Privacy & Data Security

Sutherland helps clients navigate the increasingly complex framework of laws governing the collection, use, transfer, disclosure and security of personal information.

Advances in information technology now provide unprecedented ways to collect and use personal information, but these advances also created new risks to the privacy and security of the information. Both domestically and internationally, governments recognized some of these risks and created complex, overlapping and sometimes conflicting laws that restrict the collection, use, retention and disclosure of personal information and impose requirements for securing that information.

Sutherland’s Privacy and Data Security Team helps clients manage the obligations and risks of gathering, maintaining, processing and transferring personal information. Our attorneys advise companies on regulatory compliance, particularly in the financial services and energy industries. Our hands-on business experience managing information technology risk allows us to provide practical, business-focused counsel on all aspects of information policy, security, storage and management.

We advise on a range of privacy and data security matters, including information security program development and assessment, data breach response and investigation, privacy policies and notices, online privacy issues and data collection technologies, and electronic communications. Our clients have access to the full resources of our firm to protect their interests and build their businesses.

Why Sutherland
A practical approach. We understand that if a legal approach does not meet a client’s business needs, it is not a solution. This practical approach is why some of the nation’s most dynamic and successful companies rely on Sutherland for privacy and data security counsel.

We understand business. Our understanding of businesses and the marketplace helps clients meet their strategic business objectives—whether developing new Internet services or mobile applications, initiating business in a new state or country, preparing for or managing a data breach crisis, or defending enforcement actions.

We understand technology. Our team includes a former senior security consultant and chief information officer at an international energy company, and a former senior regulator who was involved in privacy examinations, enforcement and rulemaking. We offer uniquely informed advice and counsel on bridging the gap between legal requirements and technological implementation.

We understand the regulators. Sutherland’s attorneys include experienced professionals who previously served on regulatory bodies. We offer advice and counsel on regulatory actions, including examinations, enforcement and policy. We participate in industry task forces on data security and keep abreast of regulatory and legislative activity.

We focus on industries we understand well. Sutherland has broad and deep experience with energy and financial services and serves the privacy and data security needs of these industries both domestically and globally.

We are experienced advisers, crisis managers and privacy litigators. We help clients investigate and respond to suspected data breaches and electronic fraud and provide practical advice on planning for these possibilities. Our attorneys interface with law enforcement and regulatory agencies at local, state and national levels. Our privacy team has the knowledge and experience to provide strategic business and technology advice during a crisis.

Nuts and Bolts
Data Security Program Development – Guide clients through the discovery, construction, communication and evolution phases of privacy and data security program development, including the following types of advice regarding online and electronic privacy.

  • Collaborate with clients to develop comprehensive information security programs 
    • Develop privacy and data security policies, procedures and notices
    • Assist energy clients in developing policies and procedures compliant with the critical infrastructure protection requirements of the North American Electric Reliability Corporation (NERC) Reliability Standards
    • Advise clients on the regulation of e-mail, text message, fax and telephonic communications including telephone sales rules, Do Not Call registries, the CAN-SPAM Act and similar rules and laws
  • Address online data collection technologies, including required notices and opt-out provisions 
    • Advise on consumer tracking, behavioral advertising and related disclosures
    • Assist with mobile application data collection, including the use of geo-location data
    • Aid financial services clients in developing end-to-end encryption, tokenization, EMV/Chip and PIN technology, and dynamic authentication measures such as dynamic CVV and Magneprint technology to deter data breach
    • File patents on novel authentication and encryption techniques and methodologies that protect financial transaction databases and prevent access to other financial information
    • Assist clients with payment card industry data security standards (PCI-DSS)
  • Conduct privacy and data security assessments
    • Help clients prepare for audits and provide counsel in audits to confirm compliance with NERC critical infrastructure protection requirements

Data Breach Response and Crisis Management – Assist and advise on crisis responses to potential security breaches. In this context, we:

  • Investigate suspected network intrusions and lost data device incidents
  • Assist with customer notification and response
  • Advise on compliance with state and national breach notification laws in multiple jurisdictions
  • Assist with public relations, call center and investor relations communications
  • Assist with negotiating insurance coverage terms and conditions and claims coverage matters

Financial Privacy – Advise insurance, financial services, payment card and credit reporting industries concerning federal, state and foreign compliance obligations under:

  • Fair Credit Reporting Act
  • Fair and Accurate Credit Transactions Act
  • Gramm-Leach-Bliley Act and state financial privacy laws, and related FTC and CFPB privacy and safeguards rules
  • Regulation P
  • Regulation S-P

Regulatory Enforcement Response – Advise and defend clients in connection with privacy-related regulatory investigations and enforcement actions under:

  • Gramm-Leach-Bliley Act, including Regulation P, Regulation S-P, and the FTC’s and CFPB’s privacy and safeguards rules
  • Fair Credit Reporting Act, including the Fair and Accurate Credit Transactions Act
  • North American Electric Reliability Corporation (NERC) Reliability Standards on critical infrastructure protection
  • HIPAA and state medical privacy laws
  • Standards of e-discovery as they pertain to privacy raised in the context of litigation

Selected Experience
Sutherland advises electronic commerce company on privacy issues in e-commerce acquisition.
Sutherland's risk management review of privacy policy and website disclosures assisted in the acquisition of an e-commerce company.

Sutherland defends broker-dealer in FINRA data privacy investigation.
Sutherland represented a broker-dealer in a FINRA investigation and settlement involving personal information of tens of thousands of customers where the broker-dealer allegedly violated Regulation S-P and FINRA supervisory requirements.

Sutherland advises insurer on HIPAA in claim privacy breach.
An adjuster sent a partially completed claims form to a claimant who had requested the form without using the required encryption e-mail. Sutherland advised regarding HIPAA requirements.

Locations (1)

People (429)

Peer Reviews

  • 4.8/5.0 (56)
  • Legal Knowledge

  • Analytical Capability

  • Judgment

  • Communication

  • Legal Experience


See All 125 Reviews See All 125 Reviewed Attorneys »

*Attorneys who only have peer reviews prior to April 15, 2008 are not displayed.

Client Reviews

  • 3.9/5.0 (6)
  • 83% (5)
  • Communication

  • Responsiveness

  • Quality of Service

  • Value for Money


See All 6 Reviews


Documents ({{amountArticles}})

Documents by this Organization on
Other documents: ,


§  “Diversity at Sutherland Asbill & Brennan LLP” to “Diversity at Eversheds Sutherland (US) LLP”

§  “Diversity” section:

o   The firm’s emphasis on diversity is reflected in numerous ways throughout the firm, such as the manner in which we recruit lawyers and other employees, our work-life policies and our professional service efforts. We have been recognized for our achievements in diversity.  More importantly, we understand the significant role a diverse community plays in the firm's growth and development.

§  “Our Awards and Recognitions” section:

o   Eversheds Sutherland (US) LLP continues to be recognized for its efforts to promote diversity in the workplace and in the legal profession. In 2016 we were named a “Best Place to Work for LGBT Equality,” having earned a perfect 100 score on the Human Rights Campaign’s Corporate Equality Index, and we also were ranked a Top 100 Firm for Minority Attorneys by Law360. In addition, the firm was awarded the Gold Standard Certification for the fifth consecutive year by the Women in Law Empowerment Forum.

§  “Our Commitment” section:

o   Eversheds Sutherland (US) LLP is committed to promoting diversity within the firm and in the legal profession.  We believe that diverse skills, knowledge and viewpoints make us a stronger, more productive law firm.  We hire and promote qualified lawyers and other professionals regardless of race, color, national origin, religion, disability, gender, gender identity or sexual orientation.  We understand that diversity enhances our value to clients by allowing us to staff our client teams with professionals who possess broad experiences and a spectrum of perspectives.

o   Eversheds Sutherland (US) LLP has a cross-office Diversity Committee with responsibility for supporting and enhancing our firm culture.  Our committee has helped coordinate and lead a number of efforts to advance diversity within our firm and the community. Affinity groups at the firm serve as support networks for attorneys of color; women lawyers; and gay, lesbian, bisexual and transgender attorneys.

o   We are committed to working with our clients as they pursue the common goal of a professional workplace where opportunity is available to all.

Contact Eversheds Sutherland (US) LLP

Please correct the fields highlighted in red.

By clicking on the "Submit" button, you agree to the Terms of Use, Supplemental Terms and Privacy Policy. You also consent to be contacted at the phone number you provided, including by autodials, text messages and/or pre-recorded calls, from Martindale and its affiliates and from or on behalf of attorneys you request or contact through this site. Consent is not a condition of purchase.

You should not send any sensitive or confidential information through this site. Emails sent through this site do not create an attorney-client relationship and may not be treated as privileged or confidential. The lawyer or law firm you are contacting is not required to, and may choose not to, accept you as a client. The Internet is not necessarily secure and emails sent though this site could be intercepted or read by third parties.