Our Privacy and Data Security attorneys help clients navigate the many laws designed to safeguard health, financial, and other private information. We counsel on compliance, data mining, online marketing, and mobile privacy, and we help clients respond to security breaches.


Compliance demands more than familiarity with existing laws and administrative guidance. It requires attention to ongoing legislative efforts and consumer privacy advocate positions to ensure that policies and procedures remain current. We help clients comply at the local, state, and federal levels, as well as with Canadian and European Union regulations.

Data Breach and Security

Cloud computing and an increasing reliance upon the digital universe present ever-greater security challenges. Efforts to safeguard consumer information have intensified and new laws governing data breaches have been passed in almost every state. Our attorneys routinely track regulatory and legislative initiatives and assist in reviewing, revising, and creating internal data security policies that ensure compliance and repel breaches. Should a data breach occur, we notify and respond to state, federal, and European regulators—including in litigation, when necessary—and help mitigate any damage caused by the breach.

Medical and Health-Related Privacy

The federal Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) have redefined the privacy landscape in the health and medical sectors. Penalties have dramatically increased and breach notification is now mandatory. Most states have followed suit. We assist health care plans, providers, vendors, and research institutions in navigating these complex laws and in implementing policies and procedures, including training, to ensure HITECH and state law compliance. In cases of suspected breaches, we conduct internal investigations to determine if a breach has occurred and, if so, whether it is subject to HITECH and state rules and notification requirements.

Financial Institutions and Privacy

We advise financial institutions across the country on compliance with increasingly complex privacy laws. Our experience ranges from the Fair Credit Reporting Act (FCRA) and FACT Act to Gramm-Leach-Bliley privacy and data security concerns, as well as regulations under the Dodd-Frank Wall Street Reform and Consumer Protection Act. Our attorneys assist with drafting and implementing policies and procedures to ensure legal compliance and, where applicable, adherence to the Payment Card Industry Data Security Standard (PCI DSS). We also represent clients in state attorneys general investigations into privacy practices, and we defend suppliers of credit information and creditors that obtain or use credit bureau consumer reports from claims arising under the FCRA and state laws.

Online Marketing and Privacy

In today's world, businesses cannot afford to forgo online marketing, including social media. We assist clients in compliance with Federal Trade Commission guidance on online marketing and privacy, the CAN-SPAM Act, the Children's Online Privacy Protection Act, the Restore Online Shoppers' Confidence Act, and other privacy laws and guidelines, including for direct marketing.

We assist in designing Internet and mobile privacy policies that address behavioral marketing techniques and the use of geo-location for marketing purposes. We also review, revise, and create privacy policies applicable to the non-Internet collection of consumer-focused data, such as for telemarketing, to ensure compliance with the Telephone Consumer Protection Act (the FTC’s Telemarketing Sales Rule) and the Truth in Caller ID Act. Our attorneys are also experienced in advising on pending privacy legislation and regulation and mitigating privacy risks in light of such legislative and regulatory concern.