Privacy and Data Security

Many companies deal with sensitive personal data, including insurance companies, telecommunications carriers, health care providers, retailers, banking and financial institutions, higher education and marketing companies. Any company that operates a website for interfacing with customers also has access to sensitive personal data. The Patton Boggs Privacy and Data Security Group advises clients on all facets of privacy and data security. Our attorneys have extensive experience with corporate privacy policies and best practices. We assist clients with advertising and e-commerce, data breaches, security issues, licensing, consumer marketing, social media, due diligence and government relations. We also advise clients about compliance with privacy-related regulations, and represent clients before Congress and other legislative bodies, state and federal regulatory agencies (the FTC and FCC) and the courts.

We keep clients advised of privacy-related developments and regularly assist clients with issues arising under state, federal, and international privacy laws and regulations, such as GLBA, COPPA, HIPAA, FIPPA, TSR, ECPA, FCRA, CAN-SPAM, Do Not Call and the TCPA. We also advise clients on compliance with bank secrecy and money laundering statutes, as well as global data protection laws, such as the European Privacy Directive and the Department of Commerce Safe Harbor program.

Consumer Privacy and E-Commerce

E-commerce and consumer privacy issues touch on many issues including Internet privacy, advertising, data sharing, social media, telemarketing, identity theft, COPPA, Gramm-Leach-Bliley and consumer credit. We advise clients regarding online security practices, assist them with safeguards and privacy audits and represent them before Congress, the FTC and the FCC on privacy-related issues. Representative matters include:

• devising workable and comprehensible privacy policies and procedures for clients subject to the Safeguards and Red Flags Rules.
• representing clients’ interests before Congress regarding online consumer privacy issues, including “Do Not Track,” behavioral advertising, and  other federal privacy legislation and keeping clients informed about privacy-related legislative developments.
• working with clients to ensure compliance with the Gramm-Leach- Bliley, the Children’s Online Privacy Protection Act (COPPA) and other regulatory requirements.
• representing clients in FTC privacy-related investigations and cases.
• assisting clients with marketing, advertising and compliance issues relating to consumer data, including issues under the FTC Act, the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), the Restore Online Shoppers’ Confidence Act and other regulatory initiatives.
• advising clients on Safe Harbor issues and procedures.
• working with international counsel to coordinate privacy policies for multi-national companies, including compliance with the Freedom of Information and Protection of Privacy Act (FIPPA) and EU Privacy Directive.
• assisting clients faced with data breach issues to comply with varied state breach notification requirements and on risk mitigation issues.
• drafting licenses as well as Terms of Use and privacy policies for websites and e-commerce applications.  
• reviewing implications of Smart Grid and other new technologies.
• advocating an exemption for informational calls under the revised Telemarketing Sales Rule (TSR) and counseling clients on compliance with the TSR including “Do Not Call” issues.
• advising clients on privacy-related issues under the Electronic Communications Privacy Act (ECPA) as well as compliance with privacy provisions of the Fair Credit Reporting Act (FCRA).

Cybersecurity

Our Homeland Security and Information Security attorneys and professionals counsel banks, financial institutions, retailers, higher education institutions and information technology entities on numerous issues, from cyber security to cybertheft prevention, focusing on preventing data breaches, minimizing liability stemming from data breaches and post-breach forensics. 

We work with federal agencies, including the Department of Homeland Security (DHS), and on Capitol Hill to educate decision makers on the needs of the public and private sectors on cyber security in order to protect our clients’ interests and to ensure that they are aware of potential legislative and regulatory mandates before they become law. Representative matters include:

• working with institutions of higher education to create and develop cybersecurity technology standards.
• working with major retailers to ensure online financial transactions are protected and advocating for public-private partnerships in the cyberspace arena.
• working with private sector entities in critical infrastructure to ensure that cyber security mandates coming from the government are coordinated with physical security needs and requirements.
• advocating against the imposition of draconian measures that could be introduced to control information and advocating for transparency in cyber security regulatory issues.
• preparing white papers regarding efforts to hold financial institutions to “strict liability” standards regarding information security.
• working with cybersecurity experts to assess and improve security measures for personal financial information and other sensitive data. 

International Transactions

We advise clients with international transaction and workforce compliance with U.S. and international standards in the privacy and data security areas.

Representative matters include:

• developing privacy procedures and standards for multinational companies.
• assisting global e-commerce companies with international sales and data protection procedures.
• advising clients on “Safe Harbor” requirements regarding compliance with EU Data Protection Directives.
• assisting with local country legal issues through consultations with leading firms worldwide, due to our membership in Legalink, an international association of prominent law firms throughout the globe.

Health Privacy and Health Insurance Portability and Accountability Act (HIPAA)

Patton Boggs’ health team is experienced in the areas of privacy, security and electronic transactions. Several of our attorneys helped draft the original HIPAA regulations while in government service and they continue to stay abreast of all legal developments in this area. Representative matters include:

• providing technical assistance to clients on HIPAA compliance efforts, including developing privacy and security policies and procedures and training the workforce.
• engaging with the Congress on e-health initiatives, including ensuring that new policies in the ARRA did not lead to unintended consequences that would have eliminated the ability of our clients to confirm prescription information at the request of the patient.
• providing legal assistance on the interaction of state and federal privacy laws.
• providing strategic advice on issues arising from the shift from paper to electronic medical record formats and related impact on reimbursement, quality, standards of care, privacy, and security.
• providing strategy guidance and technical assistance in filing complaints with regard to the implementation of the HIPAA Electronic Transaction and Code Sets Rule.

Privacy in Employment Contexts

Our employment attorneys regularly handle issues regarding privacy in the workplace. Among our representative matters:

• advising clients on codes of conduct and other employee policies.
• drafting handbooks and guides regarding employee e-mails, Internet usage, social networking and other privacy related considerations.
• counseling employers regarding excessive monitoring or review.
• assisting clients with international employee data transfer issues.
• providing employee training programs to review current policies and procedures.