Privacy and Data Protection

Related Information

• Attorneys & Professionals
• Publications

Related Services

• Business and Finance
• Commercial Litigation
• Construction
• Employee Benefits and Compensation
• Financial Services Litigation
• Government Relations
• Health Care
• Immigration
• Intellectual Property and Technology
• Intellectual Property and Technology Litigation
• International
• Labor and Employment

Our Practice

The attorneys at Snell & Wilmer recognize that privacy and data protection is critical to the successful operation and reputation of all businesses. Numerous Federal, State and foreign laws and regulations govern disclosure and access to confidential and personally identifiable information (PII), including financial, personnel, payroll, tax and customer records. These laws and regulations often define what information is considered private, how long the information must be retained, under what conditions the information may be disclosed, provisions required for collection of PII and notification procedures to government authorities and consumers in the event of a data breach.

The unauthorized disclosure of confidential and PII, whether through a data breach or inadvertent disclosure, can expose a business to substantial risks that need to be managed carefully. Responding to a data breach is not only very costly, but requires adherence to numerous laws that impose reporting obligations both to consumers and regulatory authorities. Businesses may face serious legal consequences for failure to adhere to these obligations, including criminal liability and substantial fines. Given the serious consequences of a data breach, businesses should carefully consider the design and implementation of data protection plans that adhere to best practices and legal requirements.  

Our Experience

Our attorneys have a long history of representing a wide variety of clients in matters involving the preservation of confidential information and data in numerous industries, including financial services, health care, education, media operations, retail, Internet enterprises and other businesses. Our experience includes advising clients regarding establishment and implementation of data privacy plans, compliance with laws and regulations governing notification to consumers and government authorities, development of Internet privacy policies, consultation and litigation regarding data breaches and numerous other privacy matters.  

Experience with Relevant Regulations, Acts and Business Practices:

• Americans with Disabilities Act (ADA)
• Background Checks
• Breach of Information (or data security breach)
• CAN-SPAM Act
• Children's Online Privacy Protection Act (COPPA)
• Cloud Computing
• Computer Fraud and Abuse Act (CFAA)
• Corporate Espionage Digital Millennium Copyright Act (DMCA)
• Data Privacy Review/Audit/Analysis
• Data Transfer (due diligence)
• Digital Millennium Copyright Act (DMCA)
• Dodd-Frank Wall Street Reform and Consumer Protection Act
• Drug Testing
• Electronic Communications Privacy Act (ECPA)
• EU Data Protection and Telecommunications Privacy Directives -- (European Union Directive on Data Protection)
• Fair and Accurate Credit Transactions Act (FACTA)
• Fair Credit Reporting Act (FCRA)
• Fair Debt Collections Practices Act (FDCPA)
• Family Educational Rights and Privacy Act (FERPA)
• Family Medical Leave Act (FMLA)
• Federal Identity Theft Assumption and Deterrence Act (ITADA)
• Freedom of Information Act (FOIA)
• Genetic Information Nondiscrimination Act (GINA)
• Geolocational/Electronic Monitoring
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPPA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• Immigration
• Information Security Systems Association (ISSA)
• Internal Investigations
• Internet Infringer Tracking and Identification
• Occupational Safety and Health Administration (OSHA)
• Lie Detector Testing
• Mine Safety and Health Administration
• Payment Card Industry Data Security Standard (PCI DSS)
• Privacy Act
• Privacy Policies Review
• Red Flag Rules
• Restore Online Shoppers' Confidence Act (ROSC)
• Satellite Home Viewer Extension Act (SHVERA)
• SEC Reporting Obligations in the Event of Data Breach or Compromise
• Security Breach and Notification Acts, including California Security Breach Notice provisions (and other state acts)
• Social Media
• Telephone Consumer Protection Act (TCPA)
• US-EU Safe Harbor Privacy Framework
• USA Patriot Act
• Vendor Contracts
• Website Hosting Agreements
• Website Terms and Conditions of Use and Privacy Policies
• Zip Code Disclosures 

• Responding to and managing security incidents and breach notification including mitigation, interfacing with regulators and litigation. 
• Data protection issues related to marketing initiatives, advertising and e-commerce.
• Development and implementation of comprehensive data privacy and protection policies and programs, including Internet privacy policies and user terms of use.
• Government and internal investigations regarding privacy and data security breach issues.
• Interfacing with the FTC or FCC regarding privacy and data security issues with respect to online marketing and privacy.
• Data privacy in mergers and acquisitions, data licensing and data purchase transactions.
• Privacy in the workplace, including development of customized policies and training programs and conducting workplace investigations.
• Assessing compliance with data privacy and protection laws and completing onsite audits.  
• Privacy matters arising from mergers and acquisitions, employment and HR administration, IT systems, website development, joint ventures, co-branding deals and bankruptcy or reorganization problems.  

Our privacy group is comprised by attorneys from practices including: 

• Business and Finance
• Banking and Financial Institutions
• Commercial Litigation
• Construction
• Employee Benefits
• Government Relations
• Health Care
• Immigration
• International
• Intellectual Property
• Labor and Employment
• Litigation