Print PDF Privacy and Information Security

The explosive growth in the collection and use of personal and commercial information has given rise to concerns about privacy and to increasing regulation of data security.  Our attorneys regularly counsel clients on all aspects of privacy and information security law, including the requirements of federal laws, such as the Gramm-Leach-Bliley Act, HIPAA, and the Children’s Online Privacy and Protection Act, and of state laws addressing notice of breach, protection of Social Security numbers, and the collection of information from consumers.  We also advise clients on compliance with payment card security standards, such as PCI DSS and PABP, and other industry-specific data security requirements.   

Our attorneys have significant experience in assisting clients in the development of comprehensive data privacy and security strategies, including on-line privacy policies and off-line procedures for collecting, storing, and sharing customer information and other sensitive data.  We offer our clients a wide range of services in this area, including training our clients’ employees on relevant privacy and information security issues and negotiating appropriate contractual protections into the clients’ agreements with third party vendors and service providers that may have access to sensitive data.  We have counseled national retailers and restaurant chains, major hospitals and universities, financial institutions, Internet service providers, and insurance companies on their data security and privacy concerns.

Our attorneys also are knowledgeable about international privacy regimes, including the European Union Data Protection Directive and Canada’s Personal Information Protection and Electronic Documents Act.  We have assisted clients which have international operations in devising appropriate practices and procedures for collecting data in foreign jurisdictions, transferring such data across international borders, and sharing such data within and without the client’s enterprise.  These efforts have included helping clients evaluate the requirements of the safe harbor negotiated between the United States and the European Union.

In addition, our firm has been a leader in assisting clients who are responding to large-scale data security breach incidents.  Our attorneys have considerable experience in dealing with all aspects of such incidents, including crafting customer communications and media relations strategies, managing forensic investigations of data breaches, and responding to inquiries from federal and state officials and regulators.  We also have assisted retail clients by working directly with their acquiring banks and with credit card associations to resolve claims of fraudulent charges and to reduce the liability arising from such claims.   Our attorneys have successfully defended merchants and banks against consumer class action suits arising out of data security breach incidents.