Data Protection & Privacy

Data protection and privacy has become a major global concern. Businesses across the world are recognizing that data, including personal data, is a key asset of their business, and that failing to comply with privacy laws can cause huge reputational damage, as well as financial loss. But not every jurisdiction handles the gathering and use of personal information in the same way. In the United States, for example, privacy laws are generally aimed at restricting the use of sensitive health and financial information whereas Japan and the European Union include all other identifying information about individuals. EU law also has strict rules on both transferring personal data to regions outside of Europe and the access of such data from outside Europe. To comply with the varying national data protection laws it is important for companies to know just what types of information about employees, agents, customers and suppliers are covered; what justifications are available for collecting, using and transferring data; and the steps that must be taken to make that processing legal.

The trend towards increased privacy protection and enforcement means that companies having subsidiaries or affiliates in countries where data protection laws are in force need to be mindful of the impact of these laws when transferring data. Our lawyers are well-versed and highly experienced in dealing with data privacy issues in the United States, across Europe and around the globe. We regularly advise global clients on major cross-jurisdictional projects involving the transfer of data from countries across Europe to the United States and other countries outside Europe, enabling them to comply with the significantly differing requirements of the data protection regulators in each country. We also assist clients with their domestic law compliance and advise on all aspects of data protection in their dealings with their employees, customers, suppliers and other third parties. We also advise clients on the applicability of laws to their online services including the use of cookies and information to facilitate behavioral targeted advertising. In addition, we assist clients in drafting policies, procedures, agreements and other documents needed when using personal data within their organizations and via their websites.

We provide advice and assistance on a wide array of privacy matters ranging from full data protection compliance programs to specific advice including:

• US state and federal privacy laws, EU data protection directives, the laws of individual EU Member States, Japan’s Act on the Protection of Personal Information and privacy laws throughout the world;
• Advising on data protection registrations/notifications, the transfer of personal data outside the European Economic Area including Safe Harbor compliance, binding corporate rules and use of the EU model clauses;
• Data security and handling breaches;
• All aspects of privacy law as it affects employees;
• Dealing with requests from individuals for access to their data;
• Guidance on all aspects of monitoring and surveillance;
• Data protection implications of whistle-blowing schemes;
• Drafting agreements with third parties incorporating data protection and privacy issues;
• Drafting website privacy policies and advising on compliance with data protection rules when gathering customer data via websites;
• Data audits and strategic compliance advice;
• Transferring customer information and the use and sale of mailing lists.