This is an Advertisement

Data Privacy & Security

Data Privacy & Security

Protecting your information

Wyatt's Data Privacy & Security Service Area offers a unique blend of experience across many industries to address companies' obligations to protect the privacy of their clients, patients, employees, and others.  New privacy protection laws affect nearly all businesses.  To further complicate matters, legal rules and technologies are changing rapidly and profoundly. 

Wyatt’s Data Privacy & Security lawyers have extensive experience with all aspects of this area of the law.  We help clients evaluate and improve data privacy and security policies and procedures, conduct training, work with regulators, prepare for external audits, respond to breaches, and draft and review contracts.  We also have litigators well-versed in this area of the law.

Our lawyers help businesses understand and comply with the many state and federal laws pertaining to privacy and information security.  Our service area members have hands-on experience advising clients in many industries, including health care, banking, insurance, education, information technology, and retail.

Our attorneys regularly assist clients with:

  • Response and remediation for data security incidents, including hiring and working with forensics consultants, analyzing the incident, working with regulators and government investigators, notification, call center, ID and credit monitoring, and arranging for services
  • Office for Civil Right (OCR) audits and data breach investigations
  • Complying with HIPAA requirements to protect patient information held by health care providers and business associates
  • Complying with financial institution requirements for customer privacy notification and information security
  • Preparing website policies, such as Privacy Policy, Disclaimers, Cookies Policy, Terms of Use, Terms of Service, etc.
  • Litigating matters such as domain name infringement; theft of trade secrets and customer lists; invasion of privacy and defamation; and illegal downloading of music and movies
  • Negotiating and drafting agreements for Internet and network security
  • Negotiating and drafting contracts involving digital signatures
  • Developing and monitoring records management systems
  • Evaluating the risks involved in sharing information with third parties for marketing, transactional or other business purposes
  • Advising on the legal requirements for destroying personally identifiable information
  • Advising on a wide variety of workplace issues, including surveillance, confidentiality agreements and termination procedures, among others
  • Establishing secure private networks
  • Negotiating and drafting vendor contracts

Many privacy-protection laws are aimed at consumer protection and carry significant penalties for non-compliance or may lead to financial exposure in the form of government settlements or plaintiff class action lawsuits.  We regularly advise clients on compliance with state and federal laws and enforcement agency guidances related to consumer information privacy, including the following:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Federal Trade Commission (FTC) laws, regulations and guidelines related to privacy, including
    • FTC Act §5: Unfair and Deceptive Practices
    • Fair and Accurate Credit Transactions Act of 2003 (FACTA) and Red Flags Rule
    • Gramm-Leach-Bliley Act (GLBA)
    • CAN-SPAM Act of 2003
    • Children’s Online Privacy Protection Act (COPPA)
    • Personal Health Breach Notice Rule
  • State data breach notification laws and regulations
  • EU-U.S. Privacy Shield Framework
  • U.S. Patriot Act
  • Family Educations Rights and Privacy Act (FERPA)
  • Video Privacy Protection Act of 2015
  • Telephone Consumer Protection Act (TCPA)
  • PCI Data Security Standards
  • Federal Financial Institutions Examination Council (FFIEC) cyber security statements

A few of our more noteworthy data security incident
experiences include:

  • A breach involving over 75,000 personal records
  • A data security incident requiring computer assisted triage and thousands of records to meet a five-day, over-a-holiday weekend deadline
  • Stolen and misplaced mobile devices involving thousands of records with personal information
  • Phishing emails potentially disclosing employee personal information
  • Ransomware attack requiring forensics investigation and legal guidance under applicable laws