Privacy and Data Security Law

Data privacy and information security is a key concern for clients that operate in today’s business environment. Information technology is susceptible to unlawful intrusion by third parties. Appropriate safeguards of customer and employee data as well as of a business’ trade secrets and operations are of vital importance, yet navigating the legal terrain is challenging since the data privacy laws vary depending on the industry and the location of the data.

The Privacy and Information Security Law Group is an interdisciplinary group of business and litigation attorneys who are knowledgeable in both U.S. and international data privacy laws. The Group draws upon its collective experience to solve legal issues arising in connection with this fast-growing and dynamic area of law.

The Group regularly assists clients with formulating and implementing privacy policies and practices, including those required by the Gramm-Leach-Bliley Act, USA Patriot Act, Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act and the FTC's Identity Theft Red Flag Rules. 

We use a coordinated approach to risk assessments and the development of compliance solutions for our clients, drawing upon the broad experience of our Group and the firm’s industry-specific knowledge.  We believe that being proactive with respect to privacy and data security compliance obligations, and incorporating privacy by design principles where possible, will assist our clients to be responsive to government regulators’ expectations and ahead of their competition in this escalated privacy environment.

The Group’s attorneys assist with the following:

  • The development and formulation of website security and privacy statements and disclosures
  • Advertising and marketing issues, including those raised by targeted behavioral advertising
  • Issues concerning identity theft, including medical identity theft
  • Issues raised by federal computer security and trade secret statutes
  • Record retention policies and practices
  • Formulating Identity Theft Red Flag Programs and procedures
  • Employment information confidentiality
  • Education information privacy
  • Reviewing and drafting third party service provider confidentiality agreements
  • Planning for and responding to data security breaches throughout the country
  • HIPAA compliant business associate agreements and data use agreements
  • HIPAA privacy and security policies and procedures

For clients who have multinational operations, whether as an online retailer, app provider, or due to the operation of physical facilities in other countries, our attorneys regularly provide assistance with international data privacy and security issues. We assist clients with their compliance obligations under the EU General Data Protection Regulation (GDPR), the Canadian Anti-Spam Law (CASL), and Mexico’s data protection laws, among others. We also provide guidance to clients in complying with global privacy laws through the Firm’s membership in Multilaw, an international consortium of law firms.

Our clients include major utilities, telecoms, financial institutions, health care providers, insurance companies, securities firms, retailers and employers in multiple economic sectors as well as companies (both large and small) who require assistance with their legal and risk management obligations to protect the confidentiality of the personal information of their employees, clients and customers.

In the News


Legal Spotlight

Ohio's Business-Friendly approach to Cyber Security
A carrot instead of a stick: Ohio's business-friendly approach to cyber security (PDF)

Data Privacy Detective Podcast:

Data Privacy Detective on Google Play Music

Data Privacy Detective Podcast on Stitcher
Data Privacy Detective Podcast on SoundCloud

Thought Leadership

What a Difference a Year Makes: Recent Developments in Privacy Compliance and Cybersecurity- Melissa Kern and Jane Shea, November 8, 2018.

Data Ethics and Obligations: Your Data Footprint and Third-Party Data- Melissa Kern, November 1, 2018.

GDPR Fundamentals- Jane Shea, October 18, 2018.

Imported Privacy Rights: From California to the GDPR- Melissa Kern Oct. 1, 2018.

Update on Regulation CC and remote data capture technology- Melissa Kern, May 17, 2018.

GDPR Breakfast Panel- Jane Shea, April 25, 2018.

Cybersecurity Developments- Jane Shea, March 2, 2018

GDPR Basics- Jane Shea, January 30, 2018.

Hot Topics in Copyright Law- Melissa Kern, Oct. 13, 2017.

Protecting Privacy and Security in the Ed Tech Era- Melissa Kern and Jane Shea, Oct. 3 and 5, 2017.

Data Privacy and Security: U.S. Legal Framework and its Impact on Business- Jane Shea, September 14, 2017.

Cybersecurity for Small Businesses- Jane Shea, September 20, 2016.

Employee Privacy in the Electronic Workplace- Jane Shea, April 19, 2016.

OSBA Cyberlaw 2016: Technology and the Law Seminar- Melissa Kern, March 18, 2016.

Cloud Computing: You're already using it, learn how to maximize it- Melissa Kern, September 6, 2012.