Privacy, Information Management and Data Protection

Privacy and data protection are among the most complex and dynamic areas of the law and one of the most demanding for companies.  New statutes, regulations and interpretations appear regularly, adding complicated and often contradictory requirements, while new technologies change the business landscape in which those requirements are applied.  Companies that do business overseas must comply with foreign privacy laws and data transmission rules and regulations. Data breaches and privacy missteps can lead to costly, unanticipated expenses and business disruptions; and carry the threat of regulatory enforcement actions and class-action lawsuits. These issues cross the boundaries of every industry and business -- all businesses need to make privacy and data security part of their operations. 

The JMBM Privacy, Information Technology and Data Protection Group is known both for its legal expertise and also for its command of the technology.  Our experience and expertise affords us the unique ability to interface effectively with Chief Information Officers, Chief Technology Officers and information technology managers at both a strategic and granular level.  Our deep understanding of relevant technologies, combined with our legal knowledge, helps our clients avoid disconnects between their privacy and information security policies and the effective implementation and enforcement of those policies.  Our understanding of encryption laws, information security requirements, risk control and crisis management make us a key advisor to companies that engage in multinational or regulated transactions.  

JMBM has been on the forefront of privacy, information management and data protection issues.  Members of the JMBM Privacy, Information Technology and Data Protection Group are frequent authors and speakers on data security and privacy issues.  Our attorneys are the authors of the Bloomberg BNA Portfolio "Records Retention for Enterprise Knowledge Management," which was first released in 2007, and updated in 2012. The guide is one of the fist comprehensive treatments of the legal challenges posed by electronically stored information, and addresses why and how businesses should create, implement and manage their records retention policies to protect their information and comply with legal requirements. One of our team members is one of only two lawyers recognized in the 2012 Southern California SuperLawyers for Information Technology expertise and a member of the International Association of Privacy Professionals.

Representative Experience

  • Developed compliance program for an online retailer under the revised Children’s Online Privacy and Protection Act.
  • Structured and implemented protocols and contractual provisions for a major cloud computing to comply with the European Union Data Protection Protocol and privacy and security laws of Canada, Singapore, Australia, Mexico and India.
  • Represented internationally know retailer in data breach remediation and the establishment of a comprehensive breach remediation protocol.
  • Represented retailer whose information was maintained at a nationally-recognized aggregator and breached; worked with federal and state law enforcement officials and multiple law firms in remediation.
  • Negotiated remediation and notification of a security breach by a data broker on behalf of a client to the data broker.
  • Represented a franchisee whose computer server was physically stolen with customer information relating to over 2 million accounts.  Coordinated with franchisor, local law enforcement and insurance companies.
  • Assisted nationally recognized retailer (both online and brick and mortar) whose employee information was compromised by introduction of a peer-to-peer network.
  • Designed privacy and security protocols for nationally-known shopping mall operator.
  • Represented nationally recognized retailer before the Federal Trade Commission claiming unfair and deceptive practices; resulted in no claim being brought.
  • Coordinated comprehensive notification for an event planner whose database was compromised.
  • Represented merchant card processing company in an investigation of potential breach.
  • Represented large regional managed healthcare company in an investigation of potential breach.
  • Represented consumer lender in developing a comprehensive breach notification protocol.
  • Designed security and breach protocol procedures for multinational manufacturer.
  • Designed security and breach protocol procedures for multinational membership organization.
We assist our clients in developing effective solutions for protecting and managing information assets and complying with legal requirements, using an approach designed to help clients contain costs and maintain operational efficiency. Our team is well-versed in all aspects of privacy and information management. 

We help clients:
  • Respond to data breaches, including selecting appropriate technology and forensics experts;
  • Develop and implement data breach response plans  and procedures, and related privacy, information security and data retention policies and procedures;
  • Address host of statutory and regulatory issues, including Gramm-Leach-Bliley Act, Children’s Online Privacy Protection Act, Fair and Accurate Credit Transactions Act and Fair Credit Reporting Act;
  • Advise clients on international privacy laws and rules on their businesses, including the U.S. – E.U. Safe Harbor Program;
  • Address legal challenges posed by the proliferation of social media and mobile applications;
  • Negotiate agreements for technologies and services to implement information management systems;
  • Deploy and protect new information technologies;
  • Conduct internal investigations, particularly those involving sensitive electronically stored information;
  • Avoid, address and mitigate state and federal regulatory enforcement actions; 
  • Conduct complex litigation and arbitrations, including class action defense actions connected with data breach claims; and
  • Assist companies in developing appropriate governance tools to the board of directors and executive management levels to address cyber risk.
Our experience with various technologies and methodologies permits us to develop custom solutions to our clients' privacy, data protection and information management challenges. Our team also helps businesses anticipate changes to privacy and data security laws and shape their business practices to avoid costly and enterprise-threatening legal and regulatory exposures. When significant litigation arises, our Discovery Technology Group™ -- one of the first electronic discovery practice groups in a major law firm -- assists clients in meeting their pre-trial discovery obligations efficiently, in compliance with applicable law and with minimal business disruption.