The potential for a breach of data exists every time personally identifiable information is gathered, regardless of the size or financial health of your business. Collecting, storing and using data effectively while protecting the privacy of individuals is a challenge facing all businesses. Consider these four questions:
- Does your company have a written Information Security Program?
- Has your company appointed a Security Officer?
- Does your company require that all email containing personal private information be encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
- If your vendors have access to private personal information that you’ve collected and stored, do you have protections in place to reduce or eliminate exposures from unauthorized access to that information by a third party?
If the answer to any of these questions is ‘no,’ it’s time to get serious about data privacy. Let us help.
Our attorneys help clients with a full range of data privacy matters from the onset of data collection, to strategy and risk management, to establishing and enforcing policies through to administrative compliance. Our international experience spans several industries, including education, finance, healthcare, e-commerce, retail, real estate, telecommunications and more. We help clients with:
- Consumer protection
- HIPAA compliance and healthcare-related data protection
- Intellectual property
- International commerce
- Privacy and security
- Risk management
Our team has the experience to assist businesses and institutions of all types and sizes:
- Understanding privacy and data security issues/laws that might apply to a particular business
- Developing policies/procedures to comply with federal/state privacy and data security laws
- Implementing compliant document management and data retention plans
- Drafting and negotiating privacy and data security provisions in contracts (service provider contracts, vendor contracts and other types of agreements)
- Addressing privacy and data security obligations and liabilities in contracts with third-party vendors
- Risk management and cyber insurance advise and policy procurement
- Post data breach investigation, counseling and litigation
Representative Projects and Transactions
- Provided advice and litigation services to a high-end electronics retailer regarding credit card privacy and security issues and product liability matters.
- Advised a health care non-profit organization with regard to collection and management of data, copyrightable works, and other content associated with conferences, seminars, and an online knowledge center.
- Counseled retailers in connection with data privacy breach issues.
- Prepared commercial agreements, including privacy and security matters, for the deployment of telemedicine networks by a publicly traded technology company.
- Prepared privacy and other policies for digital presence of numerous national and international ventures.
- Represented Boston restaurant group in connection with a Massachusetts attorney general enforcement action based on a data privacy breach and the Commonwealth's data privacy law, G.L. c. 93H.
- Represented an online educational service provider in content development and course-load distribution agreements, including establishing a subsidiary in India.
- Represented a developer of natural language and data asset management software on matters including a $15M round of venture financing, software licensing, strategic acquisition and relationship matters and general corporate representation.
- Outside U.S. general corporate counsel to Sohu.com, a leading Chinese online media, communications, search, online gaming, and mobile value-added services company (NASDAQ-traded).
- Represented Retail Convergence, Inc., the parent company of Rue La La and SmartBargains eCommerce sites, including advice with respect to the integration of social media for its websites.
- Represented high-end clothing retailer Betsey Johnson in a wide range of corporate, finance, leasing, data security, employment, risk management and other operational matters, and in the out-of-court restructuring of its long term debt and equity, including advice on intellectual property and e-commerce matters.
- Represented academic medical centers, healthcare systems, universities, foundations and research institutes and provided advice with regard to technology and intellectual property matters, as well as with general healthcare law compliance (Anti-Kickback Statute, HIPAA, HITECH).