Privacy and Information Security
The explosive growth in the collection and use of personal and commercial information has given rise to concerns about privacy and to increasing regulation of data security. Our attorneys regularly counsel clients on all aspects of privacy and information security law, including the requirements of federal laws and regulations, such as the Gramm-Leach-Bliley Act, HIPAA, and the Children’s Online Privacy and Protection Act, the Red Flags Rule and Affiliate Marketing Rule and of state laws and regulations addressing data security and destruction, notice of breach, protection of Social Security numbers, and the collection of information from consumers. We also advise clients on compliance with payment card security standards, such as PCI DSS and PA-DSS, and other industry-specific data security requirements.
Our attorneys have significant experience in assisting clients in the development of comprehensive data privacy and security strategies, including on-line privacy policies and off-line procedures for collecting, storing, and sharing customer information and other sensitive data. We offer our clients a wide range of services in this area, including training our clients’ employees on relevant privacy and information security issues and negotiating appropriate contractual protections into the clients’ agreements with third party vendors and service providers that may have access to sensitive data. We have counseled national retailers and restaurant chains, major hospitals and universities, healthcare companies, financial institutions, Internet service providers, and insurance companies on their data security and privacy concerns.
Our attorneys also are knowledgeable about international privacy regimes, including the European Union Data Protection Directive, Canada’s Personal Information Protection and Electronic Documents Act and the APEC countries. We have assisted clients which have international operations in devising appropriate practices and procedures for collecting data in foreign jurisdictions, transferring such data across international borders, and sharing the data within and without the client’s enterprise. These efforts have included helping clients evaluate the requirements of the safe harbor negotiated between the United States and the European Union.
In addition, our firm has been a leader in assisting clients who are responding to large-scale data security breach incidents. Our attorneys have considerable experience in dealing with all aspects of such incidents, including crafting customer communications and media relations strategies, managing forensic investigations of data breaches, and responding to inquiries from federal and state officials and regulators. We also have assisted retail clients by working directly with their acquiring banks and with credit card associations to resolve claims of fraudulent charges and to reduce the liability arising from such claims. Our attorneys have successfully defended merchants and banks against consumer class action suits arising out of data security breach incidents.
Attorneys & Professionals
view list of professionals
- 4/4/2013 - Kahn and Broz Quoted in Privacy Law360 Story About Online-Tracking Class Action Suits
- 1/25/2013 - Kahn Quoted in Columbus Business First Story on Cyber Security
- 12/17/2012 - Vorys Attorneys Recognized as 2013 Ohio Super Lawyers and Rising Stars
- 5/2/2013 - InfoSec Summit 2013
- 4/24/2013 - Corporate Communications in the Digital Age
- 4/24/2013 - Impact of Encryption on Records Management
- 1/23/2013 - Flash Cookies Litigation: The Next Wave or a “Flash” in the Pan?
- 2/11/2011 - Client Alert: California Supreme Court Rules that ZIP Code is Personal Information Under the Song-Beverly Credit Card Act
- 5/19/2010 - Client Alert: New Federal Gift Card Statutes and Regulations