Privacy and Data Security

Our privacy practice is driven by corporate lawyers, litigators and regulatory-focused lawyers. We have experience helping clients evaluate risk, avoid problems and mitigate problems.

This includes:

  • Policy development
  • Risk analysis
  • Commercial agreements for cloud, information technology, business process services and security services
  • Security incident investigation and response, including working with and responding to the FTC and state attorneys’ general
  • Security incident litigation, including class action defense
  • EU Safe Harbor certification
  • Cross-border transfers of data

Technology has made it easier to collect, analyze, share and exploit personal data, while at the same time increasing regulation and risk. Our deep experience in the technology industry, means that we have been advising in this area for years. Further, we have particular experience in advising technology service providers in connection with commercial agreements, including business associate agreements and their obligations with respect to laws governing their customers.

In the United States, the collection, use, storage, security, transfer and disposal of personal data is regulated at the Federal and state level and by numerous self-regulatory organizations.

Our experience includes:

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Gramm-Leach Bliley Act (GLBA)
  • FTC Act
  • State law analogs of the above and state security breach statutes

We also have lawyers with experience in similar issues under laws and directives of the European Union.



Publications, Speeches & Presentations