Privacy & Cybersecurity

A business or organization that has personal information about its employees, customers, clients, patients or other individuals, which presumably every organization does, must take care to safeguard the privacy of that information. More than ever before, organizations that collect, process or store personally identifiable information, face regulation and potential liability under existing and emerging privacy laws, both in the US and abroad. Within the US, common law principles cut across industries and are being supplemented by an increasingly complex array of state and federal privacy legislation addressing such diverse areas as national security and money laundering; personal, healthcare and financial privacy; employment and civil rights protection; data security breaches; and the transborder exchange of electronic information.

The law of data protection and cybersecurity is in constant flux, and will continue to be so for years to come, as it is influenced and driven by rapid changes in technology that show no signs of slowing.  Where the law has not filled a void, a developing architecture of self-regulatory principles may apply to an industry, complicating an organization's compliance efforts. Outside the US, the law on privacy and data protection is vastly different from the US approach, and may affect a business' operations abroad, even if that business merely collects personal data via its website and has no physical presence in another jurisdiction, an effect of the European Union’s General Data Protection Regulation (“GDPR”).

Cyber-intrusion presents a major challenge in today’s economy. Hackers, intruders, fraudsters and other malicious agents have developed highly sophisticated means of accessing such information for improper purposes. In the US and in other countries, the threat of cyber-intrusion and cyber-attack exposes companies to the risk of civil liability and sanctions under federal law and state data security breach notification laws. The risks, however, are not limited to such attacks, and also include other unauthorized access to or use of data, such as through human error or an employee's misunderstanding for the sensitivity of such data, as well as the loss of or compromise to the integrity of data, such as with a ransomware event or an IT system failure.

Moses & Singer's Privacy & Cybersecurity Group has extensive and in-depth experience not only with the existing laws that regulate the security of personal data, but also with the industry norms and self-regulatory principles that establish the standards by which anyone who collects, processes or stores personal data should know and look for guidance in designing their practices around safeguarding such data. A proper understanding of the laws and these principles allows for an appropriate assessment of risks, and where appropriate, suitable changes in the controls and procedures intended to avoid and mitigate unacceptable risk. An appreciation for these laws and principles also permits for an effective handling of matters in the event of a security breach and for remediation of resulting harm.

Our Privacy & Cybersecurity Group assists clients not only in addressing problems arising from the unauthorized access to or use of personal data, such as due to a hacking event or lost computer, but also counsels clients in devising policies and procedures to limit such happenings and to reduce the time, effort and loss that may stem from those events. A significant part of our practice revolves around assisting clients with "privacy by design" in various stages of new product development and service offerings, spotting issues and proposing options for legal compliance and to avoid potential risk, before the initiative has gone down one path or another.

The Privacy & Cybersecurity Group also has the benefit of the expertise of regulatory, transactional and litigation attorneys who represent a spectrum of businesses across industry sectors, including major corporate entities, new media companies, financial institutions, healthcare providers, health plans, ad-tech companies, tech providers, consumer products companies, retailers, real estate managers, manufacturers, consultants, computing and Internet providers, and content providers, to name a few. The firm performs compliance reviews and privacy assessments, structures corporate transactions, and drafts commercial agreements to protect clients. When needed, the firm represents clients in related claims, disputes, litigation and enforcement actions. Our attorneys are well-versed in all areas of privacy, data protection and cybersecurity, and claim the honor of publishing the first legal treatise in the area of Privacy Law.

We help clients manage risks by negotiating appropriate cybersecurity provisions in application, development, technology transfer, licensing, and other agreements, and we assist clients with the issues that arise in considering E&O and cybersecurity insurance. Our Privacy & Cybersecurity Group develops data breach response plans and other IT-related policies to satisfy state, federal and international laws and regulations, as well as to comply with contractual data security obligations that may be requested by a company's clients. In the event of a data breach, our firm negotiates and, if necessary, litigates issues arising from cyber-attacks and intrusions with governmental authorities, individuals and other corporate entities.

Moses & Singer’s Privacy & Cybersecurity attorneys practice in the following areas:

Ensuring Privacy in Healthcare

Moses & Singer is at the forefront of healthcare privacy law. We advise large and small healthcare entities, including providers, insurers, hospitals and academic medical centers, biotech and health tech companies and pharmaceutical companies on state and Federal privacy laws related to the provision of healthcare, research (including human-subject research), and the complex privacy issues healthcare entities face with regard to sensitive information held by them.

We are nationally recognized for our focus on HIPAA Privacy Rules and genetic privacy, having written and lectured extensively on these issues. We have advised and assisted our clients in performing assessments of their privacy practices and the development and implementation of privacy policies. In addition, we have drafted a complete set of the HIPAA Privacy Rule-compliant policies and procedures that are used by entities across the nation.

Privacy Guidelines for Financial Institutions

Moses & Singer advises U.S. and international financial institutions, securities firms, credit card issuers and other organizations on issues relating to the privacy of customer information. We advise clients on the laws relevant to all aspects of the collection and dissemination of identifiable information regarding individuals, including Gramm-Leach-Bliley, the Fair Credit Reporting Act and the Fair Credit Reporting Reform Act. Banking transactions as well as the storage and exchange of financial information are occurring electronically on a much more frequent basis. Moses & Singer assists its clients engaged in storing and exchanging data electronically across borders in navigating European Union privacy directives.

Privacy Practices in the Workplace

We counsel clients on privacy issues in the workplace, such as:

• The right of employees to access personnel files
• Eavesdropping and surveillance issues
• Privacy issues related to hiring and termination
• Personal intrusion issues such as drug testing, voice print testing, and polygraph testing.

We advise clients regarding emerging employment privacy issues such as the rights of employees to privacy with respect to their activities outside of the workplace and the rights of employers to monitor such off-duty activities.

Protecting Commercial Transactions

Moses & Singer represents its public, private, and not-for-profit clients on a variety of privacy issues, such as protection of commercial information and trade secrets, managing their legal exposure in the privacy area and protecting client privacy and reputational interests in bankruptcy proceedings and other litigation.

Asserting Rights Over Intellectual Property & Publicity in Traditional & New Media

We represent clients on a variety of privacy concerns that arise in the entertainment, advertising and intellectual property contexts. For example, Moses & Singer attorneys advise individual clients on how to protect their right of publicity and institutional clients on how to avoid right of publicity violations. Attorneys in this practice group also keep their clients current on new laws upon which privacy concerns have had an effect, such as the Digital Millennium Copyright Act and the associated protections available to individuals when faced with technology that collects personal information.

Moses & Singer has a national reputation as a leader in privacy issues unique to the internet and new media ventures. We are frequently called upon to counsel clients in developing, implementing and managing privacy policies and protocols that serve their needs while taking into account their customers' desire to control what is done with their personal information. We advise clients on existing and pending legislation that could impact upon their business practices, such as the Children's Online Privacy Protection Act (COPPA) as well as the FTC's enforcement activities regarding adherence by companies to their own privacy policies.

Understanding the Impact of International Privacy and Data Protection Laws

We assist clients who conduct business internationally with complicated cross-border privacy and data protection issues. These issues arise under a variety of privacy and data protection laws, particularly the European Union's General Data Protection Regulation (GDPR).  Moses & Singer attorneys draw on their experience and expertise to assist clients with determining how GDPR will affect them.  We help clients deal with the significant impacts of GDPR compliance on operations, transactions, data management, and information security. We regularly provide training for employees on various aspects of GDPR compliance.  For companies in industries to which the US/EU Privacy Directive is available, we guide clients through self-certification and compliance.

Complying with Anti-Money Laundering Laws & the USA Patriot Act

Congress passed the USA Patriot Act in response to the terrorist attacks of September 11th, 2001. The Act gives the Secretary of the Treasury broad powers to combat corruption of financial institutions for money laundering purposes, particularly with respect to activities involving foreign entities and individuals. Moses & Singer has advised financial institutions on their compliance obligations under the Act, including obligations to file "Suspicious Activity Reports," and implementing new customer identification standards in order to verify the identity of foreign customers. We can assist clients in establishing and maintaining required anti-money laundering programs, including the drafting of policies and procedures, the identification of a compliance officer, employee training, and the development of independent audits in order to test the institution's compliance efforts.

---

For more information please contact us.

Prior results do not guarantee a similar outcome.

Related News

• Jason E. Johnson Quoted in Law360 Article on Increased Cyberattacks And Effect On One Software Company July 9, 2021
• William A. Tanenbaum Named in Who’s Who Legal Rankings April 26, 2021
• William A.Tanenbaum Ranked By "Who's Who Legal" March 18, 2021
• Linda A. Malek Quoted in SC Media Article on Feds Weighing Whether Cyber Best Practices Were Followed When Assessing HIPAA Fines January 11, 2021
• Linda A. Malek Quoted in Bloomberg Article on Privacy and Security Law Risks Related to Amazon's Pharmacy Venture November 25, 2020
• Linda A. Malek Quoted in Bloomberg Article on Data Privacy and Vaccines September 23, 2020
• William A. Tanenbaum Elected to the 2020 "List of the World’s Leading Neutrals Arbitrators" September 22, 2020
• Moses & Singer Adds Leading Healthcare and Technology Lawyer William Tanenbaum May 14, 2020
• Linda A. Malek Quoted in a Bloomberg Law Article on Telehealth Rules May 5, 2020
• Linda A. Malek Quoted in a Digital Privacy News Article on Telemedicine and Data Theft Issues April 20, 2020
• Linda A. Malek Quoted in a Bloomberg Law Article on Privacy Issues and Email Security Risks April 6, 2020
• Jason E. Johnson Quoted in a Law360 Article About Zoom and the New California Privacy Law April 3, 2020
• Linda A. Malek Quoted in a Bloomberg Law Article on the Data Risks Apps Checking Covid-19 Symptoms Pose March 24, 2020
• Jason E. Johnson Quoted in a Bloomberg Law Article On Virtual Doctor's Visits March 18, 2020
• Linda A. Malek Appointed on the IAPP Advisory Board January 1, 2020
• Jason E. Johnson Quoted in Law360 December 19, 2019
• Linda Malek Quoted in Cybersecurity Law360 June 21, 2019
• Moses & Singer LLP Attorneys Present at French-American Chamber of Commerce Webinar December 17, 2018
• Linda Malek Appointed to Leadership Position at ABA Health Law Section July 16, 2014
• “Cybersecurity Ethics and Risks” Takes Center Stage at a Presentation Given by Devika Kewalramani and Amyt Eckstein May 2013
• Moses & Singer Announces Association with Julian Millstein, "Senior Statesman" in Technology and Outsourcing Law September 21, 2011

Related Events

• William A. Tanenbaum & Liberty T. McAteer To Speak at PLI’s Apps, Bots and Mobile Devices and Their Role in Digital Healthcare June 16, 2021
• Digital Health Webinar Series: Session 4 - Telehealth: IP, Data Use and Data Sharing March 10, 2021
• William A. Tanenbaum And Blaze D. Waleski To Speak At PLI's Upcoming One-Hour Briefing January 29, 2021
• Digital Health Webinar Series: Session 3 - Telehealth: Lessons from the Near Future January 27, 2021
• Moses & Singer Digital Health Webinar Series
• Linda A. Malek Speaking at HIMSS20 Digital Webinar June 25, 2020
• Linda A. Malek and Nora Lawrence Schmitt Presenting a Celesq Webinar on Privacy in Research: Highlights and Developments June 10, 2020
• Linda A. Malek and William A. Tanenbaum Speaking at PLI's Healthcare Technology 2020 May 27, 2020
• Linda Malek & Nora L. Schmitt Present At The NYSBA Committee on Medical Research and Biotechnology March 4, 2020
• Devika Kewalramani To Speak at "Staying Out Of Trouble 2019" PLI Seminar December 17th December 17, 2019
• Jason Johnson Will Be Speaking On 'Privacy Issues: Addressing Old Threats and Emerging Risks' October 17, 2019
• Gregory S. Shatan on Panel at the 2nd Annual Computational Law & Blockchain Festival March 16, 2019
• ICANN 63 New York Readout November 12, 2018
• Ethical Implications of a Cyber Breach at a Law Firm February 27, 2016
• Cybersecurity and the Cloud: Limiting Liability in an Age of Data Breaches October 21, 2014
• SpeechTEK 2014 August 19, 2014
• Data Privacy Legal Hackathon February 8 - 9, 2014
• Data Protection February 1, 2014
• Recent Developments in US Privacy and Data Protection Law January 28, 2014
• Managing Global Data Protection October 2, 2013
• Moses & Singer Sponsors Privacy Program with Fordham Law for International Attorneys July 22, 2013
• The Business and Law of Emerging Revenue Streams in UGC May 30, 2013
• The Trade Secrets Institute Symposium: Keeping Your Secrets Secret April 2013
• University transborder data flows: privacy and data security issues November 12, 2012
• Transforming the Healthcare Industry Through IT: Looking Beyond EHR October 23 - 24, 2012
• FTC Seeks Further Limits on Children's Privacy Rules September 20, 2012
• Cybersecurity and Privacy Issues in Modern Business Practices August 22, 2012
• Webinar: Summary of FTC Report on Protecting Consumer Privacy July 31, 2012
• Key Laws and Regulations: Changes Relevant to the Markle Common Framework February 20 - 24, 2012
• Dealing with Hackers November 7, 2011
• Assessing, Investigating, and Responding to Data Breaches October 27, 2011
• The Impact of HITECH on Financial Institutions: A Checkup for Your Institution October 13, 2010
• Integrating GINA Privacy Rules into HIPAA Compliance Programs March 17, 2010
• Demystifying Privacy and Security Regulations: Ensuring Thorough Data Collection While Abiding by Foreign and Domestic Privacy Laws February 23, 2010

Related Publications

• Changes to Nevada Law Expand Scope of Privacy Requirements and Protections June 30, 2021
• Why Real Estate Companies Need Better Data Protection May 10, 2021
• New York City Tenant Data Privacy Act Imposes New Data Use Restrictions on Landlords May 5, 2021
• A Look Into 2021: Data Privacy Legislative Efforts In the State of New York May 3, 2021
• A Closer Look at OCR’s Proposed Modifications to the HIPAA Privacy Rule December 23, 2020
• EDPB Recommendations On Tools For The Transfer Of Personal Data From The EU Under GDPR November 18, 2020
• Closing the CCPA Loopholes – California Approves Proposition 24 November 6, 2020
• California Approves CCPA Final Regulations September 3, 2020
• Privacy Issues Abound as Contact Tracing Initiatives Take Shape May 1, 2020
• Third-Party Data Breaches Highlight the Importance of Vetting Vendors in Compliance With GDPR and CCPA August 21, 2019
• SHIELD Act to Expand New York’s Data Breach Notification Requirements July 19, 2019
• European Commission Releases New Guidance on the Free Flow of Non-Personal Data in the European Union, Clarifying Relationship with GDPR June 7, 2019
• New Rules for Electronic Device Border Searches: Are Attorneys and Clients Prepared? January 30, 2018
• FTC, FDA, OCR and ONC: A New Culture of Collaboration? May 6, 2016
• Software Provider May Have Waived Limitations on Liability November 3, 2013
• Sleeplessness Caused in Seattle April 2013
• FTC Seeks Further Limits on Children's Privacy Rules August 2012
• HITECH Audit Protocols Released by OCR June 2012
• FTC Issues Final Report on Protecting Consumer Privacy June 2012
• Smart grid technology: Privacy and data security issues June 2012
• Comments Due on Consumer Data Privacy Codes March 2012
• Moving to the Cloud: Some Threshold Considerations February 2012
• What Was the Most Significant Health Law Development of 2011? January 2012
• Breach of Privacy Risks for Clinical Research Sponsors October 2011
• Genetic Privacy in Clinical Research: The Risks to Institutions October 2011
• Pharmacy Joint Venture Raises Anti-Kickback Concerns May 2011
• FDA Publishes Revised Informed Consent Regulations January 2011
• Health Care Privacy and Security Law Reform in the American Recovery and Reinvestment Act: Sweeping Changes for the Health Care Sector April 2009
• The Privacy and Security Challenges of Electronic and Personal Health Records: Is Your Business Prepared? June 2008
• Electronic and Personal Health Records: The Risks and Benefits for Providers April 2008
• Privacy and Security Bulletin May 2006
• Victoria Couldn't Keep A Secret November 2003
• Federal District Court Rejects FTC Opinion on Attorneys' GLB Act Coverage September 2003
• Privacy: A Corporate Lawyer's Interdisciplinary Perspective July 2003
• Privacy on the Internet: Is Your Right to Privacy a Click Away From Being Violated? May 2003
• Privacy Lawsuits Based on Federal Statutes Protecting Electronic Data Generally March 2001
• New York State Insurance Enacts Privacy Rule: Part 2 January 2001