Information Privacy & Security
Our information privacy and security group has the expertise and experience to help clients understand and comply with the laws and industry standards that regulate the collection, use, sharing, protection and proper disposal of personal data.
We counsel clients regarding:
- Development of programs and policies governing storage, access, transfer, use, disclosure and disposal of information subject to state or federal privacy and security laws
- Audits of information security programs and policies
- Preparation of website privacy policies and terms of use
- Data breach response and notifications, including compliance with applicable state and federal laws
- Online and email advertising and behavioral marketing
- Guidance on foreign privacy law requirements
- Development of "Red Flags Rule" identity theft prevention programs
- Preparation and negotiation of vendor agreements involving personal information (including business associate agreements)
- Negotiation of confidentiality and non-disclosure agreements
- Information privacy and security issues and contract terms in corporate transactions
- Matters involving children's information and privacy
- Matters involving financial information and privacy
- Matters involving health information and privacy
- Preparation of privacy notices to consumers
- Development of electronic media and mobile device policies (for employee handbooks and compliance manuals)
- Training on information privacy and security
- Review of vendor policies
- Referrals for data security vendors and information technology forensics vendors
We also represent clients in litigation when necessary. Our experienced litigators assist clients with:
- Consumer protection litigation
- Electronic discovery matters related to information security and privacy legal requirements
- Data breach litigation
Confidentiality and Non-Disclosure Agreements
Represented consumer service provider and retail company in drafting and negotiating a confidentiality and non-disclosure agreement with a vendor engaged in collecting and processing consumer personal information on behalf of governmental or public entities for consumer licensing purposes.
Data Security Breach Response
Assisted businesses with evaluating and responding to data breach, including drafting notifications to affected individuals and monitoring compliance following breach.
Data Security Breach Response (Nonprofit)
Assisted an organization in analyzing a potential data security breach incident and drafted a notification letter in compliance with applicable law whose information may have been affected by the incident.
Directed Marketing and Online Services
Represented non-profit foundation in auditing and revising an online service provided to consumers, as well as the terms of use, privacy policy, and data collection, data sharing and marketing practices related to the online service for compliance with various information privacy, security and consumer protection laws and regulations.
Information Security Program Toolkit Development
Developed and drafted a comprehensive information security program toolkit for use by a financial services company client and its business partners, including business partners in the insurance industry.
Master Professional Services Agreements
Represented consulting company in negotiating master professional services agreements involving the consulting company's handling and analysis of highly sensitive, consumer financial information for its financial institution clients.
Online Advertising and Website Compliance
Represented children's products retailer in auditing and revising its website, online marketing practices, and website privacy policy and terms of use for compliance with various information privacy, security and consumer protection laws and regulations, including the Children's Online Privacy Protection Act ("COPPA").
Purchase of Websites and Online Businesses
Represented purchaser in acquiring websites and online businesses with known intellectual property issues, licensing issues and regulatory compliance issues related to information privacy, security and consumer protection matters, and assisted purchaser in correcting such issues post-closing.