Personal Data Transfers from the European Economic Area: Binding Corporate Rules Emerge as Increasingly Attractive Option
National Cybersecurity Framework Released – Has Your Organization Considered the Implications?
U.K. Court of Appeal’s Award of Compensation for Distress to an Individual Following a Breach of the Data Protection Act: Opening the Floodgates for Claims by Individuals?
California Legislature Focuses on Privacy Concerns in 2013
Skyrocketing Cybercrime Costs Result in Increased Legal Work
Privacy, Data Security & Information Use
Recognized by Chambers Global and Legal 500 as one of the world’s foremost practices, Pillsbury’s Privacy, Data Security & Information Use lawyers regularly work with companies around the globe to address the full range of privacy requirements, needs and issues in a way that balances clients’ thorough compliance with the flexibility to conduct and expand their businesses.Valuable Insight and International Reach
With data privacy lawyers who are ranked as “leaders in the field” in the United States and the European Union, the Pillsbury team is regularly engaged in cutting-edge issues with lawmakers, enforcers and industry groups, sharing valuable insight to help clients better understand fast-changing new laws and fines, regulatory proposals, and changing areas of risk.
Among the industry groups that our lawyers are active in include the National Retail Association, the Direct Marketing Association, and the NACHA Council for Electronic Billing and Payment (including the Internet and Cross Border working groups) in the United States; the British American Business Law Forum and the Advertising Law Group in the UK.
Our team also works with clients across multiple jurisdictions, advising on full compliance reviews, developing customized policies and procedures, advising on international data flow, handling domestic notifications and registrations, and advising on data security breach preparedness and response. Our scope is tailored to the geographic needs of the client, with services that can be scaled from business in a single state or country to the pan-EU and wider patchwork of international privacy laws.Our Services
Pillsbury’s Privacy, Data Security & Information Use team regularly advises clients in a wide range of industries, including retail, media, technology, financial services, manufacturing and health care, on a broad range of privacy, data security and information use issues, including, but not limited to:
- Advising on cross-border transfer of personal data and use of Binding Corporate Rules, Model Contract Clauses, U.S. Safe Harbor and other mechanisms to ensure such transfers are adequately safeguarded and compliant with stringent European regulations, in particular.
- Advising on state and federal regulations in the United States, including the Identity Theft Red Flag Regulations, HIPAA and COPPA.
- Advising on key changes in Europe such as updates to the E-Privacy Directive and major changes proposed by the EU Commission to the Data Protection Directive.
- Devising “Privacy by Design” audits – working closely with clients to devise a strategy to meet changing laws throughout the world.
- Proactive planning to reduce the risk and consequences of security breaches.
- Identifying restrictions on the collection and use of customer, employee and vendor information.
- Providing advice on disclosures, notices, opt-ins and opt-outs related to the collection and use of personally identifiable information.
- Advising on changes and differing international interpretations as to what is acceptable “consent”.
- Establishing and training on compliance programs and audits.
- Prioritizing compliance resources.
- Preparing contract provisions.
- Advising on storage, safeguarding, loss and retention of personal data.
- Representing clients in litigation arising from privacy issues.
- Developing document retention and electronic discovery policies.
- Developing other key policies related to privacy, such as website policies and internal employee policies for data handling, security and whistleblowing.
- Reviewing industry standards on data security and information management.
- Providing legislative solutions and advocacy.
- Responding to regulatory and enforcement investigations and inquiries and advising on offences and prosecutions.
- Assisting with marketing, data modeling and the sale of data.
- Establishing data protection policies and procedures (including associated intellectual property rights).
- Identifying data considerations in outsourcing transactions.
- Advising on all aspects of e-marketing, social media and digital advertising campaigns.
- Advising on customer profiling, tracking, geo-location, viral and behavioral marketing.
Security Breach Prevention and Response
One particular focus of our practice is security breach prevention and response. Pillsbury helps clients to develop and implement effective breach response policies and procedures and to enhance existing response programs. We have helped clients investigate, assess and address security breaches in which information on millions of individuals was at risk in cases of both deliberate breaches resulting from electronic attacks or dishonest employees, and inadvertent breaches resulting from software misconfiguration or hardware disposal.
When a breach occurs, we develop a rapid and thorough response, often coordinating several parties in parallel. We work with technical experts to restore system security, regulators and law enforcement on criminal investigations and prosecutions, security consultants conducting forensic reviews, and public relations firms on needed disclosures.
We counsel on post-breach activities such as:
- Planning and implementing communication strategies for disclosing breaches to regulatory agencies and affected consumers.
- Providing access to credit monitoring solutions and establishing websites and call centers for affected individuals to contact for information and assistance.
- Conducting “post-mortem” assessments to confirm the root cause(s) of a breach and develop and implement remediation plans to prevent similar breaches from reoccurring.
Data Protection Counseling
Our clients rely on us to develop, augment and update data protection and security policies and procedures to comply with the ever-expanding obligations imposed by government regulators, changing laws and industry groups. This includes:
- Responding to payment card industry (PCI) audits.
- Developing incident response policies.
- Providing training sessions.
- Auditing for and complying with state and federal statutes that address the collection, use, sharing and protection of personal information.
- Working jointly with consulting companies and other international law firms as appropriate to address specific regulatory issues in international jurisdictions.
- Reviewing the privacy practices of acquisition or merger targets to achieve a smooth transition of customer data.
Businesses are increasingly recognizing that their data is an asset and are looking for innovative ways in which to capitalize on the full value of that asset. Pillsbury lawyers advise on services such as online and mobile targeted advertising and consumer profiling, location-based technologies and “club card” data capture programs, so that clients can comply with existing regulations and anticipate new rules from entities such as the U.S. Federal Trade Commission and Federal Communications Commission, the UK Information Commissioner’s Office, French CNIL, Dutch CBP, and other data protection authorities.
We offer comprehensive services, including:
- Developing an intellectual property strategy that protects the value of a company’s data and information.
- Negotiating, documenting, securing and litigating publication rights and association agreements.
- Negotiating commercial arrangements to recover value from data and information, including complex licensing structures.
- Navigating the array of industry advertising requirements and restrictions.
- Monitoring comparative and false advertising decisions of key regulators and authorities.
- Representing clients in defending and bringing advertising claims.
Our Privacy, Data Security & Information Use lawyers work in close collaboration with other Pillsbury teams, such as our:
- Financial Services industry team, which advises on state and federal regulatory restrictions on the collection and use of personal information by financial services companies.
- Social Media & Games team – lawyers with e-commerce experience who understand that restrictions on the collection and use of personal information, particularly from children.
- Communications group, which counsels on privacy issues in telecommunications, electronic surveillance, monitoring and data retention, including the Wire and Electronic Communications Interception and Interception of Oral Communications Act and similar laws throughout the world.
- Global Sourcing group, which advises on restrictions and requirements for domestic and international outsourcing arrangements.
- Intellectual Property group, which assists with strategies to protect the value of proprietary data.
- Restaurant, Food & Beverage and Consumer & Retail teams, which assist consumer-facing retailers on compliant data collection and use procedures.