Privacy & CybersecurityOverviewAs the amount of — and potential uses for — personal and consumer data increases exponentially, the gathering, storing, safe handling, and sharing of that data have become pressing concerns for businesses around the world. In a recent survey by the Association of Corporate Counsel, chief legal officers identified cybersecurity as one of the top issues keeping in-house lawyers up at night. One in five said their organization had experienced a data breach within the past two years. To help you meet these challenges, Michael Best has assembled a multi-disciplinary team of attorneys who understand how privacy and cybersecurity laws intersect with other areas of law and industry-specific regulations. Because we know our clients need to do more than just react to the latest breach, we provide forward-looking, comprehensive counsel and litigation defense. Our Privacy & Cybersecurity team advises and represents clients in many different sectors, including energy, financial services, healthcare, pharmaceutical, media, education, consumer products, agriculture, manufacturing, science, and technology.
Any organization with operations involving the collection, retention, use, processing, or disclosure of personally identifiable information (PII), or that engages in internet or mobile marketing, is subject to various federal and state privacy and security laws. PII is broader than many people realize and may include: Social Security number, address, email, phone number, health information, biometric data, financial information, consumer credit information, or background checks (including drug testing).
To complicate matters, the United States lacks a comprehensive federal law regulating the use of PII, instead taking a sectoral approach to privacy and data security regulation. Michael Best helps clients navigate the complex and rapidly changing landscape of regulations, including:
- Health Insurance Portability and Accountability Act (HIPAA)
- Genetic Information Nondiscrimination Act (GINA)
- Fair Credit Reporting Act (FCRA)
- Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act)
- Fair and Accurate Credit Transactions Act (FACTA)
- Gramm-Leach-Bliley Act
- Dodd-Frank Wall Street Reform and Consumer Protection Act
- Anti-money laundering laws
- Family Educational Rights and Privacy Act (FERPA)
- Protection of Pupil Rights Amendment (PPRA)
- Americans with Disabilities Act (ADA)
- Electronic Communications Privacy Act (ECPA)
- Telephone Consumer Protection Act (TCPA)
- Telecommunications Act of 1996
- Children’s Online Privacy Protection Act (COPPA)
- Payment card industry (PCI) issues
- North American Electric Reliability Corporation (NERC) standards, including critical infrastructure protection standards (CIPS)
- State laws relating to consumer privacy
- State financial regulations relating to privacy
- EU-US Privacy Shield, EU Cookie Directive, and other international regulations
Service Areas
Privacy & Cybersecurity Counseling
Advising clients on compliance with, and auditing policies and practices related to, privacy and data security regulation in areas such as: employee and workplace management; M&A; negotiating and drafting data agreements and transactions involving personally identifiable information; cross-border issues; cyber insurance coverage; and in sectors including finance, healthcare, and energy.
MORE
Privacy & Cybersecurity Litigation
Representing clients in regulatory actions, government investigations, arbitrations, and civil litigation involving a wide range of privacy and data security regulations; helping clients prepare for and conduct data breach and incident responses, investigations, and litigation.
MORE
Experience
- Represented various clients in assessing and responding to data breaches, managing multi-state breach notifications, including notification to regulators, and providing credit monitoring
- Negotiated data aggregation agreement between client and major financial institution to allow sharing of financial institution customer information with third parties
- Counseled on sharing of financial institution nonpublic personal information with non-affiliated third parties under joint marketing agreements and service provider agreements in order to increase and refine targeted marketing efforts
- Advised on FCRA issues relating to firm offers of credit involving financial institution, credit bureau, and multiple service providers
Related People Preview Attorney's BiographyCorporate clients turn to Michelle for her experience litigating commercial and intellectual property disputes, among other matters. Michelle also serves as a member of the firm’s Class Action/Multidistrict Litigation team. She tries cases in both federal and state courts at the trial and appellate levels.  Preview Attorney's BiographyKnown for giving practical and actionable legal advice, Adrienne counsels clients on the many complex aspects of privacy and data management matters. Her extensive background includes experience with issues relating to the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), and the Telephone Consumer Protection Act (TCPA), as well as privacy programs and cyber security issues.  Preview Attorney's BiographyRyan is a paralegal in the firm’s Transactional Practice Group. He performs detailed due diligence for commercial and agricultural real estate transactions throughout the country, with an emphasis in: Arkansas, Illinois, Idaho, Indiana, Louisiana, Michigan, Mississippi, Nebraska, Ohio, Oregon, and Wisconsin. Ryan conducts property research, ALTA/NSPS land survey analysis, title and policy review, and is responsible for drafting a wide range of transactional and closing documents. Ryan L. Habeck* *Names that appear with an asterisk indicate a Michael Best professional not admitted to practice law.  Preview Attorney's BiographyVelvet Johnson is senior counsel in the firm’s Privacy & Cybersecurity practice. Drawing on more than a decade of private sector and government experience, Velvet assists clients in identifying and mitigating risks associated with privacy and data security practices.  Preview Attorney's BiographyWith nearly 25 years of experience in energy law, Roxane offers clients advice on federal and state laws and regulations, as well as effective representation in litigation of complex Federal Energy Regulatory Commission (FERC) proceedings involving natural gas and electric matters.  Preview Attorney's BiographyKirk’s practice focuses on legal issues related to all aspects of the employment cycle, from hiring through termination and severance. Substantially experienced in both benefits and employment law, Kirk is well positioned to help clients respond to the opportunities, vulnerabilities and benefit ramifications of particular employment decisions. Kirk’s focus includes developing and maintaining effective compliance strategies related to defined benefit plans, defined contribution plans, executive compensation and more.  Preview Attorney's BiographyClients benefit from Elizabeth’s extensive experience with a variety of regulatory, cybersecurity compliance, and technology-specific privacy matters. A former chief privacy officer in Texas state government, she brings a unique and informed perspective to her practice.  Preview Attorney's BiographyEd serves as a trusted advisor and counselor to business clients in various stages of the dispute resolution process. Taking a creative and practical approach, he helps clients evaluate and manage risk, execute strategic initiatives, and resolve disputes. His strategic perspective extends beyond the dispute to his client’s overall goals and mission. He recognizes that his success is measured by his client’s ultimate success in the marketplace.  Preview Attorney's BiographyLee has substantial experience in insurance recovery, complex commercial litigation, product liability, and construction matters. He is well versed in all aspects of pre-trial litigation and has tried cases before state and federal courts. His appellate work is also noteworthy, including arguing before the U.S. Court of Appeals for the Seventh Circuit.
|
back to top |