Miller Johnson’s Privacy and Technology Transactions group collaborates with clients at all stages of growth to develop right-sized, industry-specific solutions for managing and protecting their digital assets. Our team advises on cyber-risk management, information security and governance, data breach response, disaster recovery, technology transactions, and M&A deal diligence by leveraging our strategic alliances with a global team of cybersecurity service providers, experts, and attorneys.

Cyber-risk Management Consulting

Miller Johnson’s Privacy & Technology Transactions team helps companies and government entities manage information and mitigate risk associated with the collection, use, and disclosure of sensitive information about their customers and employees. The complex, global framework of legal requirements governing the flow of data demands an inter-disciplinary team approach that, like the Internet, spans the globe.  Our experience spans a range of industry sectors including manufacturing, healthcare, construction and engineering, consumer goods and retail, automotive, government entities, and non-profits.   Specific privacy services we provide for our clients include:

  • developing and implementing comprehensive privacy policies and procedures
  • investigating and providing training programs related to privacy in the workplace
  • responding to and managing data breaches and investigations following a breach, including notification and credit monitoring
  • ensuring compliance with Data Protection regulations, including adaptation to the EU GDPR
  • conducting data protection assessments and audits
  • advising on the transfer of personal data across borders
  • advising government entities regarding the Critical Infrastructure Protection Act (CIPA) and Department of Homeland Security cybersecurity assessments
  • advising and assisting Michigan businesses on California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance
  • providing consultation and training to Data Privacy Officers
  • providing due diligence with mergers and acquisition transactions to protect deal information
  • ensuring compliance with healthcare privacy regulations including HIPAA and HITECH
  • advising on PCI compliance and point of sale cybersecurity
  • negotiating and providing recommendations with respect to, cyber-insurance policies which historically have a wide variation in forms, terms, and coverage
  • negotiating and providing recommendations with respect to third-party data storage providers

Data Breach Response

In the event of a data breach, we provide immediate and comprehensive incident response and investigation under the protection of the attorney-client privilege.  Our team’s extensive experience working with the government on both civil and criminal matters of all sizes and scope allows us to effectively coordinate an organization’s engagement with law enforcement and federal and state regulators.

We have advised both public sector and private organizations in response to data breaches.  We have assisted these organizations in determining the attack vector and scope of the breach, assessing regulatory compliance requirements, managing data breach notifications, updating policies and procedures, and conducting training on those policies and procedures.

To assist organizations in assessing their data breach preparedness, Miller Johnson has prepared a Data Breach Toolkit.  Organizations can use the Toolkit on their own or with Miller Johnson’s assistance to enhance their cybersecurity posture.

Technology Transactions and M&A Deal Diligence

Our Technology Transactions team combines our intellectual property expertise with our experienced commercial transactions team to support our clients in all phases of the data life cycle, from drafting and negotiating complex ERP SaaS agreements to advising on basic data hosting agreements. We advise clients across industries on how to mitigate risk in this environment. We support our Corporate and M&A deal teams where technology and/or sensitive data is a strategic component of a deal or a commercial transaction. We regularly advise clients regarding:

  • SaaS agreements
  • Licensing and cloud services agreements
  • M&A/Deal due diligence
  • Data hosting agreements
  • Data migration services agreements
  • Internal and external compliance programs
  • Data protection agreements
  • IT equipment and services agreements
  • Software and website development agreements

Fortified Cyber Defense

Fortified Cyber Defense (“FCD”) is a subscription-based cyber-compliance and security solution which combines legal, IT, employee training, and insurance. FCD was developed by Miller Johnson privacy and technology transaction lawyers in collaboration with its IT managed services provider partner Micro Visions, Inc. Learn more about the solution at

Global Team Approach

Miller Johnson’s Privacy & Technology Transactions practice is enhanced by our strategic alliances with identity theft protection service providers, information technology and security experts, cyber-risk insurance providers, and membership in the Meritas Data Protection Group, an international team of expert privacy lawyers.  Meritas is a leading global network of independent law firms spanning over 80 countries around the world.  Miller Johnson’s membership in Meritas provides clients with unparalleled access to a global team of expert privacy attorneys who can resolve clients’ domestic and international data protection legal needs and advise on international regulatory developments.  Our strategic alliances and team approach provide clients a wide range of cybersecurity-related services, including identity theft protection and credit monitoring, managed IT cybersecurity services, and cyber-risk insurance tailored to your organization’s needs.