Lewis, Thomason, King, Krieg & Waldrop, P.C.




Cybersecurity is an emerging and evolving legal field that requires a dedicated team of lawyers experienced in information security and data privacy and its ever-changing rules and regulations. We offer full services in legal advisory matters, such as risk awareness and training; litigation and regulatory defense involving data breaches; and IT security referral information, including audits, vulnerability testing and forensic investigation.

Practice Area Description

Cybersecurity is an emerging and evolving legal field that requires a dedicated team of lawyers experienced in information security and privacy and its ever-changing rules and regulations. Whether caused by a simple mistake, such as an employee misplacing a device, to intentional, sophisticated attacks by outsiders, security breaches can range from a nuisance to crippling for a company.

To minimize exposure to liability and mitigate reputational risk, Lewis Thomason offers cybersecurity services in three primary areas: legal advisory; litigation and regulatory defense; and IT security referral information.

Legal advisory includes:

  • Internal risk awareness and training
  • Security policy development and review
  • Incident response plan development and review
  • Cyber insurance policy coverage consultation
  • Breach investigation and breach response management consulting

Litigation and regulatory defense include:

  • Administrative actions and penalties arising from data breach
  • Litigation matters

IT security referral services include:

  • Audits
  • Data mapping
  • Vulnerability testing
  • Intrusion detection monitoring
  • Forensic investigation

We are available to assist at the immediate realization of a breach, and we guide clients through response stages to ensure they’re meeting legal, regulatory and contractual obligations concerning the collection, use, transmission, storage and destruction of data. We also assist with mitigating cybersecurity-related risks. We help clients protect and manage personal data, as well as proprietary and information assets and other cyber risk exposures.

We work closely with clients who have in-house technology departments. We also have relationships with a number of firms across Tennessee providing IT security services that can be called upon for expertise in proactively developing cybersecurity preparedness and responding to cybersecurity incidents.

Our cybersecurity team has the assistance of other attorneys in the firm who are experienced in various industries, including health care and HIPAA laws, finance, education and nonprofit. We assist clients in navigating the complex layers of federal, state and international law, including data breach notification and privacy protection acts and accompanying regulations. We offer a wide range of cybersecurity advisory services and take a multidisciplinary approach to effectively manage a breach response, as well as mitigate losses resulting from a security incident.

In a time of exponential information and technology growth, cybersecurity liability increases. We work with clients to develop and implement data security incident response plans and ensure they are ready to address data and privacy breaches and any legal matters in this field.