As the information-based economy has expanded, the collection, use and protection from disclosure of customer and employee data has become an increasing focus of legislation and regulation.  Federal statutes such as HIPAA (Health Insurance Portability and Accountability Act), COPPA (Children’s Online Privacy Protection Act), and Graham-Leach-Bliley impose safeguards on certain personal information.  CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) and the Federal Trade Commission’s National Do Not Call Registry protect individuals’ privacy by restricting email and telephone marketing solicitations.  State data breach notification laws require holders of confidential personal information (for example, credit card account numbers) to notify individuals when that data is inappropriately disclosed.  Businesses that operate globally may also face international compliance challenges, as many non-US jurisdictions  impose rules which are different from and  more stringent than those of the U.S. 

In addition to risks of legal non-compliance, businesses that possess and wish to use personal data are faced with information flow barriers to operating as a unitary enterprise, and potentially even  loss of business in the event that they lose or otherwise inadvertently disclose customer data

Our firm is experienced in advising on an array of privacy issues, including privacy policy development, implementation and training, online and telemarketing matters, employee data, and privacy rules that apply to specific industries.  We have experience in developing strategies to manage privacy issues across organizations, and on responding to incidents of potential exposure of confidential data.   We also counsel clients on ensuring vendor compliance with data security standards and practices, and compliance reviews.