To succeed in today’s business world, it is critical that companies strategically prioritize digital assets, navigate an ever-expanding web of nuanced privacy rules, and protect confidential information from the onslaught of malicious cyberattacks, breaches, and other threats.
Blank Rome’s national team of experienced privacy, security & data protection attorneys have spent decades at the cutting edge of technology helping clients navigate the patchwork of data privacy laws and myriad of issues posed by digital technologies, IT, outsourcing, marketing, and data rights transactions in a variety of sectors from healthcare, pharmaceutical, and medical devices to the e-commerce, consumer goods, financial services, and FinTech industries.
Our multidisciplinary team of leading cybersecurity and data privacy professionals advises clients on the potential consequences of cybersecurity threats and how to implement comprehensive measures for mitigating cyber risks, prepares customized strategy and action plans, and provides ongoing support and maintenance to promote cybersecurity awareness.
We not only know the law, we know the businesses and industries in which our clients operate. This helps us understand and achieve their business objectives by taking a holistic approach that seamlessly integrates the firm’s comprehensive services in corporate, intellectual property and technology, maritime, aviation, healthcare and life sciences, insurance recovery, government contracts, and litigation.
What Sets Us Apart
Our privacy, security & data protection team understands business and technology. We draw on a bench of attorneys with significant experience in a variety of industries who understand the challenges faced by our clients. We are able to assist clients to structure and execute strategies that solve problems, seize opportunities, and achieve business goals while addressing data privacy and security compliance issues. We anticipate trends to structure business deals and position innovative products to best position our clients in the market amidst a challenging regulatory landscape.
Members of our privacy, security & data protection team are certified as information privacy professionals in the United States and Europe by the International Association of Privacy Professionals (“IAPP”).
How We Can Help
- Draft and negotiate complex technology and cloud transactions, data licensing, and strategic IT commercial agreements and develop vendor management policies and playbooks.
- Develop, draft, and implement privacy, security, and data protection agreements, policies, and “best practices.”
- Administer internal compliance and risk assessments.
- Evaluate and enhance cyberinsurance policies and respond to attempts by insurers to deny coverage for cyber losses.
- Handle data breach response and litigation.
- Assist government contractors in protecting Unclassified Controlled Technical Information (“UCTI”), Covered Defense Information (“CDI”), export-controlled information, and trade secrets.
- Provide breach and security incident response coaching to assist in mitigating cyber risk.
- Advise companies on administrative and regulatory audits and handle governmental agency inquiries and investigations.
- Advise companies on data governance and privacy regulations in connection with product launches.
- Advise on privacy, security, data management, and online advertising issues.
- Advise clients on data privacy and security risks in mergers and acquisitions.
- Assist with leveraging and protecting the value of data in e-commerce arrangements, strategic alliances, and joint ventures.
- Develop privacy statements and advise on privacy issues relating to behavioral and targeted advertising.
- Prepare online and in-person training modules.
- Prosecute and analyze patents that relate to data privacy and cybersecurity systems.
We assist clients to inventory data collection and use practices, identify relevant legal frameworks, and ascertain and remediate gaps in compliance to develop data-centric compliance programs that anticipate regulatory enforcement and litigation issues and are consistent with business needs. The privacy, security & data protection team counsels clients on compliance with state, federal, and international laws and regulations, as well as pending legislation, related to data governance and personally identifiable information, including:
- Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information Technology for Economic and Clinical Health Act (“HITECH”)
- State laws governing use and disclosure of personal health information
- Gramm-Leach-Bliley Act (“GLBA”)
- California Consumer Privacy Act of 2018 (“CCPA”)
- Virginia Consumer Data Protection Act (“VCDPA”)
- EU General Data Protection Regulation (“EU GDPR”)
- EU Privacy and Electronic Communications Directive (“ePrivacy Directive”)
- Illinois Biometric Information Privacy Act (“BIPA”) and other state laws governing the collection and use of biometric information
- CAN-SPAM Act of 2003 (“CAN-SPAM”)
- Children’s Online Privacy Protection Act (“COPPA”)
- Federal Trade Commission Act (“FTC”)
- Fair Debt Collection Act (“FDCA”)
- The Common Rule
- Fair Credit Reporting Act (“FCRA”) and Fair and Accurate Credit Transactions Act (“FACTA”)
- Drivers Privacy Protection Act (“DPPA”)
- Video Privacy Protection Act (“VPPA”)
- Telephone Consumer Protection Act (“TCPA”)
- Family Educational Rights and Privacy Act (“FERPA”)
- Electronic Communications Privacy Act (“ECPA”), Stored Communications Act (“SCA” and state recording laws