Privacy, Information Management and Data Protection
Privacy and data protection are among the most complex and dynamic areas of the law. New statutes, regulations and interpretations appear regularly, adding complicated and often contradictory requirements. Companies that do business overseas must comply with foreign privacy laws and data transmission rules and regulations. Data breaches and privacy missteps can lead to costly, unanticipated expenses and business disruptions; they also carry the threat of regulatory enforcement actions and class-action lawsuits. These issues cross the boundaries of every industry and business -- all businesses need to make privacy and data security part of their operations. JMBM has been on the forefront of privacy, information management and data protection issues, and our attorneys are the authors of the Bloomberg BNA Portfolio "Records Retention for Enterprise Knowledge Management," which was first released in 2007, and updated in 2012. The guide addresses why and how businesses should create, implement and manage their records retention policies to protect their information and comply with legal requirements.
Representative Information Security and Security Breach Assignments:
- Represented retailer whose information was maintained at a nationally-recognized aggregator and breached; worked with federal and state law enforcement officials and multiple law firms in remediation.
- Negotiated remediation and notification of a security breach by a data broker on behalf of a client to the data broker.
- Represented a franchisee whose computer server was physically stolen with customer information relating to over 2 million accounts. Coordinated with franchisor, local law enforcement and insurance companies.
- Assisted nationally recognized retailer (both online and brick and mortar) whose employee information was compromised by introduction of a peer-to-peer network.
- Designed privacy and security protocols for nationally-known shopping mall operator.
- Represented nationally recognized retailer before the Federal Trade Commission claiming unfair and deceptive practices; resulted in no claim being brought.
- Coordinated comprehensive notification for an event planner whose database was compromised.
- Represented merchant card processing company in an investigation of potential breach.
- Represented large regional managed healthcare company in an investigation of potential breach.
- Represented consumer lender in developing a comprehensive breach notification protocol.
- Designed security and breach protocol procedures for multinational manufacturer.
- Designed security and breach protocol procedures for multinational membership organization.
We assist our clients in developing effective solutions for protecting and managing information assets and complying with legal requirements, using an approach designed to help clients contain costs and maintain operational efficiency. Our team is well-versed in all aspects of privacy and information management. Lawyers in this group co-authored the Bureau of National Affairs portfolio "Records Retention for Enterprise Knowledge Management," one of the first comprehensive treatments of the legal challenges posed by electronically stored information. One of our team members is the only lawyer recognized in the 2012 Southern California SuperLawyers for Information Technology expertise.
We help clients:
- Develop and implement privacy, information security and data retention policies and procedures;
- Respond to data breaches, including selecting appropriate technology and forensics experts;
- Address legal challenges posed by the proliferation of social media;
- Assist clients in negotiating agreements for technologies and services to implement information management systems;
- Address the impact of international privacy laws and rules on their businesses;
- Deploy and protect new information technologies;
- Conduct internal investigations, particularly those involving sensitive electronically stored information;
- Avoid and mitigate regulatory enforcement actions; and
- Conduct complex litigation and arbitrations.
Our experience with various technologies and methodologies permits us to develop custom solutions to our clients' privacy, data protection and information management challenges. Our team also helps businesses anticipate changes to privacy and data security laws and shape their business practices to avoid costly and enterprise-threatening legal and regulatory exposures. When significant litigation arises, our Discovery Technology Group™ -- one of the first electronic discovery practice groups in a major law firm -- assists clients in meeting their pre-trial discovery obligations efficiently, in compliance with applicable law and with minimal business disruption.