Overview

With the global surge in digital technologies, the amount and value of data have exploded. Social media, mobile devices, geo-location tracking and cloud-based technologies are only a few of the ways that data is being collected and shared. At the same time, a growing patchwork of laws and regulations restrict the way data assets can be used and require that organizations implement compliance programs that prioritize data privacy and security. Understanding this ever-changing landscape is critical for companies to maximize the benefits of critical data assets, without running afoul of the applicable regulatory scheme.

Read More

Lawyers in our Data Privacy practice use a multi-disciplinary approach to provide tailored and strategic data counsel for businesses in all industries. Our expertise merges cyber security, regulatory compliance, technology law and licensing, commercial contracting and dispute management, yielding our unique ability to advise clients on all aspects of data management and commercialization. Additionally, our team understands the difficulties that come with operationalizing data compliance and we have significant experience with implementing cost-effective solutions. For firsthand data breach experience of our clients' perspectives, view our DATA BREACH STRATEGIES. 

Our Work

Our data and privacy attorneys provide strategic counsel in areas such as regulatory compliance, developing and implementing policies and procedures, preparing for data incidents and data breach response, cyber security investigations, privacy and data security disputes, risk management and corporate transactions that involve data transfer. We handle cutting-edge collaborations and strategic alliances involving the license and exchange of identifiable and de-identified data assets and analytics applications. As businesses increasingly move into digitized markets, we provide counsel for online business models involving issues such as geo-location and mobile device tracking.

Because our team members having served as the Interim Associate Compliance Officer and Director of Privacy of an academic medical center, when data privacy or security issues arise, we offer a unique business perspective that blends awareness of the intricacies of relevant laws with a pragmatic, businesses-focused approach.

Our Clients

We advise a wide range of local, regional, national and international clients in industries such as:

  • Health Care
  • Software, data and cloud computing services
  • Internet and e-commerce
  • Marketing and advertising
  • Life sciences and pharmaceutical services
  • Social media and communications
  • Financial services
  • Manufacturers and retailers

Our Expertise

Our multi-disciplinary team of lawyers possess a thorough understanding of the substantive areas that typically underlie such issues, including data privacy and security; regulatory compliance; data breach response; intellectual property and licensing; technology; health care; employment, labor and human resources; corporate and securities; and litigation. We leverage our expertise to provide practical, tailored advice on data privacy requirements, including HIPAA; GDPR; Gramm-Leach-Bliley; data localization and data transfer laws; marketing laws; Children’s Online Privacy Protection Act (COPPA); mobile device and tracking laws; Fair Credit Reporting Act (FCRA); and the Fair and Accurate Credit Transaction Act (FACTA), as well as information security requirements in the HIPAA Security Rule; Gramm-Leach-Bliley Safeguards Rule; Payment Card Industry Data Security Standard; state security laws; corporate governance legislation and regulations; and unfair business practices law (FTC Act, Section 5).

View Less

Services

Compliance

  • Assist with data breach investigation and response
  • Advise on de-identifying data assets
  • Provide best practices and policies for compliance with data-related laws and regulations
  • Prepare terms of use and privacy statements for websites and mobile apps
  • Provide data-driven business model analysis and strategy
  • Address employee privacy issues and employee nondisclosure obligations for confidential and proprietary information
  • Review and manage claims under cyber insurance policies

Commercial Transactions

  • Strategic collaborations involving licensing of data and databases, and the creation of data mining and analytics tools
  • Creation and licensing of digital content
  • Addressing privacy, security and data transfer and protection issues in mergers, acquisitions and other corporate transactions
  • Outsourcing and procurement of technology and complex services, including data hosting and processing
  • Structuring and contracting for health information exchange

Litigation

  • Trade secret theft
  • Commercial business to business contract disputes
  • Risk management of data and security breach scenarios
  • Prosecuting and defending claims stemming from data and security breaches


Experience

  • Advised clients on data processing, use, and transfer agreements, vendor contracts, and data transfer mechanisms regarding issues related to state and foreign privacy laws, including CCPA, GDPR, and PIPL.
  • Represented a publicly-traded diagnostic services provider on cloud computing transactions and counseling matters, including an arrangement with a Fortune 100 technology company to license and implement technology infrastructure enabling cloud-based exchange of large volumes of sensitive information.
  • Represented a leading provider of information management and data migration services in the negotiation and preparation of a collaboration and distribution agreement with a leading vendor of enterprise content management software, involving the combination of technologies to establish a best-of-breed offering that manages and migrates large volumes of data across an enterprise.
  • Defending multiple securities class actions brought by shareholders/members of agricultural cooperatives seeking dissolution and money damages for alleged breaches of fiduciary duties.
  • Defending a trustee of securitized assets against claims of negligence and wrongdoing resulting in alleged damages exceeding $200 million.
  • Defended a multi-state manufacturing company in North Carolina court against a purported “cyberbreach” putative class action lawsuit. We prepared and filed dispositive motions on behalf of the client. The matter resolved after extended negotiations, leading to a classwide settlement.
  • Advised an automotive dealership on data breach response and investigation following a cybersecurity incident by a service provider.
  • Managed a privacy incident response and risk assessment of a world-renowned saltwater boat manufacturer following the disclosure of sensitive employment information by an employee.
  • Advised a state agency client on data breach response and regulatory reporting and notification obligations following the discovery of lost and stolen devices containing sensitive information.
  • Advised multiple healthcare providers concerning the Change Healthcare cybersecurity incident related to a ransomware attack resulting in the breach of protected health information.
  • Managed and advised a marketing company regarding incident response and forensic examination following threat actor’s use of spoofed and fraudulent domain names.
  • Advised an investment firm regarding regulatory reporting and notification obligations following the discovery of inappropriate access and disclosure of tax returns by IRS contractor.
  • Advised educational institution on issues related to FERPA compliance and incident and complaint response.
  • Developed and implemented HIPAA privacy compliance employee training program for academic medical center.
  • Prepared policy and procedure manuals and trainings for health information management departments to address HIPAA privacy requirements related to medical records and release of information.
  • Advised institutional review boards on privacy considerations related to research protocols.
  • Counseled healthcare providers on HIPAA, Part 2 substance use confidentiality regulations, and Information Blocking compliance, including drafting of contract terms, policies, procedures, and training.
  • Assisted a multi-state manufacturer in responding to a cybersecurity incident affecting citizens located in all 50 states, Washington D.C., and Puerto Rico. Representation included the coordination of insurance coverage, law enforcement notifications, affected individual and regulatory notifications as required by applicable state and federal agencies, and related issues.
  • Conducted privacy and security risk assessments and privacy impact assessments and implemented resulting mitigation efforts.
  • Managed investigations of and advised clients on privacy and data security incidents, including breach reporting and notification requirements to federal and state agencies such as the Office for Civil Rights and state attorneys general.
  • Coordinated responses to multiple investigations by federal and state agencies arising from reported complaints and privacy incidents.

Professionals

Insights

News

Publications & Alerts

Events & Programming

Jump to Page

This website uses cookies to enhance your browsing experience and improve functionality. To learn more, you may view our Privacy Policy. By continuing to browse Smith Anderson's website, you are accepting our use of cookies in accordance with our privacy policy.