Practice Contact

Attorneys & Professionals

View List

Privacy & Data Security

Data Compliance

Complying with the growing number of domestic and international regulations is increasingly complex.  Our team benefits from representing progressive clients who are first-adopters of seemingly countless technologies – both decades ago and today.  Clients regularly call upon us to advise them on emerging technologies and opportunities, such as issues related to analytics and big data.  We’re also providing counsel on a variety of privacy and security issues related to the Internet of Things, and at each stage of the data lifecycle. 

As a result, we have stayed abreast of the requirements of federal laws and regulations such as Section 5 of the FTC Act; Gramm-Leach-Bliley Act; Fair Credit Reporting Act and Fair and Accurate Credit Transactions Act; Health Insurance Portability and Accountability Act of 1996; CAN-SPAM; Telephone Consumer Protection Act; Children’s Online Privacy and Protection Act; California Online Privacy Protection Act; Telemarketing Sales Rule; FTC guidelines, reports and orders; and state laws and regulations addressing marketing, privacy and security, including online disclosures, telemarketing, notice of breach, protection of Social Security numbers, and laws limiting the collection of customer data at the point of sale.

We regularly advise clients on compliance with payment card security standards, such as PCI DSS and PA-DSS, and other industry-specific data security requirements.  We assist in the evaluation of and compliance with self-regulatory guidelines affecting privacy and marketing issues, particularly with respect to tracking and targeting customers in both on and off-line environments, mobile applications and text messaging issues.

Global Privacy Programs

Many of our clients have called upon our counsel as they expand their businesses globally.  Vorys oftentimes quarterbacks the creation and coordination of global privacy programs by calling upon our vast network of international local counsel.  Our attorneys manage the launch of these programs by understanding the intricacies and risks associated with international privacy regimes.  We’re familiar with international privacy and data security laws and regulations, including in the EU, Canada and the APEC regions. 

We assist clients with international operations in devising appropriate practices and procedures for collecting data in foreign jurisdictions, transferring data across international borders, and sharing the data within and without the client’s enterprise. 

We have developed a reliable network of data and privacy attorneys around the globe who assist us in protecting our clients’ interests in foreign jurisdictions.  In addition, Vorys is a member of Ally Law, a network of more than 70 select, business-oriented law firms operating in more than 50 countries.

Employee Privacy

Whether it’s human resources data, employee health records, or employee email accounts, every employer has some form of sensitive information about its employees. We help our clients protect that data while retaining their own ability to access information when they need it, whether it is stored on their own servers, on their employees’ personal devices, or in the cloud.

Health Privacy & Security

Our attorneys are highly experienced in the developing area of health information privacy and the confidentiality of medical information, including the Privacy Rules of HIPAA and other federal and state privacy laws. In addition to working with numerous providers to develop their HIPAA/privacy policies and procedures, we have counseled large health care trade associations and their members on the full range of legal issues pertaining to HIPAA/privacy compliance. Our attorneys also are available to provide extensive HIPAA/privacy compliance training to providers and health care organizations. In addition, as health care has become an increasingly technological business, our attorneys have advised providers and third-party services concerning information systems privacy and the interplay between technology and corporate compliance.

Health information security and privacy compliance influences key business decisions about patient care, quality improvement and information technology. Our attorneys are well versed in the rapidly changing fields of health information exchanges, electronic and personal health records, paper and electronic data privacy and security, health information management, and state and federal discovery rules for Electronically Stored Information (ESI).

We routinely instruct and counsel health care providers on preemption and the requirements of state and federal laws, including the HIPAA Privacy and Security Rules, state notice of breach laws, and the production of individually identifiable health information in response to discovery requests, court orders, law enforcement investigations, public health concerns, and regulators responsible for health care oversight. We also clients on the new federal notice of breach requirements, changes to anticipate for covered entities, business associates and private vendors of electronic health records and how to qualify for federal financial incentives for the further development of electronic health records.

IT & Technology Contract Review

We have handled complex transactions for mission-critical technology services, web applications, equipment, point of sale (POS) systems, radio frequency identification (RFID) tags, medical billing systems and electronic health records systems and software licenses, and our attorneys help our clients understand the privacy and cyber security implications of these transactions.  We work to identify the emerging legal issues and compliance requirements for our clients’ internet and e-commerce business operations and to advise our clients on practical methods to minimize privacy and data security risks.  Additionally, with the increased regulatory focus, as well as media attention, on privacy issues related to vendor management, we assist clients in negotiating specific privacy components of agreements, including those types of transactions listed above as well as payments contracts, marketing contracts, cloud services and analytics contracts.  Lastly, we often assist clients in negotiating cyber insurance policies to cover their liability for data breaches and other cyber issues.

Representative Experience