Practice Areas & Industries: Greenberg Traurig, LLP


Privacy and Data Security Return to Practice Areas & Industries

Group Profile Lawyers in this Group Offices Locations for this Group

Practice/Industry Group Overview

GT’s Privacy & Data Security Initiative is a multidisciplinary group of attorneys and professionals dedicated to developing strategies to address privacy, data security and information management issues, including:


  • Privacy audits, policies and procedures
  • Data security and PCI compliance
  • Employee privacy
  • Record retention/electronic discovery
  • International/cross-border data transfer
  • Data breach readiness and response
  • Litigation and dispute resolution


Our experience encompasses the full array of legislation and regulations, including:

  • Section 5 of the Federal Trade Commission Act
  • Gramm-Leach-Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Sarbanes-Oxley Act
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Consumer Fraud and Abuse Act
  • Electronic Communications Privacy Act (ECPA)
  • CAN-SPAM Act
  • State data breach notification laws
  • Global privacy and data protection laws
  • Industry standards
  • Self-regulation

Privacy Audits, Policies and Procedures

  • Develop privacy polices, consumer notices and necessary “opt-outs” or “opt-ins,” as required by federal and state law, for national banks, investment advisors, mortgage lenders, national and regional retailers, insurance enterprise affiliates and other clients
  • Negotiate and advise clients regarding joint ventures, marketing alliances and information sharing among affiliates and unaffiliated entities

Data Security and PCI Compliance

  • Advise clients regarding data security compliance and risk management
  • Develop and implement comprehensive data security policies, procedures and training programs, including payment card industry (PCI) compliance programs
  • Evaluate obligations in outsourcing agreements and negotiate vendor and service provider agreements
  • Develop and implement identity theft programs and procedures, including the Red Flag program required by FACTA

Employee Privacy

  • Advise employers regarding privacy rights as they relate to workplace communications, such as interception of e-mail and telephone calls, and employee workspaces
  • Represent employers in employee litigation alleging invasion of privacy or violation of privacy laws
  • Develop and implement personnel policies governing protection of employee data

Record Retention/Electronic Discovery

  • Determine minimum data retention requirements
  • Develop and implement data retention policies
  • Evaluate the risk of storing data beyond legally prescribed periods
  • Counsel on and assist clients in responding to electronic discovery requests in litigation


  • Counsel clients on privacy and information security-related matters around the world (GT has offices in Amsterdam, London* and Shanghai; and a strategic alliance with the independent law firm Studio Santa Maria in Milan and Rome)
  • Counsel clients concerning privacy and data security issues under the EU Data Protection Directive and its varied implementation by EU member states
  • Counsel multinational clients on the US-EU Safe Harbor Agreement relating to the EU Directive and on compliance alternatives to the Safe Harbor, including contractual arrangements and binding corporate rules

International/Cross-Border Data Transfer

  • Working with the attorneys in our foreign offices and strategic alliance firms, advise clients regarding compliance with global data protection laws, including the EU Data Directive and U.S. Safe Harbor Program
  • Draft and negotiate contracts relating to cross-border data flow to ensure compliance with applicable local country data and security laws and regulations

Data Breach Readiness and Response

  • Develop and implement data breach contingency response programs
  • Assist clients with notifications and coordination of criminal and civil responses following a data breach

Litigation and Dispute Resolution

  • Represent clients in cases involving privacy and property rights, file sharing, the Internet, spamming, spoofing, phishing, cybersquatting and identity theft
  • Represent employers in litigation alleging invasion of privacy, wiretapping and violations of electronic communication privacy

eCommerce and Technology

  • Counsel clients on compliance with laws governing eCommerce and the Internet
  • Develop and negotiate privacy provisions in licensing agreements and other contracts and prepare privacy notices and policies

Health Care

  • Evaluate special requirements governing the collection, use and transmittal of individually identifiable health information in the health care industry
  • Counsel clients concerning the implementation of policies compliant with HIPAA, the European Union Directive on
  • Data Protection/US-EU Safe Harbor Agreement and the expanding number of state laws governing health privacy

Financial Services

  • Counsel financial service providers about GLBA privacy requirements regarding collection and use of nonpublic personal information
  • For GLBA-covered entities, design privacy notices, determine permissible disclosures and draft appropriate agreements with joint marketers and service providers

Employee Privacy

  • Employers’ obligations to properly collect, handle and use information about their employees may be overlooked, particularly by those companies with operations overseas, where the legal requirements are strict and sometimes carry criminal penalties
  • Advise employers regarding workplace communications, such as interception of e-mail and telephone calls, and employee workspaces
  • Develop and implement personnel policies governing protection of employee information
  • Represent employers in litigation alleging invasion of privacy, wiretapping and violations of electronic communication privacy

*Operates as Greenberg Traurig Maher, LLP.

Articles Authored by Lawyers at this office:

The Door to Constitutional Challenges Against SEC Administrative Proceedings May Have Just Opened Wider in the Northern District of GA
Terry R. Weiss, December 02, 2015
Last week, in Ironridge Global IV, Ltd., et al. v. SEC, No. 15-cv-2512, U.S. District Court Judge Leigh Martin May issued her third well-reasoned decision concluding that SEC Administrative Law Judges (“ALJs”) are “inferior officers” and are “likely...

SEC Adopts Regulation Crowdfunding to Facilitate Early Capital Raises
Barbara A. Jones,Ira N. Rosner,John K. Wells, November 27, 2015
On Oct. 30, 2015, the Securities and Exchange Commission (SEC) adopted Regulation Crowdfunding by a 3-1 vote. The rules were adopted despite concerns expressed in comment letters to the SEC that capital raising through crowdfunding could lead to fraudulent activities, and thereby place...

OCIE Issues New Cybersecurity Risk Alert
Richard M. Cutshall, September 24, 2015
As evidenced by releases from various Divisions within the SEC, including the Division of Investment Management’s Guidance Update No. 2015-02 released in April of this year, issues of cybersecurity continue to be a focus of the SEC. The most recent example of this focus came earlier this week...

Uncertainty Continues for the SEC’s Conflict Minerals Reporting Regime After D.C. Circuit Confirms First Amendment Violation
Barbara A. Jones, September 01, 2015
On August 18, 2015, a three-judge panel of the U.S. Court of Appeals for the D.C. Circuit in a 2-1 decision upheld its April 2014 ruling in National Association of Manufacturers (NAM), et al., v. Securities and Exchange Commission, et al., that certain portions of the disclosure requirements...

Little Known Florida Statute Affects Securities Issuers That Do Business in Cuba
Carl A. Fornaris,Yosbel A. Ibarra, July 29, 2015
While diplomatic relations between the United States and Cuba continue to normalize, issuers of securities sold in Florida should be mindful of a little-noticed but long-existing Florida statute that requires them to disclose any business activities in Cuba. Passed in 1992, Section 517.075 of the...

Introduction of the UBO Register in the European Union
Jeroen Den Dunnen, July 13, 2015
On May 20, 2015, the European Parliament adopted the fourth EU Anti-Money Laundering Directive (AMLD). The AMLD is designed to update and improve the EU’s Anti-Money Laundering and Counter-Terrorist Financing laws. Importantly, it does so by introducing the obligation for Member States to...

New SEC Cybersecurity Guidance for Investment Advisers and Fund Managers
Scott R. MacLeod, May 29, 2015
The Securities and Exchange Commission (SEC) continues to focus on cybersecurity. In April 2015, the SEC’s Division of Investment Management issued cybersecurity guidance in the form of a Guidance Update.1 The Guidance Update followed on the heels of, and was informed by, a...