Practice Areas & Industries: Husch Blackwell LLP


Privacy & Data Security Return to Practice Areas & Industries

Group Profile Lawyers in this Group Offices Locations for this Group

Practice/Industry Group Overview

Businesses increasingly rely on confidential information for competitive advantage in the marketplace and superior customer service capabilities. Privacy and data security laws reach all businesses that collect, use, or distribute confidential information. Identity theft and data breach issues make information privacy and data security a top business priority.

Our Information Governance Group provides companies with a complete perspective of the current legal landscape for privacy and data security. We work with companies across a wide range of industries to review and implement privacy and data security practices and policies, whether required by law or recommended by "best practices."

Privacy & Data Security Compliance Programs

Privacy and data security issues form a complex web of international, federal, state and local laws or regulations. We assist companies in developing and implementing compliance and safeguards programs in:

Privacy and data security issues form a complex web of international, federal, state and local laws or regulations. We assist companies in developing and implementing compliance and safeguards programs in:

  • Cable Communications Policy Act 
  • California Civil Code 
  • Children’s Online Privacy Protection Act 
  • Electronic Communications Privacy Act 
  • Electronic Funds Transfer Act 
  • EU Privacy Directive 
  • Fair and Accurate Credit Transactions Act (FACT Act) 
  • Fair Credit Reporting Act (FCRA) 
  • Freedom of Information Act 
  • Gramm-Leach-Bliley Act (GLB) 
  • Health Insurance Portability and Accountability Act (HIPAA) 
  • Health Information Technology for Economic and Clinical Health (HITECH) 
  • SEC Regulation S-P 
  • Stored Communications Act

Risk Assessment and Management

One essential service we provide is a comprehensive "Information Management and Technology Risk Assessment" to identify information storage systems and the associated risks of disclosure or breach of the security structures. With this in-depth analysis, we collaborate with our clients to create enterprise privacy policies and procedures, training programs, and vendor contract provisions addressing privacy concerns. In addition, we provide prospective guidance on data collection practices and the use of information in the business enterprise.

Data Breach Notification and Crisis Management

Most state legislatures have passed data breach notification laws requiring notice to customers and administrative agencies when the security measures or structures for protecting personal, private information have been breached or compromised. In some instances, the mere possibility of breach triggers reporting requirements. The potential misuse of personal identifying information by unauthorized third parties requires an immediate and counseled response. Data breach is not just a technical or operational issue. Rather, dealing with a data security issue needs assistance from Husch Blackwell attorneys who are also experienced in public relations, governmental affairs, and on-the-record discussions with regulators.

Privacy Issues in Litigation

Disclosure of private information by malicious security breach, inadvertent disclosure, or voluntary production often leads to litigation. The claims may be based upon common law torts or per se violations of privacy statutes. The cases may also stem from regulators seeking to address the promises of stated privacy policies, the fairness of information collection and use by the business, or adherence to the relevant privacy rules and regulations. In these instances, we combine our technical knowledge of the privacy laws with the immense resources of our litigation teams to fully address our clients’ litigation needs arising out of data security events.

In addition, privacy issues can arise in other aspects of general commercial litigation. With the explosion in electronic discovery, businesses often face the difficult question of whether they can produce—either voluntarily or compelled—confidential or private information relating to individuals. Thus, even in litigation that is not based upon an alleged privacy violation, clients need to have the resources of both commercial litigators and experienced privacy professionals at hand.

Complementary Expertise and Experience

The Information Governance Group includes attorneys with diverse backgrounds and professional experiences. We have expertise in complementary practice areas including intellectual property, litigation, labor & employment, governmental affairs, and corporate transactions. Likewise, the practice group has experience in all industries that rely on sensitive information such as:

  • Advertising and marketing 
  • Cable/satellite services 
  • Commercial creditors/lenders 
  • Financial services 
  • Healthcare institutions 
  • International business operations 
  • Internet service providers 
  • Retailers 
  • Schools and universities 
  • Telecommunications 
  • Utilities

Workplace Privacy

We work with our clients to create a culture of privacy in personnel procedures to protect personal and confidential information. We also advise clients on new information sources to address employee monitoring and substance-testing. Workplace privacy is an increasingly important issue for in-house counsel and human resources departments. We regularly counsel businesses on email use, retention/disposal of employee personal information, the use of credit information in employment decisions, and the use of new media—including an employee’s own content—in any employment action.

Advertising & Marketing

Advertising, marketing and promotional campaigns often involve privacy concerns. In most instances, effective campaigns rely on investigation and collection of personal preferences. This research leads to better targeting of customers with more efficient programs. We help businesses engage in behavioral marketing and analysis to identify the applicable regulations to maintain the confidentiality of the personal identifying information and to ensure compliance with the legal regime. In addition, we assist companies with the use of personal marketing information by their affiliated businesses.

Mergers and Acquisitions

As more businesses rely on data and information sources for competitive advantage, the risks of misuse also increase. Unfortunately, many of the pitfalls of data security are hidden or unknown until it is too late. These risks highlight the need for highly specialized and knowledgeable legal assistance in the performance of due diligence for business combinations. Our practice group works directly with both in-house business representatives and corporate legal departments to assess the risks associated with the privacy & data security measures and programs of the targeted entities. We help our business clients make business decisions based on the best information available.

Training and Education

The work of the Information Governance Group is not done when a case is closed or a threat has been identified. Our attorneys stay on top of legal and technical changes in the privacy and data security world. We understand that it is even more important for our clients to also stay ahead of the game. We employ clear and concise training and education programs for all levels of client employees. We pride ourselves on our ability to effectively communicate complex issues so that all people can learn, understand, and apply the culture of privacy in business.

Group Presentations
  Building Better Bridges & Achieving Enterprise Excellence in Discovery, Retention and Disposition, January 19, 2011