Practice Areas & Industries: Fredrikson & Byron, P.A.

Practice/Industry Group Overview

Changing technology, public concern, and expanding government regulations make privacy a critical issue for businesses of all sizes and in all industries.

"We help our clients determine how their operations might be affected by privacy laws and work with them to solve problems and manage risk."

Privacy Practice at Fredrikson & Byron

Privacy concerns are triggered any time a business collects or has access to confidential information about its customers, prospects, business partners or employees. Security and privacy policies should also be in place to protect a business's own trade secrets and other sensitive data from competitors, disgruntled employees and hackers.

Privacy law is important at Fredrikson & Byron; our Privacy Group works with clients in scores of industries to solve their problems. Fredrikson & Byron attorneys practicing privacy law bring knowledge and experience from a wide range of legal fields and industry sectors including: healthcare, banking and finance, e-commerce, employment, international law, technology, intellectual property, securities and others. We work continually to stay on top of this ever-changing body of regulation, monitoring pending legislation at the federal and state levels and even testifying in front of government bodies (for example, Karen Grandstrand recently testified for the Minnesota State Legislature on the way federal privacy laws affect financial institutions). Our core Privacy Group meets weekly to discuss recent developments (legal, technological, societal) and challenging cases. We are frequent speakers at industry and client group events. Our privacy lawyers are published and quoted in general news and professional publications.

It's important for businesses to take an active approach to privacy concerns; we help our clients determine how their operations might be affected and work with them to solve problems and manage risk. In addition to counseling on compliance matters, we assist clients in responding to government inquiries and investigations, as well as litigation.

Services Available

Fredrikson & Byron's services include:

• Developing privacy policies and terms and conditions for websites
• Conducting privacy audits for compliance with federal and state privacy regulations
• Consulting on privacy aspects of online banking
• Developing data retention and destruction policies
• Assisting with applications for privacy certification programs
• Litigating cybersquatting claims
• Responding to on-line defamation matters
• Advising on Children's Privacy law and compliance matters
• Drafting and litigating non-disclosure confidentiality agreements
• Counseling on Internet and computer insurance policies
• Developing policies and procedures to protect confidential and trade secret data
• Responding to computer attacks including hacking and spam
• Assisting financial service organizations with Gramm-Leach-Bliley Act compliance issues
• Negotiating and reviewing contracts with vendors and affiliates
• Drafting chain of trust agreements
• Advising clients on compliance with the Fair Credit Reporting Act
• Advising healthcare institutions on HIPAA compliance matters
• Counseling on financial security programs
• Assisting businesses to comply with the European Data Privacy Directive
• Advising on employee email and Internet use policies
• Responding to employee computer abuse and espionage

In the last few years, new legislation has been adopted at the federal level, including:

The Gramm-Leach-Bliley Act (GLBA)

This act contains the "Disclosure of Nonpublic Personal Information" law. This law limits the instances in which a financial institution may disclose nonpublic personal information about a consumer to nonaffiliated third parties. It also requires a financial institution to disclose privacy policies and practices with respect to information sharing with both affiliates and nonaffiliated third parties to all of its customers. The law affects financial institutions as well as companies that contract with financial institutions. Article

Children's Online Privacy Protection Act (COPPA)

This law affects businesses with websites directed toward children or that collect information from children under 13. Compliance strategies range from tailoring the types of information collected to obtaining parental consent and adopting specific privacy policies and practices. Article

Health Insurance Portability and Accountability Act (HIPAA)

These regulations address the confidentiality of healthcare information and impose several new obligations on healthcare providers. They apply to providers who transmit any patient information electronically as well as "business associates" of healthcare entities. They're designed to protect "individually identifiable healthcare information," which is information that relates to a person's past, present or future health treatment and could reasonably identify that person. Article

The EU's Directive on the Protection of Individuals With Regard to the Processing of Personal Data and the Free Movement of Such Data (the "Directive")

The Directive prohibits member states from transmitting personal data to third countries unless they provide "adequate protection" for the privacy of such data. In response to the directive, the U.S. Department of Commerce negotiated with the EU to create seven "safe harbor" principles that provide a presumption of "adequate protection."

State Law

Privacy law varies from state to state. A host of state legislation addressing topics from employment to e-commerce is taking shape in states across the U.S. Numerous privacy areas, such as drug testing, are governed by specific statutes.