Practice Areas & Industries: Greenberg Traurig, LLP


Privacy and Data Security Return to Practice Areas & Industries

Group Profile Lawyers in this Group Offices Locations for this Group

Practice/Industry Group Overview

GT’s Privacy & Data Security Initiative is a multidisciplinary group of attorneys and professionals dedicated to developing strategies to address privacy, data security and information management issues, including:


  • Privacy audits, policies and procedures
  • Data security and PCI compliance
  • Employee privacy
  • Record retention/electronic discovery
  • International/cross-border data transfer
  • Data breach readiness and response
  • Litigation and dispute resolution


Our experience encompasses the full array of legislation and regulations, including:

  • Section 5 of the Federal Trade Commission Act
  • Gramm-Leach-Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Sarbanes-Oxley Act
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Consumer Fraud and Abuse Act
  • Electronic Communications Privacy Act (ECPA)
  • CAN-SPAM Act
  • State data breach notification laws
  • Global privacy and data protection laws
  • Industry standards
  • Self-regulation

Privacy Audits, Policies and Procedures

  • Develop privacy polices, consumer notices and necessary “opt-outs” or “opt-ins,” as required by federal and state law, for national banks, investment advisors, mortgage lenders, national and regional retailers, insurance enterprise affiliates and other clients
  • Negotiate and advise clients regarding joint ventures, marketing alliances and information sharing among affiliates and unaffiliated entities

Data Security and PCI Compliance

  • Advise clients regarding data security compliance and risk management
  • Develop and implement comprehensive data security policies, procedures and training programs, including payment card industry (PCI) compliance programs
  • Evaluate obligations in outsourcing agreements and negotiate vendor and service provider agreements
  • Develop and implement identity theft programs and procedures, including the Red Flag program required by FACTA

Employee Privacy

  • Advise employers regarding privacy rights as they relate to workplace communications, such as interception of e-mail and telephone calls, and employee workspaces
  • Represent employers in employee litigation alleging invasion of privacy or violation of privacy laws
  • Develop and implement personnel policies governing protection of employee data

Record Retention/Electronic Discovery

  • Determine minimum data retention requirements
  • Develop and implement data retention policies
  • Evaluate the risk of storing data beyond legally prescribed periods
  • Counsel on and assist clients in responding to electronic discovery requests in litigation


  • Counsel clients on privacy and information security-related matters around the world (GT has offices in Amsterdam, London* and Shanghai; and a strategic alliance with the independent law firm Studio Santa Maria in Milan and Rome)
  • Counsel clients concerning privacy and data security issues under the EU Data Protection Directive and its varied implementation by EU member states
  • Counsel multinational clients on the US-EU Safe Harbor Agreement relating to the EU Directive and on compliance alternatives to the Safe Harbor, including contractual arrangements and binding corporate rules

International/Cross-Border Data Transfer

  • Working with the attorneys in our foreign offices and strategic alliance firms, advise clients regarding compliance with global data protection laws, including the EU Data Directive and U.S. Safe Harbor Program
  • Draft and negotiate contracts relating to cross-border data flow to ensure compliance with applicable local country data and security laws and regulations

Data Breach Readiness and Response

  • Develop and implement data breach contingency response programs
  • Assist clients with notifications and coordination of criminal and civil responses following a data breach

Litigation and Dispute Resolution

  • Represent clients in cases involving privacy and property rights, file sharing, the Internet, spamming, spoofing, phishing, cybersquatting and identity theft
  • Represent employers in litigation alleging invasion of privacy, wiretapping and violations of electronic communication privacy

eCommerce and Technology

  • Counsel clients on compliance with laws governing eCommerce and the Internet
  • Develop and negotiate privacy provisions in licensing agreements and other contracts and prepare privacy notices and policies

Health Care

  • Evaluate special requirements governing the collection, use and transmittal of individually identifiable health information in the health care industry
  • Counsel clients concerning the implementation of policies compliant with HIPAA, the European Union Directive on
  • Data Protection/US-EU Safe Harbor Agreement and the expanding number of state laws governing health privacy

Financial Services

  • Counsel financial service providers about GLBA privacy requirements regarding collection and use of nonpublic personal information
  • For GLBA-covered entities, design privacy notices, determine permissible disclosures and draft appropriate agreements with joint marketers and service providers

Employee Privacy

  • Employers’ obligations to properly collect, handle and use information about their employees may be overlooked, particularly by those companies with operations overseas, where the legal requirements are strict and sometimes carry criminal penalties
  • Advise employers regarding workplace communications, such as interception of e-mail and telephone calls, and employee workspaces
  • Develop and implement personnel policies governing protection of employee information
  • Represent employers in litigation alleging invasion of privacy, wiretapping and violations of electronic communication privacy

*Operates as Greenberg Traurig Maher, LLP.