Capabilities

Privacy and Data Security

Arnold & Porter LLP's Privacy and Data Security practice assists businesses in a wide range of industries, from e-commerce start-ups to global FORTUNE 100 companies, in the increasingly challenging task of protecting data consistent with applicable law. We provide data protection counsel to technology and business leaders in connection with the development and use of emerging technology platforms; to clients in the financial services and health industries; and to others involved e-commerce, software development and deployment, telecommunications, government contracting, and a host of other activities. We work closely with our colleagues in the Firm's Legislative and Public Policy practice group to ensure our clients are informed of and can appropriately anticipate and respond to developments in privacy legislation and regulation. 

Our team advises clients on permissible uses and disclosures of personal data for purposes of online marketing, including behavioral advertising through the use of cookies and other tracking technologies, text messaging, and telemarketing under the Telephone Consumer Protection Act (TCPA) and applicable state law, and mobile applications.  For mobile applications and website operators, we assist in drafting online pertinent privacy policies and terms of use, taking into account the requirements of laws such as the Children's Online Privacy Protection Act (COPPA), the California Online Privacy Protection Act, and non-US laws for global-facing websites and online applications. In the healthcare space, we advise clients on medical data, privacy, and security requirements and best practices, including under the Health Insurance Portability and Accountability Act (HIPAA), the federal Human Subjects Protection Regulations, and state law governing healthcare providers, insurers, researchers, marketers, and others collecting, using and disclosing personal health information.

In a wide variety of contexts, we represent financial institutions and their business partners with respect to financial information privacy and security, including matters under the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act (FACTA), the Payment Card Industry Data Security Standards, and state laws regulating the protection of personal financial information. We regularly assist clients in negotiating agreements that will adequately provide for such protection by service providers and other third parties.

We also advise US companies on compliance with the EU Data Protection Directive, including assisting with enrolling in and complying with the US-EU Safe Harbor administered by the Department of Commerce.

In the data security space, we assist clients in all aspects of their data protection activities, including developing and implementing appropriate cybersecurity standards, drafting data security incident plans, responding to data security breaches by providing necessary notifications, and providing representation in the event of ensuing litigation. For those clients involved in national security-related activities, we assist in matters involving cyber operations, security clearances, and the corresponding security functions of other US government departments and agencies, as well as the interaction of law enforcement, national security, and homeland security legal authorities and processes with emerging technologies and with privacy laws, policies, and norms. Our team has extensive experience both in private practice and in senior government policymaking, legal compliance, prosecutorial, and criminal defense positions. This includes experience in the US Congress (Ranking Member, House Committee on Homeland Security); Legal Adviser at the Department of State under Secretary of State Condoleezza Rice; General Counsel for the Central Intelligence Agency; General Counsel of the US Army and US Air Force; a former Counselor to the Attorney General for National Security; Associate Deputy Attorney General and Director of the Executive Office for National Security at the US Department of Justice; General Counsel for the National Security Agency; Chief of Major Crimes and Computer Hacking/Intellectual Property Unit at the US Attorney's Office in the Southern District of New York, Associate Chief Counsel for Drugs, General Counsel for Litigation, and Associate Chief Counsel for Enforcement (Office of Chief Counsel) for the US Food and Drug Administration; Chief of Common Carrier Bureau for the Federal Communications Commission; Chief Counsel for the National Telecommunications and Information Administration; and the DC Public Defender Service.

Recognition

Named one of Cybersecurity Docket's "Incident Response 30"
Chambers Global: The World's Leading Lawyers for Business 2010-2016 for Privacy & Data Security
The Legal 500 US 2014-2015 for Technology: Data Protection and Privacy
More
Overview

Email Disclaimer