Privacy and Data Security

Organizations of all sizes and across all industries encounter extraordinary challenges in managing the security of their data — from personally identifiable information, trade secrets, intellectual property, and other confidential information. This critical data must be securely managed in compliance with constantly evolving laws and regulations and in a manner consistent with a company’s best practices. In a dynamic legal landscape, businesses need a legal team that can help mitigate risks and respond to the unexpected.

Taft’s Privacy and Data Security attorneys draw on experience that spans industries, practice areas and jurisdictions. Our attorneys keep at the forefront of up-and-coming state and federal privacy laws concerning the collection of personal/sensitive data. We help clients not only comply with the law, but also seize opportunities to capitalize on the power in their information to grow and better serve their purposes.

Taft attorneys have experience in a wide range of state, federal, and international regulations and industry best practices, including:

  • Healthcare: HIPAA, HITECH
  • Finance: GLBA, FACTA, FCRA
  • Marketing and Communications: TCPA, TSR and CAN-SPAM
  • International: EU GDPR, PIPEDA
  • Technology: COPPA, CFAA, Stored Communications Act
  • Information Security: NIST, ISO and PCI-DSS

Taft proactively helps its business clients assess their compliance conformance. We identify areas in need of improvement and/or immediate attention, and help our clients implement measures to address and correct them. And when challenges arise, Taft stands ready to assist clients in conducting a timely and methodical response.

The Privacy and Data Security practice serves clients by:

  • Conducting data governance risk assessments, including privacy impact assessments.
  • Developing administrative safeguards, including policies, procedures and contracts.
  • Assessing, implementing and maintaining privacy and data security programs.
  • Conducting awareness training.
  • Defending and prosecuting privacy and data security claims.
  • Responding to regulatory and criminal investigations.
  • Managing incident response and data breach notification.
  • Negotiating cyber insurance coverage and pursuing cyber insurance claims.
  • Resolving transactional disputes.
  • Advising clients concerning the Internet of Things (“IoT”).

The world is so immersed in technology that activities in cyberspace have become inseparable from the everyday operations of business, education, government and the military. Taft’s Privacy and Data Security practice is comprised of an exceptional team of attorneys with experience in multiple legal disciplines (litigation, government contracts, energy, banking and financial services, technology, intellectual property, labor and employment, and health care) who are prepared to address these concerns. Attorneys counsel clients regarding their data collection, retention, sharing, and security practices.

Many attorneys in our Privacy and Data Security practice have earned prestigious Certified Information Privacy Professional (“CIPP”) Certifications, the preeminent credential in the field, in several important classifications. These certifications ensure that attorneys have knowledge regarding essential privacy concepts and principals and the jurisdictional laws, regulations and enforcement models for handling and transferring data.

Privacy and Data Security attorneys also contribute to the Taft Privacy & Data Security Insights blog.

Related Practices

Related Industries

Notable Matters

  • Advise hospitals and physician groups with respect to security audits.
  • Prepare HIPAA/HITECH privacy and security policies and procedures for health care providers and for business associates.
  • Provide HIPAA/HITECH training for health care providers and for business associates.
  • Act as outside counsel to a large academic medical practice providing guidance on HIPAA and HITECH matters, including advising on potential breaches and drafting notice of violations.
  • Draft privacy policies and terms of use for websites and applications.
  • Draft and review agreements involving the access, use and disclosure of personal information to address data privacy and data breach concerns.
  • Conducted a HIPAA risk assessment and risk analysis for a large U.S. healthcare corporation with nationwide operations.
  • Represented a large healthcare provider in a multistate data breach, including coordination with the Office of Civil Rights (HHS) and states attorneys general.
  • Represented a large physician group practice in connection with a data breach HIPAA/HITECH analysis (breach originating with the vendor) and investigation, patient notification and HHS OCR notification.
  • Represented a hospital in connection with a data breach analysis and investigation, HIPAA/HITECH analysis and advice.
  • Successfully represented an industry leading company against a former employee who had electronically transferred trade secrets and other company confidential information prior to leaving to join a competitor.
  • Successfully defended a company accused of misappropriating trade secrets.
  • Drafted policies and provided training to numerous companies related to the human resources aspect of privacy and data security, including bring your own device policies.
  • Drafted policies and provided training to companies relative to implementing reasonable precautions to protect trade secrets and other nonpublic, business sensitive information.
  • Assisted educational institutions when student information may have been improperly disclosed.
  • Assisted companies when employees' personally identifiable information has been disclosed by a vendor.