McDermott’s leading employer data privacy practice provides sophisticated advice to domestic and international employers and vendors on a wide spectrum of employee data privacy matters, including employee data protection policies, the international transfer of employee data and employee data subject access rights. We work closely with operational data privacy officers, helping them establish and maintain effective relationships and communications with data privacy authorities in relevant jurisdictions worldwide.
We have particular experience in the regulation of employee benefit plans, including requirements for the protection of the privacy and security of Social Security Numbers and other employee personal information. We also provide timely, effective counsel in response to cyberattacks and other security breaches affecting employee personal information.
McDermott routinely advises on the following:
International inter- and multi-company agreements to collect, transfer and use employee data (including model clauses and binding corporate rules)
Ramifications for employee data transfer of the new EU/US Privacy Shield
Organizational compliance requirements in relation to the impending EU
General Data Protection Regulation
Potential implications of the UK “Brexit” on employee data privacy practices (including international data transfers)
Separation, where required, of employee data on group servers
Individual contract terms regarding the collection and processing of the personal data of executives and other employees
Employee data privacy policies
Data privacy implications of the implementation of global whistleblowing hotlines (including obligations arising for certain organizations under the US Sarbanes-Oxley Act
Responses to employee data subject access requests
Defended a claim by an employee against an employer concerning personal data usage and storage information
Negotiated suitable data processor terms in contracts with vendors (such as payroll and benefits providers) that handle employee data