Click here for our Privacy Law Blog |
Organizations hold vast amounts of private personal information. As technology has advanced to facilitate compiling, transferring and sharing such information, the law has placed increasing privacy and data security obligations on information keepers. The risks of non-compliance transcend the law, and threaten serious public relations and business problems for those who do not handle personal information carefully. For more information about this practice area, contact:
The lawyers in the Privacy and Data Security Practice Group at Proskauer Rose LLP have the expertise and experience to help you understand and comply with the various laws that regulate the collection and sharing of personal data. And they can help you develop best practices that not only help with legal compliance, but also will help to identify your business as one that is genuinely concerned with personal privacy and the protection of private data.
Our Privacy and Data Security Practice is an outgrowth of our Internet, intellectual property, labor and employment, health law, First Amendment, international law and litigation practices. Indicative of our Firm's experience and reputation in this relatively new field of law is the fact that the venerable Practising Law Institute (PLI) asked our Firm to create its first-ever treatise on the subject of privacy and data security law, called "Proskauer on Privacy," which was published later in 2006.
Privacy and Data Security Compliance Advice
Privacy and data security are regulated at the international, federal, state and even local levels. Proskauer advises clients on all aspects of compliance, ranging from the EU Privacy Directive (and the related Safe Harbor and model contracts for U.S. entities), to federal laws (such as HIPAA, Gramm-Leach-Bliley, the Electronic Communications Privacy Act, and Section 5 of the FTC Act), to the various state laws (including especially California, whose laws regulate broadly and widely). One of our leading services is a "Privacy and Data Security Law Audit" which helps clients to identify what private information they are collecting, how it is being handled, and what laws govern its treatment. Based on our review, we help our clients to craft appropriate policies, training protocols, contract clauses (including, especially, regarding outsourcing) and security measures. More generally, we regularly advise clients on their online data collection practices, and help prepare (and ensure compliance with) website privacy policies.
Privacy at the Workplace
A logical outgrowth of our preeminent Labor and Employment Law Practice, for which the Firm has been renown for generations, is our workplace privacy focus. We assist clients in the creation of personnel practices to protect personal and sensitive data (such as e-mail, Web usage, and telephone rules). We also counsel on the legal availability and methodology of employee monitoring and substance-testing. And we regularly are consulted on issues such as security of information during a termination, the information that can be shared about employees during or after their employment, and on personnel records retention matters.
Data Security Breach Notification Laws
Following the implementation of the California security breach notification law in 2003, dozens of jurisdictions have followed suit and have enacted detailed requirements for notification to consumers and regulators when the security of personal data is or may have been compromised. Proskauer has been involved with dozens of episodes implicating these new laws, and our lawyers in this area are conversant with the many (and differing) details of these laws. We also have experience with the notification obligations under the Security Rule of Gramm-Leach-Bliley.
Commercial Speech and Privacy
As organizations depend more and more on e-mail and other electronic communications to advertise and publicize, they need to understand and comply with the various relevant laws, such as the federal CAN-SPAM Act. Lawyers in our practice group advise on issues such as mass e-mail marketing, the use and sale of lists, the rules on sweepstakes and contests, and common law rights of publicity.
International Legal Requirements
The European Union Data Protection Directive and the laws passed by member states under it means that Europe has the most comprehensive regime of privacy and data security laws. Other countries, including Argentina, Canada and Japan also have enacted privacy legislation. For companies doing business in these countries, or simply receiving data from them, the privacy laws have implications. The issues range from the treatment and handling of employee information to electronic commerce. We assist organizations in establishing the legal and technological framework to comply, and to ensure continued data flows.
Litigation
The voluntary disclosure of private information, or a security breach leading to the disclosure of private information, may mean that litigation will follow. Plaintiffs and regulators may claim that privacy promises were not kept, that data security practices were unfair, or that common law torts were committed. There also may be allegations of statutory violations under the various laws dealing with privacy, especially electronic privacy. Proskauer represents clients in these various kinds of privacy and data security litigation. We combine our skills as experienced and practical litigators with our substantive knowledge of the privacy and data security law.
Representative Industry Segments Served by the Practice Group
Our training and experience allows us to help virtually any business with its privacy and data security legal compliance. We have had special concentration recently with these industry segments:
Financial Services
Self-Regulatory Organizations
Health Care
Airlines
Consumer Products
Consumer Services
Professional Services
Communications
Media and Entertainment
|
