Privacy & Data Protection
PRIVACY & DATA PROTECTION
We couple vast regulatory knowledge and a keen understanding of emerging technology to help clients navigate rapidly changing privacy laws and regulations, manage their risks and move ahead of the pack in new and uncharted business areas.
Privacy and data protection affects every industry. The risks and opportunities associated with emerging technology and information management, transfer and creation are exploding. The outcome is increasingly complex privacy and data protection laws and regulations at state, federal and international levels. And we’re seeing increasingly stringent enforcement across every jurisdiction and industry.
We help companies manage risk and protect data with enterprise-wide privacy and security plans that stand up to litigation and investigation, while allowing them to run efficiently and within their resources. And in the event of theft or loss, we provide robust incident response measures, thorough mitigation strategies to safeguard against future issues and step-by-step navigation of any ensuing litigation or government investigations.
And while we’re well versed in the regulatory field, we’re also business-minded. We provide compliance counseling, employee training and guidance on how to do business successfully while respecting the privacy of customers, clients, users, patients and employees. Startups and veteran multinational corporations alike come to us for help with the challenges and opportunities presented by technology, including:
- Cloud storage
- Social media
- Big data
- Mobile devices
- The smart grid
- Mobile apps and websites
- Security breaches
Who we work with
- All businesses, organizations and government entities that collect, transmit or store sensitive or personally identifiable information
- All industries including technology, health care, finance, infrastructure, defense, energy, big data, social media, data storage and professional services
- Companies using mobile apps, websites and social media. Whether communicating with, collecting information from, advertising to or doing business with clients and customers, they and others are impacted by the Telephone Consumer Protection Act (TCPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
- Health care providers, insurance companies, pharmacies, clearinghouses, business associates and others impacted by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Omnibus Rule
- Those who market goods or services to children under the age of 13 and others impacted by the Children’s Online Privacy Protection Act (COPPA)
- All companies that receive and store the personal financial information of their clients and customers, and others impacted by the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) and state data security laws
- Law firms, accounting firms and other professional advisors working with sensitive client information
- Law enforcement agencies
- Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law
- Defended a client in litigation involving the theft of 1.7 million patient records
- Provided emergency response and compliance strategy for clients following the theft or loss of large amounts of sensitive information. Recent examples include:
- A lost laptop containing the personal information of over 11,000 individuals from 31 different states
- Website hacking incident involving the personally identifiable information of over 3,000 individuals
- Represented numerous clients in privacy violation investigations by the Office for Civil Rights and state regulatory entities
- Provide ongoing privacy and security counsel to a large utility
- Counseled a pharmaceuticals company in corporate privacy and security issues and provided worldwide employee privacy training
- Built enterprise-wide privacy and security framework for start-up companies in the health care industry, municipalities and large corporations
- Assisted clients with their applications for “safe harbor” under the Federal Communications Commission (FCC)
- Developed and implemented website privacy policies and terms and conditions of use for a variety of clients in diverse industries
- Wearable Wellness
HR Executive | October 1, 2014
San Francisco Labor & Employment associate Alexandra Devendra is quoted in this feature story on personal health information confidentiality and HIPAA’s nondiscrimination provision concerning employee use of wearable devices.
- Is Anyone Really 'HIPAA Compliant' in Healthcare?
Forbes | September 29, 2014
Providence partner and leader of the firm’s Privacy & Data Protection team Linn Freedman provides commentary in this column on understanding and adhering to HIPAA across the entire digital health ecosystem.
- Assessing the Financial Impact of 4.5 Million Stolen Health Records
Forbes | August 25, 2014
This column discusses the impact of Community Health System’s data breach. Partner and leader of the firm’s Privacy & Data Security team Linn Freedman acts as a third-party source.