Carlton Fields helps clients throughout the United States and abroad implement policies and procedures that comply with federal and state privacy laws (e.g., Gramm-Leach-Bliley, HIPAA), and the privacy and security standards used in various industries. We work to favorably resolve their issues in both judicial and administrative forums. Our privacy and security law clients range from national hospital chains to international associations of athletes.
Key matters
- Helped clients implement companywide privacy and security policies to ensure protection of sensitive data such as patient information
- Helped clients that have experienced data breaches due to theft (e.g., stolen laptops and servers) or accident (e.g., natural disasters, lost backup tapes)
- Defended clients being investigated by federal and/or state government agencies after complaints of privacy violations or data breaches (e.g., we help clients that are subject to the federal HIPAA privacy and security regulations respond to investigations by the U.S. Department of Health and Human Services’ Office for Civil Rights.)
- Counseled nationally known non-profit organization following theft of credit card transaction server that contained more than 60,000 names and credit card numbers of individuals from around the world; Project involved analyzing U.S. and foreign data breach notification laws. For states requiring notification, we prepared legal notices to place in statewide media outlets and identity theft FAQs to post on client's website. We also helped client comply with state self-reporting requirements, which mandated notification of state Attorneys General, Consumer Affairs Divisions, and credit reporting agencies as a result of the breach. Client also received risk assessment and management advice to reduce likelihood of future data breaches.