Privacy & Data Security

In 2001, the University of California at Berkeley predicted that, between 2002 and 2005, the world would generate more data than all the data generated on earth during the previous 40,000 years. The explosion of data caused by advances in information technology has pushed privacy and data security issues to the forefront, with nearly every business now potentially impacted by new legislation and legal theories. The U.S. legal framework regarding privacy and data security issues is changing – from what was once an industry-specific, ad hoc approach – to a more generalized and comprehensive approach based largely on the principle of consumer protection. Understanding and managing this change requires access to, and advice from, a team of skilled lawyers with expertise in the various disciplines from which the current privacy and data security framework emerged.

The Troutman Sanders Privacy & Data Security Practice Team is a multi-disciplinary team of lawyers with special expertise and skill in the many fields that relate to, or raise special issues involving, privacy and data security. The Team includes more than 25 lawyers representing more than a dozen pertinent Practice Groups across five different offices. We work together to ensure that we stay abreast of the latest legal developments regarding privacy and data security.

Our legal representation and advice specific to privacy-related matters include:

  • Representation in connection with government and regulatory inquiries, investigations and enforcement actions (particularly by Insurance Commissioners, states attorneys general, and the Federal Trade Commission)
  • Compliance counseling regarding all federal and state privacy and information management laws and regulations, including but not limited to the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Fair and Accurate Credit Transactions Act, the Children’s Online Protection Act, the California Security Breach Information Act (and similar state statutes), the CANSPAM Act, the Health Insurance Portability and Accountability Act, and other state and federal laws and regulations
  • Compliance with international privacy laws, including the Canadian Personal Information Protection and Electronic Documents Act, the EU Data Protection Directive and the Directive on Privacy and Electronic Communications (as well as EU member state adoptions)
  • Advising on risk avoidance strategies
  • Developing and implementing privacy policies, information security policies, and document retention and destruction polices, as well as more comprehensive Information Management Programs, that are in accordance with controlling law, while recognizing client needs to collect and appropriately use personally identifiable information
  • Assistance with litigation and dispute resolution, crisis management strategies and response to consumer concern
  • Assessing and advising clients on current information management practices
  • Advising employers on workplace privacy issues (i.e., background screening, employee monitoring, and video surveillance)
  • Assisting clients in mergers and acquisitions in determining privacy and data security controls currently in place and assessing risk
  • Advising clients on compliance with Department of Homeland Security/FERC regulations regarding critical infrastructure information
  • Advising clients on “know your customer” rules and regulations under the USA Patriot Act and anti-money laundering statutes
  • Representing financial institutions against alleged wrongful reporting claims under the Fair Credit Reporting Act initiated by consumers who have been allegedly victimized by identity fraud
  • Advising clients in matters implicating the Communications Assistance for Law Enforcement Act
  • Legislative and regulatory advocacy in connection with proposed privacy and data protection statutes and regulations
  • Conducting privacy audits aimed at identifying privacy and data security concerns based on a formal assessment of the client’s current information management practices

Representative Engagements

  • Assisted one of the country’s largest wholesale residential mortgage lenders in complying with data breach notification laws in 16 states after client’s data security was compromised
  • Advised IT services subsidiary of one of the world’s largest telecommunications carriers in connection with multi-million dollar outsourcing project, including website privacy and data collection issues, compliance with European Union and Canadian privacy directives, and conformity with the Payment Card Industry (PCI) Data Security Standard
  • Advised multi-state consumer and mortgage loan company, in the wake of a data security breach, regarding its obligations in various states under data breach notification statutes
  • Assisted publicly-traded credit card services firm, as part of its nearly $140 million acquisition of an auto loan receivables portfolio, in determining applicability of, and compliance with, Gramm-Leach-Bliley
  • Advised multi-million dollar residential services firm regarding privacy and information security issues in connection with the launching of a new online retail store and the related development of a privacy policy, web site terms and conditions of use, and membership agreement for use on new retail website
  • Assisted Northeast-based consumer and mortgage loan company in determining applicability of FACTA affiliate sharing rules for marketing purposes and Gramm-Leach-Bliley information sharing rules
  • Advised large electric utility regarding the legal and regulatory requirements for data management, privacy and security as part of the development of a comprehensive Information Management Program by a “big four” consulting firm
  • Regularly represent two of the world’s largest consumer financial institutions in defense actions by consumers allegedly victimized by identity fraud and who allege wrongful reporting by our clients under the Fair Credit Reporting Act
  • Represented one of the world’s leading data brokers in regulatory proceedings before the state Insurance Commissioner and state Attorney General’s office, resulting from the client's reporting of the loss of personally identifiable information under the California Security Breach Information Act


Troutman Sanders is a proud sponsor of the 2007 Techbridge Digital Ball.
print

©Troutman Sanders LLP