Privacy and Data Security
Arnold & Porter's Privacy and Data Security practice assists businesses in a wide range of industries, from e-commerce start-ups to global FORTUNE 100 companies, in the increasingly challenging task of protecting data consistent with applicable law. We provide data protection counsel to technology and business leaders in connection with the development and use of emerging technology platforms; to clients in the financial services and health industries; and to others involved e-commerce, software development and deployment, telecommunications, government contracting, and a host of other activities. We work closely with our colleagues in the firm's Legislative and Public Policy practice group to ensure our clients are informed of and can appropriately anticipate and respond to developments in privacy legislation and regulation.
In a wide variety of contexts, we represent financial institutions and their business partners with respect to financial information privacy and security, including matters under the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Fair and Accurate Credit Transactions Act (FACTA), the Payment Card Industry Data Security Standards, and state laws regulating the protection of personal financial information. We regularly assist clients in negotiating agreements that will adequately provide for such protection by service providers and other third parties.
We advise various companies on privacy and data protection matters arising from the EU framework under the General Data Protection Regulation (GDPR) and the interpretation of its requirements by EU Member States. We also advise US companies on compliance with the EU Regulation, including assisting with enrolling in and complying with the US-EU Privacy Shield administered by the Department of Commerce.
In the data security space, we assist clients in all aspects of their data protection activities, including developing and implementing appropriate cybersecurity standards, drafting data security incident plans, responding to data security breaches by providing necessary notifications, and providing representation in the event of ensuing litigation. For those clients involved in national security-related activities, we assist in matters involving cyber operations, security clearances, and the corresponding security functions of other US government departments and agencies, as well as the interaction of law enforcement, national security, and homeland security legal authorities and processes with emerging technologies and with privacy laws, policies, and norms. Our team has extensive experience both in private practice and in senior government policymaking, legal compliance, prosecutorial, and criminal defense positions. This includes experience as Legal Adviser at the Department of State under Secretary of State Condoleezza Rice; General Counsel for the Central Intelligence Agency; General Counsel of the US Army and US Air Force; a former Counselor to the Attorney General for National Security; Associate Deputy Attorney General and Director of the Executive Office for National Security at the US Department of Justice; General Counsel for the National Security Agency; Chief of Major Crimes and Computer Hacking/Intellectual Property Unit at the US Attorney's Office in the Southern District of New York, Associate Chief Counsel for Drugs, General Counsel for Litigation, and Associate Chief Counsel for Enforcement (Office of Chief Counsel) for the US Food and Drug Administration; Chief Counsel for the National Telecommunications and Information Administration; and the DC Public Defender Service.