Privacy, Data Security & Information Use
Valuable Insight & International Reach
Our data privacy lawyers have deep experience across the many fields of law and business that intersect with data-protection imperatives in the United States, the European Union, and throughout the world. The Pillsbury team is regularly engaged in cutting-edge issues with lawmakers, enforcers and industry groups, sharing keen insight to help clients better understand fast-changing new laws, regulatory proposals and evolving areas of risk.
Our team works with clients across multiple jurisdictions, advising on compliance reviews, developing customized policies and procedures, offering guidance on international data flow, handling domestic notifications/ registrations and aiding in data security breach preparedness and response. Our scope is tailored to the geographic needs of the client, with services that can be scaled from business in a single state or country to the pan-EU, and the wider, global patchwork of international privacy laws.
Counseling. We advise clients in a wide range of industries on data security and privacy issues that arise in transactional, regulatory, litigation-related and other advisory contexts.
Data Security Breach Prevention and Response. We engage with clients in proactive planning to reduce the risk and consequences of security breaches, and we have deep experience in helping clients investigate and address security breaches when they do occur.
Cyber Insurance. We counsel clients on planning and use of insurance in the data protection space. Specifically, our firm’s experience in guiding companies large and small through the process of obtaining coverage for online perils is unparalleled. So too is the track record of our Insurance Recovery and Advisory practice, an integral element of the Privacy, Data Security and Information Use group, in winning battles with insurers over cyber coverage.
“Big Data.” We help clients make the most of services such as online and mobile targeted advertising and consumer profiling, location-based technologies, and “club card” data capture programs, so that clients can comply with existing regulations and anticipate new rules from regulatory entities worldwide.
Fields of Experience
Our privacy and data security attorneys include litigators, transactional lawyers, and legislative and regulatory strategists with decades of relevant experience. Among the many subjects they regularly address on behalf of clients with privacy- and data-driven needs are:
- Cross-border transfer of personal data and use of Binding Corporate Rules, Model Contract Clauses, U.S. Safe Harbor and other mechanisms to ensure such transfers are compliant with stringent European regulations, in particular, and other similar legislation around the world.
- State and federal regulations in the United States, including the Identity Theft Red Flag Regulations, HIPAA and COPPA.
- Key changes in the European Union such as the judicial overturning of the Data Retention Directive and the forthcoming General Data Protection Regulation, which is intended to supplant the Data Protection Directive.
- “Privacy by Design” audits – working closely with clients to devise a strategy to meet changing laws throughout the world.
- Proactive planning to reduce the risk and consequences of security breaches.
- Handled high-profile data security breaches for large financial institutions, healthcare entities, a major airline and a national hotel operator, among other clients.
- Counseled clients facing hacker attacks, data theft, unauthorized data disclosure by vendors and other data-oriented threats and crises.
- Handled employee data privacy matters for pharmaceutical companies in more than 40 countries.
- Represented a US-headquartered, international business in securing EU approval of its Binding Corporate Rules (BCRs) – the gold star standard when transferring data internationally in light of new EU regulatory changes.
- Represented many clients – including one of the world’s leading professional services organizations, a global credit card and payment services company, an internationally renowned network of hospitals and clinics, a national health plan management company, a biopharmaceutical company, and a leading medical claims processing company, among others – in structuring and negotiating the terms of their cyber insurance programs.
- Represented a health care company in harmonizing privacy policies across business units in the wake of a major acquisition. Pillsbury worked with HR directors in 12 countries to chart current procedures and local legal requirements, creating one master data protection plan and one master data transfer plan for worldwide use.
- Helped a major global electronics firm with a privacy audit and compliance issues related to emerging privacy concerns around the “Internet of Things.”
- Assisted a national retailer in connection with a denial-of-service cyberattack that happened during the peak holiday shopping season, advising the client on data breach issues arising from the attack and securing insurance coverage for costs stemming from the incident.
- Represented a global executive search firm in connection with issues relating to cross-border flows of candidate information.
- Advised a globally prominent game maker on privacy and data security issues related to virtual goods and virtual currencies.
- Representing Sony Pictures on insurance issues related to the November 2014 cyberattack on its network and IT infrastructure.
- Represented Sony on insurance claims arising out of attacks on its online gaming networks in 2011.
- Ranked by Chambers Global as a leading Privacy & Data Security practice (2015).
- Ranked by Chambers USA as a leading Privacy & Data Security practice (2014).
- Ranked by Legal 500 US for Cyber Crime (top tier) and Data Protection & Privacy (2015).
- Nine Privacy, Data Security & Information Use attorneys recognized by Legal 500 US (2014).