Data Security and Privacy

Carlton Fields is uniquely positioned to provide compliance assistance regarding the privacy and security of individually identifiable data. Our attorneys are very knowledgeable regarding federal and state privacy laws (e.g., Gramm-Leach-Bliley, HIPAA), as well as the privacy and security standards used in various industries. We help clients implement policies and procedures that comply with the requirements of state and federal privacy and/or security laws. For example, our attorneys have assisted clients with the implementation of company-wide privacy and security policies concerning the protection of sensitive data such as patient information.

Carlton Fields attorneys assist clients that have experienced a data breach due to a theft (e.g., stolen laptops and servers) or an accident (e.g., natural disasters, lost backup tapes). Importantly, the majority of the laws in this area have strict response times, so once a data breach has occurred an organization must respond promptly. Our clients’ reputations are very important to us. We work diligently with clients who have suffered a data loss to respond promptly, appropriately and in a manner that protects the client.

For example, our attorneys recently provided counsel to a nationally recognized non-profit organization following the theft of a credit card transaction server containing more than 60,000 names and credit card numbers of individuals from around the world. The project involved the analysis of data breach notification laws throughout the United States, as well as similar laws in other countries. For those states in which notification was required, our attorneys prepared legal notices to be placed in statewide media outlets and prepared identify theft "Frequently Asked Questions" to post on the client's website. We also helped the client comply with state self-reporting requirements, which require companies who have experienced a data breach to notify state Attorneys General, Consumer Affairs Divisions and credit reporting agencies. The client also received risk assessment and management advice in an effort to reduce the likelihood of future data breaches.

We also have significant experience defending clients under investigation by federal and/or state government agencies following complaints of a privacy violation or data breach. For example, we have assisted clients subject to the federal HIPAA privacy and security regulations respond to investigation by the U.S. Department of Health and Human Services’ Office for Civil Rights.

Our attorneys provide advice throughout the United States and abroad. We work to resolve issues in a manner favorable to our clients in both judicial and administrative forums. Carlton Fields' lawyers are some of the most experienced and well recognized privacy and security law attorneys in the nation. We frequently speak and write regarding data privacy and security law, and our privacy and security law clients range from national hospital chains to international associations of athletes. We can assist you and your company with your privacy and security law needs.



© Copyright 2010 by Carlton Fields