Privacy and Information Security Law

Data privacy and information security is a key concern for clients that operate in today’s business environment. Information technology is susceptible to unlawful intrusion by third parties. Appropriate safeguards of customer and employee data as well as of a business’ trade secrets and operations are of vital importance, yet navigating the legal terrain is challenging since the data privacy laws vary depending on the industry and the location of the data.

The Privacy and Information Security Law Group is an interdisciplinary group of business and litigation attorneys who are knowledgeable in both U.S. and international data privacy laws. The Group draws upon its collective experience to solve legal issues arising in connection with this fast-growing and dynamic area of law.

The Group regularly assists clients with formulating and implementing privacy policies and practices, including those required by the Gramm-Leach-Bliley Act, USA Patriot Act, Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act and the FTC's Identity Theft Red Flag Rules. 

We use a coordinated approach to risk assessments and the development of compliance solutions for our clients, drawing upon the broad experience of our Group and the firm’s industry-specific knowledge.  We believe that being proactive with respect to privacy and data security compliance obligations, and incorporating privacy by design principles where possible, will assist our clients to be responsive to government regulators’ expectations and ahead of their competition in this escalated privacy environment.

The Group’s attorneys assist with the following:

  • The development and formulation of website security and privacy statements and disclosures
  • Advertising and marketing issues, including those raised by targeted behavioral advertising
  • Issues concerning identity theft, including medical identity theft
  • Issues raised by federal computer security and trade secret statutes
  • Record retention policies and practices
  • Formulating Identity Theft Red Flag Programs and procedures
  • Employment information confidentiality
  • Education information privacy
  • Reviewing and drafting third party service provider confidentiality agreements
  • Planning for and responding to data security breaches throughout the country
  • HIPAA compliant business associate agreements and data use agreements
  • HIPAA privacy and security policies and procedures

For clients who have multinational operations, our attorneys provide assistance with international data privacy issues, whether assisting with the European Union Data Privacy Directive requirements in connection with cross-border data transfer or the U.S. Department of Commerce Safe Harbor self-certification or obtaining legal assistance in other countries through the firm’s membership in Multilaw.

Our clients include major utilities, telecoms, financial institutions, health care providers, insurance companies, securities firms, retailers and employers in multiple economic sectors as well as companies (both large and small) who require assistance with their legal and risk management obligations to protect the confidentiality of the personal information of their employees, clients and customers.

In the News


Legal Spotlight

Data Privacy Detective Podcast:

Data Privacy Detective on Google Play Music

Data Privacy Detective Podcast on Stitcher
Data Privacy Detective Podcast on SoundCloud

Don't forget to subscribe to get the latest episodes, and share with your colleagues!