Baker Botts recognizes that privacy and data-protection issues are a concern for all companies that store or process customer, third party or employee data, including names, addresses, social security numbers, account numbers, spending history, driver's records, sales transactions or other sensitive or personal information. Federal and state laws in the United States and laws and regulations of many non-U.S. jurisdictions relating to these issues are constantly changing, and the growth in technology available to transfer, manipulate, process and access data shows no sign of abating. It is therefore imperative that companies take positive steps to ensure they comply with all applicable privacy laws and protect the data they hold. Baker Botts' lawyers are experienced in data privacy issues and help companies by advising on privacy law compliance, conducting privacy audits, creating privacy and security plans, representing clients in Federal Trade Commission and state and other regulatory investigations as well as in litigation arising from privacy law claims such as mass security breach and identity theft matters.

With email and the internet permitting the global transfer of data containing private information, a global understanding of privacy law is essential to ensure global compliance with laws, to allow companies to make best use of different privacy requirements around the globe and to remedy breaches of data protection laws effectively.

Baker Botts has substantial transactional, compliance and litigation experience regarding all types of information, whether consumer, commercial or employee data. Our attorneys have worked in the area for many years, helping clients navigate the applicable statutes and agency rules, and resolving disputes that arise relating to alleged breaches of privacy law. Our attorneys also frequently speak and write on the topic.

Transactional and compliance
With a strong knowledge of the relevant legal requirements for information security, Baker Botts lawyers are able to conduct due diligence on privacy and data security issues in connection with M&A and other material transactions. More than a few transactions have been complicated by issues regarding the transfer of individually identifiable information. We also regularly assist companies in developing policies and procedures regarding the collection, use, storage, disclosure, and disposal of information, as well as unauthorized access to information. We also regularly help purchasers and sellers of services define data privacy obligations and allocate risk.

Baker Botts lawyers are prepared to lead or assist privacy audits, including use of the FTC Safeguards Rules and Payment Card Industry Data Security Standards (PCI). We understand the steps necessary for a fully compliant audit including: identifying the consumer information held, assessing the retention and protection of such information, identifying vulnerabilities, and helping to resolve risk areas.

Our lawyers have experience with global personnel data protection and privacy compliance efforts. For example, our partner Dennis Duffy had responsibility for all employee-data-security issues, including coordination of the company's global response to data breach incidents, while serving as Vice President and Associate General Counsel for Labor and Employment at Time Warner Inc.

Litigation
Our attorneys handle individual and large-scale class action lawsuits on issues including privacy, identity theft, consumer transactions, Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act (FACTA), and PCI (among other state and federal laws) compliance. We know the courtroom aspects of privacy litigation and we have navigated class actions and individual lawsuits dealing with the compromise or loss of private information. We also have litigation experience with the technology, systems, policies and procedures necessary to meet the strict compliance standards for protection of private data.

In the event of a breach of protected personal information, we are able to assist clients with a rapid and appropriate response and to advise on all issues arising from it.

International Privacy Issues
Baker Botts' understanding of privacy law issues is also global in nature. We have a global team of privacy lawyers who work together to develop their understanding of privacy laws worldwide. As a result we are able to assist clients in addressing privacy and data security issues on a global basis.

Our worldwide experience includes advising on the impact of European Union laws, in particular the significant restrictions on processing personal data contained in Directive 95/46/EC on the protection of personal data, incorporated into the laws of each of the EU member States (for example by the Data Protection Act 1998 in the United Kingdom). Our lawyers also understand and have dealt with the challenges presented by European Convention on Human Rights and the conflicting rights to privacy and freedom of expression contained in Articles 8 and 10 respectively.

Our lawyers have experience in defending and prosecuting claims for breach of confidence and other causes of action arising from alleged misuse of private information. We also have experience in dealing with investigations undertaken by regulators in this area of data protection and privacy. Our lawyers have also advised on the export and cross border transfer of data and issues relating to whistleblowing.