Practice/Industry Group Overview
Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but unprecedented privacy and security challenges for businesses in all industry sectors. Privacy and cyber risks require businesses to contend with a complex web of state, federal and international laws. Best practices and self-regulatory standards further complicate the picture for companies attempting to navigate the cyber, privacy and data security maze. With the government giving companies’ security and privacy practices greater scrutiny, businesses need to be prepared to meet their evolving obligations in these fields. Constantly changing technology affects the competitive environment and privacy and security requirements. Failure to respect privacy and data security may lead not only to serious economic consequences, but adverse publicity and loss of business. Businesses therefore increasingly consult professionals with expertise to meet the challenges of the cyber, privacy and data security environment.
Morris Polich & Purdy's Cyber, Privacy & Data Security team collaborates closely with clients to take a comprehensive approach to managing, responding and mitigating privacy and data security risks. Our team proactively develops, implements and assesses privacy and data security for companies in numerous business sectors. From preparing initial policies and procedures governing privacy and data security and performing baseline privacy and risk assessments, to implementing programs and performing compliance analyses, the team’s expertise allows it to respond effectively and efficiently. Our team is equipped to respond to government inquiries, investigate and comply with data breach notification requirements and to handle any litigation or regulatory actions arising from alleged privacy violations or data breaches.
MPP’s Cyber Privacy & Data Security team is comprised of attorneys specializing in the key areas of cyber and social media law, professional liability, insurance coverage, health and long term care, litigation, employment, commercial transactions, electronic discovery and intellectual property. The team works on a national basis and has knowledge and experience regarding a wide variety of laws affecting privacy and data security. The team is involved in advising and providing litigation support for numerous federal provisions, including the Computer Fraud and Abuse Act (CFAA), the US/EU Safe Harbor, the Fair Credit Reporting Act (FCRA), the Health Information Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA), the Gramm-Leach-Bliley Act (GLB), the Electronic Communications Privacy Act (ECPA), the Stored Communication Act (SCA), the Red Flags Rule, and a myriad of other provisions.
Team members have also been involved in numerous matters involving state law, including those arising under California’s Song-Beverly Act, the California Medical Information Act (CMIA), the California Invasion of Privacy Act (CIPA), the California Online Privacy Protection Act (CalOPPA), and the California “Shine the Light” law, among others. MPP’s lawyers have also been involved in handling matters dealing with legal provisions relating to cyber security and data breaches, including federal and state laws relating to data breach notification, laws mandating security and encryption, and best practices and self-governing security standards, such as the Payment Card Industry Data Security Standards (PCI DSS).
Because digital data is today readily transmitted across national boundaries, members of MPP’s team are also knowledgeable regarding international privacy and data security laws, including those of the European Union (EU), Canada, Mexico and Asia. The team is headed by a lawyer who is a United States Certified Information Privacy Professional (CIPP/US) and a European Union Certified Information Professional (CIPP/E) and team members regularly monitor legal developments affecting businesses operating domestically and internationally.
Privacy and data security matters are constantly evolving as technology continues to develop. MPP’s Cyber, Privacy & Data Security team has both the technical and legal knowledge to monitor these changes and advise clients regarding resulting risks. The team has handled matters involving cloud computing, “Big Data,” biometric identifiers, the Internet of Things (i.e. “smart” devices), social media, online behavioral advertising (OBA), and other technologies. Team members have also advised and assisted with numerous privacy issues in the workplace, including Bring Your Own Device (BYOD), pre-employment screening, internal investigations, employee use of social media and electronic devices, employee monitoring, and other aspects of the employment relationship.
Complementing its work in privacy and data security, the MPP team also has expertise in other aspects of cyber law. The team includes lawyers familiar with copyrights, trademarks, patents, the Digital Millennium Copyright Act (DMCA), government subpoenas of electronic information, trade secrets, and protection of proprietary information. Team members have also handled a wide variety of other cyber matters, including licensing disputes, preservation of electronic evidence, protection of intellectual property against piracy, and registration of domain names. The team has also dealt with numerous e-Discovery issues, particularly those regarding the interplay between electronic collection of documents and relevant privacy and security requirements.
A CROSS SECTION OF OUR EXPERIENCE
Services provided by our Cyber, Privacy & Data Security team include:
Designing and Implementing Corporate Risk Analyses and Strategies
- Baseline privacy and data security surveys and analyses, including privacy and security of personal and proprietary information collected, maintained and distributed by businesses
- Privacy and security risk audits and assessments
- Privacy and data security practices and procedures
- Response protocols and contingency plans for privacy and security breaches
- Establishing appropriate corporate privacy and data protection infrastructure
- Training to promote and comply with best practices in privacy and data security, including privacy by design
- Compliance with ongoing requirements and best practices in light of changing technological and legal requirements
Responding to Data Breaches and Security Incidents
- Establishing data breach notification procedures
- Complying with breach notification requirements of relevant federal and state jurisdictions
- Working with investigators, consultants, and law enforcement authorities to analyze and contain breach and security incidents
- Mitigating damages and remediating harm from breach incidents
- Providing notices to affected individuals
- Revising practices and procedures to help prevent future breach incidents
Implementing Business Solutions
- Negotiating and drafting contracts, including HIPAA business associate agreements, vendor agreements, and agreements involving cloud computing providers
- Selecting and managing vendors and other third parties handling personal or proprietary information
- Protecting personal information of employees, customers, and consumers
- Protecting privacy and security of personal health information (PHI) under HIPAA and HITECH, including HIPAA Omnibus Rule
- Use of social media and electronic devices in the workplace
- Use of personal information for marketing and advertising purposes, including online behavioral advertising and COPPA compliant websites
- Online privacy notices and user agreements
- Management of privacy security of electronic information, including proper document retention procedures and compliance with electronic discovery obligations
- Evaluating insurance coverage issues
- E-Discovery evaluation and compliance