Moses & Singer LLP

Privacy

Webinar Replay: Summary of FTC Privacy Report

A business or organization that has personal information about its employees, customers, clients, patients or other individuals, which presumably every organization does, must take care to safeguard the privacy of that information. More than ever before, organizations that collect, process or store personally identifiable information, face regulation and potential liability under existing and emerging privacy laws, both in the US and abroad. Within the US, common law principles cut across industries and are being supplemented by an increasingly complex array of state and federal privacy legislation addressing such diverse areas as national security and money laundering; personal, medical and financial privacy; employment and civil rights protection; data security breaches; and the transborder exchange of electronic information.

The law of data protection and cybersecurity is in constant flux, and will continue to be so for years to come, as it is influenced and driven by rapid changes in technology that show no signs of slowing anytime soon. Where the law has not filled a void, a developing architecture of self-regulatory principles may apply to an industry, complicating an organization's compliance efforts. Outside the US, the law on privacy and data protection is vastly different from the US approach, and may affect a business' operations abroad, even if that business merely collects personal data via its website and has no physical presence in another jurisdiction. That is, in fact, the effect of the General Data Protection Regulation (GDPR) in the EU.

Cyber-intrusion presents a major challenge in today’s economy. Hackers, intruders, fraudsters and other malicious agents have developed highly sophisticated means of accessing such information for improper purposes. In the US and in other countries, the threat of cyber-intrusion and cyber-attack exposes companies to the risk of civil liability and sanctions under federal law and state data security breach notification laws. The risks, however, are not limited to such attacks, and derive also from other unauthorized access to or use of data, such as through human error or an employee's misunderstanding for the sensitivity of such data, as well as the loss of or compromise to the integrity of data, such as with a ransomware event or an IT system failure.

Moses & Singer's Privacy and Cybersecurity Group has extensive and in-depth experience not only with the existing laws that regulate the security of personal data, but as well with the industry norms and self-regulatory principles that establish the standards by which anyone who collects, processes or stores personal data should know and look for guidance in designing their practices around safeguarding such data. A proper understanding of the laws and these principles allows for an appropriate assessment of risks, and where apropos, suitable changes in the controls and procedures intended to avoid and mitigate unacceptable risk. An appreciation for these laws and principles also permits for an effective handling of matters in the event of a security breach and for remediation of resulting harm.

Our Privacy and Cybersecurity Group assists clients not only in addressing problems arising from the unauthorized access to or use of personal data, such as in a hacking event or lost computer, but also counsels clients in devising policies and procedures to limit such happenings and to reduce the time, effort and loss that may stem from those events. A significant part of our practice revolves around assisting clients with "privacy by design" in various stages of new product development and service offerings, spotting issues and proposing options for legal compliance and to avoid potential risk, before the initiative has gone down one path or another.

The Privacy and Cybersecurity Group also has the benefit of the expertise of transactional and litigation attorneys who represent a spectrum of businesses across industry sectors, including major corporate entities, new media companies, financial institutions, healthcare providers, health plans, ad-tech companies, tech providers, consumer products companies, retailers, real estate managers, manufacturers, consultants, computing and Internet providers, and content providers, to name a few. The firm performs compliance audits and privacy assessments, structures corporate transactions, and drafts commercial agreements to protect clients. When needed, the firm represents clients in related claims, disputes, litigation and enforcement actions. Our attorneys are well-versed in all areas of privacy, data protection and cybersecurity, and claim the honor of publishing the first legal treatise the area of Privacy Law.

We help clients manage risks by negotiating appropriate cybersecurity provisions in application, development, technology transfer, licensing, and other agreements, and we assist clients with the issues that arise in considering E&O and cybersecurity insurance. Our Privacy and Cybersecurity Group develops data breach response plans and other IT-related policies to satisfy state, federal and international laws and regulations, as well as to comply with contractual data security obligations that may be requested by a company's clients. In the event of a data breach, our firm negotiates and, if necessary, litigates issues arising from cyber-attacks and intrusions with governmental authorities, individuals and other corporate entities.

Moses & Singer’s Privacy and Cybersecurity attorneys practice in the following areas:

For more information please contact us.

Prior results do not guarantee a similar outcome.

Related Events

Related Publications

Overview

Webinar Replay: Summary of FTC Privacy Report

A business or organization that has personal information about its employees, customers, clients, patients or other individuals, which presumably every organization does, must take care to safeguard the privacy of that information. More than ever before, organizations that collect, process or store personally identifiable information, face regulation and potential liability under existing and emerging privacy laws, both in the US and abroad. Within the US, common law principles cut across industries and are being supplemented by an increasingly complex array of state and federal privacy legislation addressing such diverse areas as national security and money laundering; personal, medical and financial privacy; employment and civil rights protection; data security breaches; and the transborder exchange of electronic information.

The law of data protection and cybersecurity is in constant flux, and will continue to be so for years to come, as it is influenced and driven by rapid changes in technology that show no signs of slowing anytime soon. Where the law has not filled a void, a developing architecture of self-regulatory principles may apply to an industry, complicating an organization's compliance efforts. Outside the US, the law on privacy and data protection is vastly different from the US approach, and may affect a business' operations abroad, even if that business merely collects personal data via its website and has no physical presence in another jurisdiction. That is, in fact, the effect of the General Data Protection Regulation (GDPR) in the EU.

Cyber-intrusion presents a major challenge in today’s economy. Hackers, intruders, fraudsters and other malicious agents have developed highly sophisticated means of accessing such information for improper purposes. In the US and in other countries, the threat of cyber-intrusion and cyber-attack exposes companies to the risk of civil liability and sanctions under federal law and state data security breach notification laws. The risks, however, are not limited to such attacks, and derive also from other unauthorized access to or use of data, such as through human error or an employee's misunderstanding for the sensitivity of such data, as well as the loss of or compromise to the integrity of data, such as with a ransomware event or an IT system failure.

Moses & Singer's Privacy and Cybersecurity Group has extensive and in-depth experience not only with the existing laws that regulate the security of personal data, but as well with the industry norms and self-regulatory principles that establish the standards by which anyone who collects, processes or stores personal data should know and look for guidance in designing their practices around safeguarding such data. A proper understanding of the laws and these principles allows for an appropriate assessment of risks, and where apropos, suitable changes in the controls and procedures intended to avoid and mitigate unacceptable risk. An appreciation for these laws and principles also permits for an effective handling of matters in the event of a security breach and for remediation of resulting harm.

Our Privacy and Cybersecurity Group assists clients not only in addressing problems arising from the unauthorized access to or use of personal data, such as in a hacking event or lost computer, but also counsels clients in devising policies and procedures to limit such happenings and to reduce the time, effort and loss that may stem from those events. A significant part of our practice revolves around assisting clients with "privacy by design" in various stages of new product development and service offerings, spotting issues and proposing options for legal compliance and to avoid potential risk, before the initiative has gone down one path or another.

The Privacy and Cybersecurity Group also has the benefit of the expertise of transactional and litigation attorneys who represent a spectrum of businesses across industry sectors, including major corporate entities, new media companies, financial institutions, healthcare providers, health plans, ad-tech companies, tech providers, consumer products companies, retailers, real estate managers, manufacturers, consultants, computing and Internet providers, and content providers, to name a few. The firm performs compliance audits and privacy assessments, structures corporate transactions, and drafts commercial agreements to protect clients. When needed, the firm represents clients in related claims, disputes, litigation and enforcement actions. Our attorneys are well-versed in all areas of privacy, data protection and cybersecurity, and claim the honor of publishing the first legal treatise the area of Privacy Law.

We help clients manage risks by negotiating appropriate cybersecurity provisions in application, development, technology transfer, licensing, and other agreements, and we assist clients with the issues that arise in considering E&O and cybersecurity insurance. Our Privacy and Cybersecurity Group develops data breach response plans and other IT-related policies to satisfy state, federal and international laws and regulations, as well as to comply with contractual data security obligations that may be requested by a company's clients. In the event of a data breach, our firm negotiates and, if necessary, litigates issues arising from cyber-attacks and intrusions with governmental authorities, individuals and other corporate entities.

Moses & Singer’s Privacy and Cybersecurity attorneys practice in the following areas:

Ensuring Privacy in Healthcare & Complying With HIPAA

Moses & Singer is at the forefront of medical records privacy law. We advise large healthcare entities, including providers, insurers, hospitals and academic medical centers on state and Federal privacy laws related to the provision of healthcare, research (including human-subject research), and the complex privacy issues that insurers and employers face with regard to sensitive information held by them.

We are nationally recognized for our focus on HIPAA Privacy Rules, having written and lectured extensively on all facets of the law. We have advised and assisted our clients in performing audits of their privacy practices and the development and implementation of their HIPAA Privacy Rule compliance plans. In addition, we have drafted a complete set of the HIPAA Privacy Rule-compliant policies and procedures that are used by entities across the nation.

We provide assistance on all elements of the Federal and state privacy laws, including issues related to drafting and customizing HIPAA Privacy Rule compliant policies and procedures.  This includes:

  • Identifying a client's "business associates" and negotiating business associate agreements; drafting required authorization forms
  • The interaction between the HIPAA Privacy Rule and other Federal laws including the Gramm-Leach-Bliley Act, the Family Educational Rights and Privacy Act (FERPA) and Federal law regarding the protection of human research subjects
  • State privacy laws and preemption issues regarding state law versus the HIPAA Privacy Rule.

Privacy Guidelines for Financial Institutions

Moses & Singer advises U.S. and international financial institutions, securities firms, credit card issuers and other organizations on issues relating to the privacy of customer information. We advise clients on the laws relevant to all aspects of the collection and dissemination of identifiable information regarding individuals, including Gramm-Leach-Bliley, the Fair Credit Reporting Act and the Fair Credit Reporting Reform Act. Banking transactions as well as the storage and exchange of financial information are occurring electronically on a much more frequent basis. Moses & Singer assists its clients engaged in storing and exchanging data electronically across borders in navigating European Union privacy directives.

Privacy Practices in the Workplace

We counsel clients on privacy issues in the workplace, such as:

  • The right of employees to access personnel files
  • Eavesdropping and surveillance issues
  • Privacy issues related to hiring and termination
  • Personal intrusion issues such as drug testing, voice print testing, and polygraph testing.

We advise clients regarding emerging employment privacy issues such as the rights of employees to privacy with respect to their activities outside of the workplace and the rights of employers to monitor such off-duty activities.

Protecting Commercial Transactions

Moses & Singer represents its public, private, and not-for-profit clients on a variety of privacy issues, such as protection of commercial information and trade secrets, managing their legal exposure in the privacy area and protecting client privacy and reputational interests in bankruptcy proceedings and other litigation.

Asserting Rights Over Intellectual Property & Publicity in Traditional & New Media

We represent clients on a variety of privacy concerns that arise in the entertainment, advertising and intellectual property contexts. For example, Moses & Singer attorneys advise individual clients on how to protect their right of publicity and institutional clients on how to avoid right of publicity violations. Attorneys in this practice group also keep their clients current on new laws upon which privacy concerns have had an effect, such as the Digital Millennium Copyright Act and the associated protections available to individuals when faced with technology that collects personal information.

Moses & Singer has a national reputation as a leader in privacy issues unique to the internet and new media ventures. We are frequently called upon to counsel clients in developing, implementing and managing privacy policies and protocols that serve their needs while taking into account their customers' desire to control what is done with their personal information. We advise clients on existing and pending legislation that could impact upon their business practices, such as the Children's Online Privacy Protection Act (COPPA) as well as the FTC's enforcement activities regarding adherence by companies to their own privacy policies.

Understanding the Impact of International Privacy Laws

We assist clients who conduct business internationally with complicated cross-border privacy issues. These issues arise under the European Union's Data Protection Directive, and its Safe Harbor provisions. For companies in certain industries to which the Safe Harbor is not available, such as financial institutions and telecommunications companies, Moses & Singer attorneys draw on their expertise to provide solutions that comply with the EU directive.

Complying with Anti-Money Laundering Laws & the USA Patriot Act

Congress passed the USA Patriot Act in response to the terrorist attacks of September 11th, 2001. The Act gives the Secretary of the Treasury broad powers to combat corruption of financial institutions for money laundering purposes, particularly with respect to activities involving foreign entities and individuals. Moses & Singer advised financial institutions on their compliance obligations under the Act, including obligations to file "Suspicious Activity Reports," and implementing new customer identification standards in order to verify the identity of foreign customers. We can assist clients in establishing and maintaining required anti-money laundering programs, including the drafting of policies and procedures, the identification of a compliance officer, employee training, and the development of independent audits in order to test the institution's compliance efforts.

For more information please contact us.

Prior results do not guarantee a similar outcome.

 

© 2017 Moses & Singer LLP. All Rights Reserved.