Practice Areas & Industries: Sheppard, Mullin, Richter & Hampton LLP

 




Privacy and Data Security Return to Practice Areas & Industries

Group Profile Lawyers in this Group Offices Locations for this Group
 

Practice/Industry Group Overview

According to the U.S. Chamber of Commerce, 90% of all data in existence was created in the last two years. However, the global regulatory landscape for data is a patchwork of overlapping and often conflicting rules and concepts. Helping businesses negotiate this continuously evolving landscape is what we do. We recognize that data – and the technology to store, process, analyze and execute on it – is a valuable intellectual property asset that companies can develop, acquire, protect, license, sell and otherwise commercialize and exploit.

Our Privacy and Data Security Team helps businesses unlock the value of data, while ensuring compliance with U.S. and non-U.S. laws and standards that regulate the collection, use, sharing and protection of data.

Third Party and Customer Data Use

We advise many of the world’s largest retailers, consumer brands and technology providers on the collection, use, sharing and commercialization of third party and customer data. This includes negotiating and drafting data sharing and co-op agreements and data security clauses in broader third party vendor agreements, as well as conducting unique data regulatory compliance and data integrity due diligence in strategic transactions.

Advice on Cross Border Data Transfers

We counsel clients on cross-border data transfers, including compliance with EU, Canadian and other international data privacy laws. We routinely handle US-EU Privacy Safe Harbor and US-Swiss Privacy Safe Harbor certifications for clients. We represent clients in transactions that involve cross border data transfers, including under EU standard contractual clauses for the transfer of personal data. Our expertise covers customer data, employee data and credit cardholder data. With foreign offices in London, Brussels, Shanghai, Beijing and Seoul, we also have local expertise with respect to privacy and data security concerns involving the UK, EU, China and Korea.

Data Loss and External Notification

Our attorneys handle complex and high profile data security breach incidents, including advising clients regarding internal investigations, public relations strategies and responses, indemnification and other rights and remedies under vendor agreements, and compliance with state and federal security breach notification laws. We prepare and help implement internal Data Security Breach Response Plans for clients. As data becomes more entwined with the enterprise value of businesses, we handle data due diligence and data loss issues in connection with M&A and other corporate and strategic transactions.

Privacy Litigation

As the prevalence of data use increases along with its value to businesses, privacy litigation is now a part of every large business’s lexicon. We represent some of the best known brands and businesses in the world in defending against the surge of privacy class actions in state and federal courts around the country. We have handled landmark cases involving constitutional privacy rights, state law claims such as California’s Song-Beverly and Shine the Light Acts, penal code wiretapping and call recording claims, the federal Telephone Consumer Protection Act, as well as related vendor indemnification actions. Some of our recent victories include halting the expansion of certain privacy claims to new technologies or new jurisdictions. We don’t just react when you are sued -- we devote time to thinking about what may come next and how to protect you from being surprised by percolating regulation and developing legal theories.

Internal Privacy Policies

We advise clients on internal privacy policies and procedures relating to both consumer and human resources data.

Public-facing Privacy Policies

We help clients identify objectives and establish internal practices regarding data privacy and security. We then help them draft public-facing privacy policies to implement and reflect their objectives and practices. Pulling from Sheppard Mullin’s Chambers-recognized advertising practice, we also understand that a public-facing privacy policy is both a legal and marketing document – as a result, we are uniquely qualified to craft privacy policies that meet legal requirements that also reflect our client’s brand and “voice.”

Regulatory Advocacy and Relationships

As an outgrowth of our extensive representation of online and brick-and-mortar retailers, we have worked closely with trade associations such as the California Retailers Association (CRA) and the Direct Marketing Association (DMA) on drafting and advocating passage of privacy legislation. We have also assisted these and other trade associations with evaluating proposed privacy legislation and crafting arguments to highlight the faults in those proposed laws.

External Privacy Investigations & Audits

We represent companies, including large children’s media focused companies, in connection with regulatory inquiries and proceedings in related to privacy issues, particularly in connection with the federal Children’s Online Privacy Protection Act (COPPA).

Privacy in the Workplace

Legal requirements around the world keep changing and placing increased restrictions on what employers can and can’t do. These changes impact background checks, drug testing, employee data retention and/or transfer, workplace data breach, and maintenance of employee health related information. Our international employment and mobility law attorneys counsel employers on issues related to compliance with workplace privacy. They offer a virtual one stop shop in terms of what U.S. and other countries require.

Regulated Highly Sensitive Data

We have specialized knowledge and experience helping clients with regulated highly sensitive data, including the various laws and regulations that govern health data (HIPAA) and financial data (Gramm–Leach–Bliley Act).

Health care privacy is a critical business function for health care organizations. We represent some of the nation's largest and most respected health plans, hospital organizations, contract research organizations, pharmaceutical companies and medical device manufacturers. We assist healthcare businesses to develop and implement HIPAA privacy compliance programs, establish data sharing programs and protocols and prepare consent and contractual documentation of the same. And because policies need training to be most effective, we offer employee HIPPA's compliance training. We strongly believe that health care providers must take a proactive approach to ensure continued compliance with HIPAA's privacy standards. When allegations of non-compliance are made, we are there to assist too.

In the area of financial institutions, we structure Gramm–Leach–Bliley Act Financial Privacy Rule (GLB) compliance programs, as well as compliance with other laws affecting financial institution opt-out notice provisions, restrictions on the re-use and re-disclosure of consumer information, security guidelines, and federal preemption of state and local privacy restrictions.

Internal Privacy Investigations & Audits

We lead internal data privacy audits as part of US-EU Privacy Safe Harbor and US-Swiss Privacy Safe Harbor certifications and annual re-certifications for clients.

Social Media Usage in the Workplace

We regularly advise companies regarding use of social media in the workplace, and the growing practice employees or contractors devote to promoting and managing a company’s social media presence. The firm publishes a well-read blog on legal issues concerning social media:http://www.socialmedialawupdate.com/. We have drafted internal social media policies for numerous clients that, among other things, address compliance with FTC endorsements and testimonials rules for social media.


 
 
Articles Authored by Lawyers at this office:

Commissioner of California Department of Business Oversight Issues Order on Designated Point of Contact for Delivery of Emails
Sherwin F. Root, December 27, 2013
The Commissioner of the California Department of Business Oversight on November 22 issued an order directing all DBO licensees (which would include California Finance Lender licensees and residential mortgage lender licensees, among others) to designate a single standard email address for...

Sixth Circuit Holds That Affiliated Business Arrangements Are Not Bound by HUD’s Statement of Policy Regarding Sham AfBAs
Sherwin F. Root, December 27, 2013
The U.S. Court of Appeals for the Sixth Circuit, which covers Michigan, Ohio, Kentucky and Tennessee, held late last month that real estate settlement service providers whose relationships satisfied the Real Estate Settlement Procedures Act ‘s (“RESPA’s”) statutory...

United States Supreme Court Holds that Contractual Forum-Selection Clauses Deserve Near Absolute Deference In Considering Changes of Venue Under 28 U.S.C. § 1404(a)
Matthew Ardoin,John P. Stigi, December 12, 2013
In Atlantic Marine Construction Co., Inc. v. United States Dist. Ct. for W.D. Tex., No. 12-929, 2013 U.S. LEXIS 8775 (U.S. Dec. 3, 2013), the Supreme Court of the United States held unanimously that when parties have agreed contractually to a valid forum-selection clause, the analysis for a motion...

Is Everybody A Debt Collector? CFPB Proposes New Rules That Could Subject Creditors That Collect On Their Own Debts To New Debt Collection Rules
Sherwin F. Root, November 15, 2013
The Consumer Financial Protection Bureau is considering new rules to govern debt collection practices that could radically change the debt collection regulatory landscape and for the first time include creditors that are collecting their own debt. Third-party debt collectors are currently subject...

“So You’re Saying There’s A Chance...”: Yellowstone Injunctions Alive and Well in the Commercial Division
Rena Andoh,Molly Masenga, November 01, 2013
In Burlington Coat Factory of N.Y., LLC v. Majestic Rayon Corp., No. 652511/2012, the Supreme Court (J. Kornreich) granted plaintiff Burlington Coat Factory’s (“Burlington”) motion for an injunction to stay and toll the expiration of a thirty-day default cure period and enjoin the...

First Department Refuses to Expand Jurisdiction over Foreign Entities
Robert S. Friedman,Manuel F. Gomez, November 01, 2013
In Khalife v. Audi Saradar Private Bank SAL, 2013 NY Slip Op 05971 (1st Dep’t Sept. 24, 2013), the First Department declined to broaden CPLR § 303, holding that the statute does not authorize personal jurisdiction over a foreign person or entity when the non-domiciliary seeks some form...

Shanghai Pilot Free Trade Zone (PFTZ)
Samantha Peng,Don S. Williams,Michael X.Y. Zhang, October 11, 2013
The China (Shanghai) Pilot Free Trade Zone (PFTZ) officially launched on September 29th, granting 25 Chinese and overseas companies licenses to register in the PFTZ on its first day. The General Plan for the PFTZ was announced on September 27th, with implementation rules and specific regulations to...

First Department Sustains Connecticut Unfair Trade Practices Act and Other Claims Against Subsidiaries and Officers of Lehman Brothers Based Upon An Allegedly Improper Asset Substitution on the Eve of the Lehman Brothers Collapse
Thomas M. Monahan, September 26, 2013
In Aetna Life Insurance Company v. Appalachian Asset Management Corp, et al., 2013 Slip Op 05506 (1st Dep’t July 30, 2013) the Appellate Division affirmed the April 13, 2012 decision of the New York County Supreme Court, Commercial Division (Ramos, J.), which sustained claims by Aetna Life...

Unrealized Gains: Integrated Employment Agreement Bars Employee's Recovery of Additional Compensation
Brian B. Garrett, September 26, 2013
In Volpe v. Interpublic Group of Companies, Inc., No. 652308/2012, Judge Eileen Bransten granted defendant The Interpublic Group of Companies, Inc.’s (“IPG”) motion to dismiss plaintiff Ray Volpe’s (“Volpe”) complaint, finding that Volpe’s employment...

CFPB Releases Exam Procedure Updates For TILA and RESPA
, August 17, 2013
On August 15 the Consumer Financial Protection Bureau released updates to its examination procedures in connection with the new mortgage regulations that were issued in January. These updates offer valuable guidance on how the CFPB will conduct examinations for compliance with the Truth in Lending...

Was AdChoices Just Flipped the (Twitter)Bird on Behavioral Targeting?
, August 08, 2013
It appears that users won’t be seeing the blue AdChoices triangle icon on Twitter anytime soon. AdChoices and its blue triangle icon are the work of the Digital Advertising Alliance (a consortium of trade groups) to provide users with disclosure of and the ability to opt out of targeted...

Doing Business In Latin America: Does Your Local Supplier Have Best Practices In Place So That Your Company Can Avoid Liability Under The FCPA?
Alejandro E. Moreno, August 05, 2013
Imagine yourself the CEO of a successful multinational company. In the past few years, you have overseen ACME’s expansion into Latin America - a market whose demographic profile holds the promise of mouthwatering profits for your company, particularly with the upcoming holiday season. As they...