Privacy and Data Security
As the online marketplace continues to grow, companies throughout the world are facing increasingly strict – and often inconsistent – regulations regarding the acquisition, use, and protection of personal information.
Our global privacy, data protection, and data security attorneys advise clients on a broad range of privacy and data protection matters, including developing and implementing privacy policies and procedures, privacy-related litigation, regulatory investigations, global compliance, cross-border data transfers, website terms and conditions, social media and other new information technologies, cybersecurity and network intrusion issues, and contractual matters involving privacy and security. We also counsel clients on compliance with regulations such as the TCPA, COPPA, HIPAA, GLBA, and Privacy Shield in the United States and the 95/46/CE Directive and GDPR on privacy and data protection and domestic implementation legislation in European countries. We advise companies in the technology, financial services, telecommunications, consumer products, e-commerce, media, professional services, and healthcare sectors, and help clients develop risk management and privacy and data use policies in compliance with state, national, and international regulatory legislation. Our attorneys conduct privacy and data security due diligence on M&A transactions, including those with cross-border components, negotiate technology license agreements, and assist with cybersecurity audits, cyber-insurance evaluations, and employee security training.
Our group includes attorneys who have achieved designation as Certified Information Privacy Professionals, including in both the U.S. and the E.U., and as a Certified Information Privacy Technologist by the International Association of Privacy Professionals as well as those with advanced degrees in computer information science and engineering. Our attorneys are tech-savvy and have an extensive understanding of privacy and data use legislation on a global scale. They are experienced in guiding clients through data breaches and any resulting litigation and internal investigations, helping them mitigate loss and unfavorable public opinion.
Compliance in the Course of Day-to-Day Business
Regularly draft and review policies and company-wide programs to ensure security and privacy compliance and online privacy policies.
Advise international groups in the U.S. and E.U. in relation to the implementation of Binding Corporate Rules.
Regularly advise companies on compliance with U.S./E.U. international data transfers.
Regularly advise companies on policies and procedures for compliance with HIPAA, privacy and security, and breach notification requirements.Read More
Data Breach Response and Management
Regularly manage data breach response and counseling for financial services software company.
Advise e-payment services provider in the E.U. in relation to data breach investigations and enquiries by credit/debit card payment networks.
Advised client on data breach issue relating to disclosure of personally identifiable information.
Represented life sciences service provider on remediation measures following a data breach.
Compliance in the Context of Litigations and Investigations
Regularly represent U.S., French, and international corporations in analyzing and resolving data privacy and security issues related to review and production of sensitive personal and corporate information in the context of cross-border internal and regulatory investigations.
Advised on compliance with data privacy laws in connection with the processing and transfer of Finnish company documents for use in U.S. litigation.
Anna Milleret-Godet spoke to L’Express about the wide-reaching effects of the General Data Protection Regulation (GDPR) in the EU.
In this C&G client alert, Guillaume Seligmann and Adeline Raut discuss the Court of Justice of the European Union’s recent decision to invalidate the Privacy Shield and detail the practical steps that can be taken by companies on both sides of the Atlantic to remain in compliance with the General Data Protection Regulation (“GDPR”) in force in Europe.
Karen H Bromberg and Marvin J Lowenthal examine the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses that handle private data. With the SHIELD Act, New York joins the growing list of states that have adopted legislation to strengthen consumer privacy protections.