Privacy and Identity Theft Issues
McDermott clients are increasingly responsible for huge volumes of confidential personally identifiable information. In view of the almost daily reports of private information being pilfered and increasing government regulations, it is essential that businesses seek to protect themselves from economic loss, bad publicity and future actions. Our lawyers understand the applicable laws and regulations such as HIPAA, the Gramm-Leach-Bliley safeguard rules, the EU Directives and corresponding national and state laws. Using the skills of our legislative group we also closely monitor pending legislation. Our lawyers keep close watch on the reported breaches of data security, corresponding law suits and U.S. Federal Trade Commission investigations. The following are examples of the type of work McDermott’s lawyers have done on behalf of those clients concerned about the privacy and security of data.
- For a first-tier multinational consultant, we advised them about the various national laws governing the consultant’s processing of employee data and personal data gathered about clients and alumni. We counseled the consultant about seeking safe-harbor under the U.S. laws as well as examined their data handling practices in the European Union.
- For many consumer-oriented businesses we have interpreted the scope of the Gramm-Leach Bliley Act and advised on compliance programs.
- For a financial institution, we advised about its remediation duties when personal financial data had been stolen.
- For several clients we have surveyed the state and federal laws governing the use of driver’s license information, social security numbers, as well as surveyed the general obligations with respect to maintaining the privacy of personally identifiable information and respective duties to remediate.
- For two online payment services we have counseled about the use of personally identifiable information.
- We offer a full-range of HIPAA products and documentation to those clients who need to comply with those health record-related regulations.
- For various clients we have advised about the general application of the Data Protection Act 1998, the EC Directive 95/46/EC and various related legislation, for example the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Freedom of Information Act 2000. We have advised about the establishment of data protection policies and regimes designed to comply with these laws.
- For various clients we have advised about the data protection and privacy aspects of various corporate and commercial transactions including in respect of data protection related warranties and indemnities and the establishment and management of data protection policies in the context of due diligence and disclosure exercises.
- For internet-based companies we have advised about data protection and privacy issues unique to online data collection, processing and transactions.
- On behalf of various clients we have advised about the data protection and privacy aspects of direct marketing activities.
- For multinationals we have drafted model contractual clauses and intra-group data protection governing the international transfer of data.
- For several of our life sciences clients we have conducted multijurisdictional reviews of data protection legislation in relation to clinical trials conducted in various EU Member States. In addition we have drafted IT outsourcing arrangements which required particular attention to Part 11 compliance with FDA regulations.
- We have advised about the data protection aspects of applications for EU marketing authorizations for medicinal products for human use.
- We have worked with security officers in drafting security policies.
- We have assessed the privileged status of security and privacy audits and counseled clients on ways to optimize the enforceability of the privilege.
Contacts
- Melise R. Blakeslee
+1 202 756 8362
Send E-mail
