. West Publishing Corporation, 724 F. Supp. 2d 1268 (2010) (S.D. Fla.).  We took the same approach in the Northern District of Illinois, and won affirmance on appeal to the Seventh Circuit. Graczyk v. West Publishing Corporation, 660 F.3d 275 (7th Cir.). Plaintiffs' petition for certiorari was denied.  In Missouri, a District Court disagreed with West Publishing, denied a motion to dismiss, and certified a litigation class action against West. However, we obtained interlocutory review and the Eighth Circuit reversed the lower court's rulings, ending the case. Johnson v. West Publishing Corporation, 801 F. Supp. 2d 862 (W.D. Mo. 2011), reversed without opinion by, Johnson v. West Publishing Corporation, 504 Fed. App'x. 531 (8th Cir. Apr. 9, 2013) (Nos. 12-cv-1172, 12-cv-1176). Plaintiffs' petition for certiorari was denied. We have successfully achieved many additional wins in cybersecurity and privacy suits. For example:  Gino D'Ottavio v. Slack Technologies, No. 1:18-cv-09082-NLH-AMD (D.N.J.). Defended putative national class action brought under the Telephone Consumer Protection Act (TCPA) and obtained full dismissal. Currently seeking sanctions against plaintiff and plaintiff's counsel for misrepresentations in the lawsuit.  Murray, et al. v. Community Care Physicians, P.C., and BST & Co. CPAs, LLP, No. 904955-20 (N.Y. Sup. Court, Albany Co.). Defended healthcare provider against a putative class action arising from a ransomware incident allegedly involving information maintained at a vendor. The Court dismissed the case in its entirety.  Graham and Morgan, et al. v. Universal Health Service, Inc., No. 2:20-cv-05375 (E.D. Pa.). Defended healthcare provider against a putative class action arising from a ransomware incident. Class-wide damages theories and two named plaintiffs dismissed by the Court. The one remaining plaintiff voluntarily dismissed his complaint.  Clark, et al., v. Women’s Care Florida, LLC et al., No. 16-2019-CA-007337-MA (4th Cir. Fla., Duval Cty.); Colon-Gonzalez, et al. v. Women's Care Florida, LLC et al., No.: 16-2019-CA-007863 (4th Cir. Fla., Duval Cty.); and Craft, et al. v. Women's Care Florida, LLC et al., No: 8:19-cv-3066-MSS-JSS (M.D. Fla.), to be consolidated as Cherrae Clark, Kylie Colon-Gonzalez, and Amaris Laguerra, et al. v. North Florida OB GYN, LLC, North Florida Obstetrical & Gynecological Associates, P.A., and Women’s Care Florida, LLC, Physician Business Services, LLC, No. 16-2019-CA-007337-MA (4th Cir. Fla., Duval Cty.). Defended healthcare provider against putative class actions under Florida law arising from ransomware incident. The Consolidated Complaint, in its entirety, was dismissed.  Thomas Roger White Jr., et al. v. Sony Electronics Inc., et al., No. 2:17-cv-01775 (D.N.J.). Defended smart TV manufacturer in putative national class action alleging violations of federal privacy law (VPPA, CFAA, ECPA), New Jersey consumer protection laws, contract law and Copyright © 2022 Holland & Knight LLP All Rights Reserved

common law. After winning dismissal of all but one claim and after filing a motion to compel individual arbitration, the case settled on an individual basis.  Enslin v. The Coca-Cola Company, et al., No. 2:14-cv-06476-JHS (E.D. Pa.) (granting summary judgment to defendants and denying class certification as moot), reconsideration denied, 2017 WL 3727033 (E.D. Pa. Aug. 29, 2017), aff'd, Nos. 17-3153, 17-3256, 2018 WL 3060098 (3d Cir. June 20, 2018); see also Enslin v. Coca-Cola Co., 136 F. Supp. 3d 654 (E.D. Pa. 2015) (granting in part motion to dismiss for failure to state a claim). Successfully defended global brand against alleged privacy violations under federal and state law in connection with the theft of 55 laptops containing employee information, including violations of the Driver's Privacy Protection Act (DPPA). Won on summary judgment and decision affirmed by the Third Circuit.  Smith et al. v. Facebook Inc. et al., No. 5:16-cv-01282 (N.D. Cal.). Defended American Cancer Society and Adventist Health System in a putative class action involving alleged sharing with Facebook. The District Court granted defendants' motion to dismiss, finding that the plaintiffs had consented to Facebook's tracking activities and that the court didn't necessarily have jurisdiction over the defendants based only on their use of an application programming interface (API) on their websites from California-based Facebook. Also, in many cases, we have been successful in having our client dropped from a case without any settlement or admission of wrongdoing.  Beam v. E-TRADE Financial Corporation, No. CV-2011-64-7 (Ark. Cir. Ct.); Baxter v. Skype, Inc., No. CV-2011-56-7 (Ark. Cir. Ct); Baxter v. Philips Electronics North America Corporation, No. CV201105402 (Ark. Cir. Ct.). Secured voluntary dismissals for clients E-TRADE, Skype and PENAC on October 6, 2011, in multimillion-dollar "flash cookie" privacy class actions.  Saenz v. Kaiser Permanente International, No. 1:09-cv-05562 (N.D. Cal.). Obtained voluntary dismissal for client in putative class action alleging violation of California privacy law resulting in hundreds of alleged identity thefts from a population of approximately 29,000 employees. In the same case, a class action was later certified in state court against our erstwhile co-defendant.  In Re: LendingTree, LLC Customer Data Security Breach Litigation, MDL 1974 (W.D.N.C.). Obtained two decisions compelling eight putative national class actions to individual (non-class) arbitration.

Industry Knowledge Our team understands the nuances of each client's particular industry and how it affects cybersecurity and privacy issues. We have breadth and depth across many key industries, with particularly strong experience in the following sectors:  Finance & Financial Services – We help a broad spectrum clients across the U.S. and international financial marketplace, from businesses seeking financing to banks, lenders and financial institutions needing experienced counsel to help navigate and manage regulatory and operational changes. Our Financial Services Team is comprised of innovative strategists, experienced litigators and transactional attorneys with long-term dealings in the banking arena and Copyright © 2022 Holland & Knight LLP All Rights Reserved

knowledge of rapidly changing market standards for various types of transactions. We advise on GLBA under its various regulatory authorities and their guidance, as well as top-of-mind issues such as third-party risks management practices. Chambers USA, Best Lawyers in America and Legal 500 have consistently recognized many members of the firm's banking and finance teams on a wide variety on matters across the finance sector.  Healthcare & Life Sciences – We represent the full range of healthcare-related businesses, including all providers along the care continuum, managed care organizations, health plans, thirdparty administrators, provider networks, integrated delivery systems, management services organizations, managed care companies, manufacturers, healthcare technology companies, distributors, suppliers, pharmacies, pharmaceutical companies, medical device companies, biotechnology firms, venture capital firms and private equity firms, in all aspects of their regulatory issues and business operations. We provide technical and legal counsel on a wide array of cybersecurity and privacy issues, from de-identifying clinical trial data sets and patient information, managing mobile and BYOD practices, working with mobile apps and network-aware medical devices, and complying with HIPAA and HITECH, to handling website data collection, use and sharing. Members of our team were recognized among the top legal professionals in the country by leading publications such as Chambers USA – America's Leading Lawyers for Business and Best Lawyers in America. Holland & Knight also received national first-tier rankings in the 2018 U.S. News – Best Lawyers "Best Law Firms" guide in Health Care Law.  Retail & Consumer Products – We advise manufacturers, distributors, wholesalers and retailers of consumer products in all aspects of their operations. Increasingly, our retail and consumer product clients require both proactive guidance on managing data privacy and security risks as well as advising on data and security breaches, and responding to regulatory investigations and class actions that may follow. Chambers USA – America's Leading Lawyers for Business recognized Holland & Knight as having one of the leading Retail practices in the United States and highlighted the firm's practice as "Recommended for Client Service" and "Recommended for Commercial Awareness."  Real Estate & Hospitality – Holland & Knight has a world-class Hospitality, Resort and Timeshare practice. It was awarded the 2017 and 2018 Practice Group of the Year for Hospitality by Law360, and the group is routinely ranked in top tiers by U.S. News – Best Lawyers, The Best Lawyers in America, The Legal 500 United States and Chambers USA. Our team represents several global hospitality brands and owners, and advise numerous clients in the hospitality industry on data privacy and security matters. For example, we are counseling a hospitality client in connection with a significant global data security incident, and advising a large international business in this sector on the development of a global privacy and security program, with a particular focus in the U.S. and Latin America.  Technology & Telecommunications – We help companies raise capital, protect and defend their technology, and navigate through the complex legal and compliance issues that arise as new technologies disrupt old ways of doing business. We help established companies protect and defend their technology, develop new business models and partner with or acquire emerging companies. Our corporate and intellectual property lawyers, policy advisors and attorneys in numerous legal domains are supporting clients in the creation, protection, financing, regulatory clearance and commercialization of the cutting-edge artificial intelligence, autonomous and Copyright © 2022 Holland & Knight LLP All Rights Reserved

connected transportation, distributed ledger, FinTech, healthcare, Internet of Things, 5G, virtual reality and other technologies that are shaping the future. The Financial Times honored Holland & Knight as one of the top 20 Most Innovative Law Firms: Business of Law as part of its North America Innovative Lawyer Awards for 2018, also recognizing the firm as second in Technology within the Business of Law category.  Transportation & Critical Infrastructure – We are a market-leading adviser to the transportation and infrastructure sector across aviation, maritime, transit, freight rail, motor carriers and logistics, and intercity transportation. Cybersecurity and data privacy are not new to this sector, but we are expecting increased risks and regulation in the near future. For example, the Transportation Security Administration (TSA) Cybersecurity Roadmap released in December 2018 details its planned oversight of cybersecurity in all seven areas of the Transportation Systems Sector (aviation, highway and motor carrier, maritime, mass transit and passenger rail, pipeline systems, freight rail, and postal and shipping). We are also one of a few law firms experienced in providing counsel on cybersecurity in connection with regulations for all 16 of the "Critical Infrastructure Sectors" identified by the White House and U.S. Department of Homeland Security (DHS) as vital to national security. Our practice has been recognized by leading publications including Chambers USA – America's Leading Lawyers for Business, Best Lawyers in America, Euromoney Legal Media Group Guide to the World's Leading Aviation Lawyers, The International Who's Who of Aviation Lawyers, Legal Media Group: The Best of the Best, Legal Media Group: The Best of the Best USA, Legal 500, U.S. News – Best Lawyers "Best Law Firms," Euromoney Legal Media Group Guide to the World's Leading Shipping and Maritime Lawyers and The International Who's Who of Shipping & Maritime Lawyers.

Recognition Data Strategy, Security & Privacy Practice Group Partners Mark Melodia and Paul Bond recognized in the 2022 BTI Client Service All-Stars ranking, a survey purely based on unsolicited feedback from top corporate legal decision-makers. Recognized by BTI Consulting Group's 2021 "Most Recommended Law Firms" list for superior client service for more than 18 years; in addition, named to the 2020 BTI Client Service A-Team and listed among the top 5 percent of all law firms as a standout in Complex Commercial Litigation in the BTI Litigation Outlook 2020 In the BTI Cybersecurity & Data Privacy 2020: Leading-Edge Insight & Strategy for Law Firms report, Holland & Knight was recognized as a standout in state and local regulations

Ranked in Band 1 Nationwide Privacy & Data Security: Highly Regarded category in the 2022 Chambers USA – America's Leading Lawyers for Business guide. Partner Mark Melodia, chair of the Data Strategy, Security & Privacy Team, is one of only five lawyers ranked in the 2022 Chambers Global – The World's Leading Lawyers for Business guide and 2022 Chambers USA – America's Leading Business Lawyers guide for Privacy & Data Security Litigation

Ranked in the inaugural edition of Global Data Review (GDR) 100

Ranked in the 2020 Leaders League USA – Best Law Firms for Data Protection & Cybersecurity

Received national first-tier rankings in the 2022 U.S. News – Best Lawyers "Best Law Firms" guide in 39 practice areas; in addition to 260 metropolitan first-tier rankings and named "Law Firm of the Year" in Land Use and Zoning Law and Admiralty and Maritime Law

Earned "Mansfield Certified Plus" status for the fourth consecutive year, recognizing the firm has consistently achieved at least 30 percent women and minority lawyer representation in a significant number of its current leadership roles and committees

Earned Gold Standard Certification from the Women in Law Empowerment Forum (WILEF) for the eighth year in a row for providing women attorneys with opportunities for financial success and positions at the highest level of firm leadership

Holland & Knight Offices United States Atlanta 1180 W. Peachtree Street, Suite 1800 Atlanta, GA 30309

Houston 811 Main Street, Suite 2500 Houston, TX 77002

Portland 601 SW Second Avenue, Suite 1800 Portland, OR 97204

Austin 98 San Jacinto Boulevard, Suite 1900 Austin, TX 78701

Jacksonville 50 North Laura St., Suite 3900 Jacksonville, FL 32202

Richmond 200 South 10th Street, Suite 1000 Richmond, VA 23219

Boston 10 St. James Avenue, 11th Floor Boston, MA 02116

Los Angeles 400 South Hope Street, 8th Floor Los Angeles, CA 90071

San Francisco 50 California Street, Suite 2800 San Francisco, CA 94111

Century City 1901 Avenue of the Stars, Suite 1200 Los Angeles, CA 90067

Miami 701 Brickell Ave., Suite 3300 Miami, FL 33131

Stamford 263 Tresser Boulevard, Suite 1400 Stamford, CT 06901

Charlotte 101 S. Tryon Street Charlotte, NC 28280

New York - West 52nd St. 31 West 52nd Street New York, NY 10019

Tallahassee 315 S. Calhoun Street, Suite 600 Tallahassee, FL 32301

Chicago 150 North Riverside Plaza, Suite 2700 Chicago, IL 60606

New York - 3rd Ave. 900 Third Avenue, 20th Floor New York, NY 10022

Tampa 100 North Tampa Street, Suite 4100 Tampa, FL 33602

Dallas - One Arts Plaza 1722 Routh Street, Suite 1500 Dallas, TX 75201

Orange County 3 Park Plaza, Suite 1400 Irvine, CA 92614

Tysons 1650 Tysons Boulevard, Suite 1700 Tysons, VA 22102

Denver 1801 California Street, Suite 5000 Denver, CO 80202

Orlando 200 South Orange Avenue SunTrust Center, Suite 2600 Orlando, FL 32801

Washington, D.C. 800 17th Street N.W., Suite 1100 Washington, DC 20006

Fort Lauderdale 515 E. Las Olas Boulevard, Suite 1200 Fort Lauderdale, FL 33301

Philadelphia 2929 Arch Street, Suite 800 Philadelphia, PA 19104

West Palm Beach 777 South Flagler Drive Suite 1900, West Tower West Palm Beach, FL 33401

Fort Worth 777 Main Street, Suite 3300 Fort Worth, TX 76102

International Algiers Lotissement Val d’Hydra, Villa 26 Algiers, Algeria

London Holland & Knight (UK) LLP Leaf 27C, Tower 42 25 Old Broad Street London EC2N 1HQ

México City - Palmas Holland & Knight México, S.C. Paseo de las Palmas No. 405, Piso 504 Col. Lomas de Chapultepec Miguel Hidalgo, Ciudad de México 11000, CDMX, México

Bogotá Holland & Knight Colombia SAS Carrera 7 # 71-21 Torre A, Piso 8 Bogotá, DC, Colombia

México City - Reforma Holland & Knight México, S.C. Paseo de la Reforma No. 342 Piso 28 Col. Juárez, Cuauhtémoc 06600, CDMX, México

Monterrey Holland & Knight México, S.C. Ricardo Margáin No.335, Torre II, Piso 2 Col. Valle del Campestre San Pedro Garza García, N.L. 66265, México