dcsimg Data Privacy and Security

Data Privacy and Security

Members of our data privacy and security team include more than 30 interdisciplinary lawyers on the front lines of this rapidly evolving area of the law. We provide proactive counseling designed to protect the integrity of our clients’ systems, investigative and remediation services that may be required after a breach, and guidance to assist our clients as they develop new relationships and sources of revenue. Whatever the context, the team possesses the experience and professional networks necessary to address all our clients’ global needs in the area of data privacy and security.

Data Privacy Team Overview

Our team includes experienced IP litigation counsel, class-action litigators and technology industry and defense professionals to assist clients with transactional matters as well as instances where an alleged breach has led to litigation. Through McGuireWoods Consulting, we also offer lobbying services to ensure that our clients have a voice in shaping precedent-setting and far-reaching legislation. Our goal is to provide a comprehensive solution for our clients by working not only with their lawyers, but also with IT staff, human resources professionals and product specialists. This approach permits us to deliver integrated services that promote information-sharing within the organization and account for the interests of all stakeholders.

Team members regularly advise clients dealing with cybercrime and inadvertent breaches. Further, as new and multiple uses for technology emerge, we help clients respond to unforeseen consequences that require immediate action. As such, team members have become globally recognized legal resources in this practice area, with many clients hailing from diverse industries, including:

  • Defense Contractors: Advising contractors on incident response; DOD and SEC security standards; general security regulatory requirements and liability exposures; industrial espionage and trade-secret theft representation; counseling with respect to DOD NISPOM 1-301 breach notification obligations
  • Healthcare: Assisting clients with HIPAA and HITECH security requirements and policies; security assessments; OCR audit preparation; breach-notification requirements
  • Finance: Counseling on GLB and SO security requirements; data-breach exposures and response
  • Telecommunications: Preparing cloud computing contracts and security requirements for a Fortune 500 telecommunications provider; advising clients on new initiatives in the healthcare arena and HIPAA/HITECH implications; counseling regarding Commerce Department export control and deemed-export issues such as development of technologies and encryption systems
  • Retail: Counseling regarding computer intrusions and stolen credit-card information; PCI DSS standards counseling and response to card brand investigations; representation before the FTC regarding security policies and practices; litigate vendor contract breaches and negligence that led to computer intrusion
  • Utilities and Power: Advising clients on generally applicable security requirements relating to the protection of PII and retail transactions, as well as on NERC security standards
  • Supply Chain: Assisting clients with protecting the integrity of their supply chains, including examining the security of supply sources and delivery mechanisms, in order to ensure that component parts and services are free from malicious threats and final products and services can be certified and trusted
  • Construction: Conducting privacy and data security liability audits of company intranet and extranet, including evaluation of ramifications of new state employee privacy-protection requirements, as well as an evaluation of Commerce Department export control issues related to international intranet and extranet exchange of technical information; advising clients on data security policies to protect PII and protection of company trade secrets and proprietary information
  • Domestic and International Transportation and Distribution: Assisting clients with export control and deemed-export control requirements enforced by U.S. Commerce Department; developing international cloud computing contracts that meet U.S. and EU Data Security requirements
  • Nonprofit Organizations: Advising international nonprofit organizations of security standards required to protect organization donor lists and other PII, as well as of applicable international European and state laws regarding breach notification

International Practice

Because global commerce recognizes no boundaries, the team’s Data Privacy and Security clients rely heavily on our deep international experience. Our team’s international practice helps clients secure their data globally, and navigate through U.S. (federal and state), Canadian, European, Middle Eastern and Asian data security and privacy laws. Team attorneys collectively speak 13 languages and respond to matters relating to international cloud computing, data transfer and international e-discovery matters.

Incident Response

In the event of a breach or other security matter, it is essential to be able to mobilize a broad-based response that includes resources outside of the client and our firm. Our data privacy and security team, which includes several former federal prosecutors, draws upon the resources of a large, external support network composed of qualified computer forensic examiners and law enforcement agents around the world. Among these resources are high-level technical subject matter experts and liaisons with the FBI, U.S. Secret Service, Postal Inspectors, New Scotland Yard and the big four international accounting firms. This network is further expanded through active memberships in InfraGard (FBI) and the Federal Electronic Crimes Task Force (U.S. Secret Service).

Director and Officer Protection

Our team is keenly aware of the dangers that security breaches pose to an organization as a whole, as well as the exposure of directors and officers in the event of such breaches. Therefore, a fundamental part of our practice is regularly counseling directors and executive officers on what they do and don't need to know, what the risks are of not knowing, and procedures and tips for how to stay educated and abreast of regulatory and hostile technology developments within and outside of their organizations. Whatever the risk profile of the company, we help ensure that the individual directors and officers are taking appropriate measures to faithfully fulfill their fiduciary duties, thereby protecting themselves as well as the companies they represent.

Keeping Pace

Given the ever-changing technology landscape, McGuireWoods’ data privacy and security team members ensure that they are up-to-date on the latest legal trends, court decisions and regulations, one such example being the “bring your own device” (BYOD) issue. We are involved in forums and think tanks, such as the NTIA call for commentary on issues relating to how companies will manage data privacy in an age in which employees have multiple online lives through a single mobile device.

Areas of our experience include:

  • Breach notification and representation before regulators
  • Data transfer and representation before regulators
  • e-discovery issues relating to U.S. and European litigation
  • EU data privacy and regulator representation
  • PIPEDA data privacy compliance
  • Industrial espionage investigations and litigation
  • Intellectual property litigation
  • Trade-secret protection and litigation
  • Bring your own device (BYOD)
  • Cloud computing, contracts and security
  • Computer intrusion
  • Crisis communications
  • Defense contracting and security
  • Employee data management
  • Employer and employee relations and privacy
  • Encryption policy deployment and export controls
  • Global data transfer
  • Government and criminal investigations
  • HIPAA and HITECH security assessments and audits
  • Identity theft
  • Incident Response
  • Mobile data privacy
  • Payment credit-card industry data security standards (PCI DSS)
  • Privacy consulting
  • Regulatory consulting on security standards
  • Safe-harbor provisions
  • Technology export and import controls

Included in team member credentials are:

  • The team leader is a former assistant U.S. attorney responsible for leading the Justice Department’s Computer Crimes Task Force with over 80 trials. His testimony before Congress, the National Science Foundation and the FCC helped shape the direction of data security liability law. He is also the recipient of an FBI commendation for Computer Fraud Prosecutions, a U.S. Secret Service award for Law Enforcement Assistance, U.S. Justice Department Special Commendation and Special Achievement awards, a U.S. Customs Commissioner’s award for Export Prosecutions, and a U.S. Commerce Department award for Commerce Commodity Control Litigation. Since 2008, he has been recognized as a “Leader in the Field” by Chambers USA and Chambers Global for his security and privacy practice.
  • The U.S. Army CIO for a joint special operations task force in which he was responsible for all IT personnel and systems used to conduct hundreds of successful raids against high-value targets. During recall to active duty, he created a new capability being used by senior military and intelligence leaders in the global war on terror. He has a Top-Secret/Sensitive Compartmental Information (TS/SCI) security clearance.
  • Chair of the firm’s transactional Intellectual Property practice. Her experience includes auditing and evaluating client data security policies, drafting website privacy policies, negotiating cloud computing agreements from both the vendor and customer perspectives, and providing support in the aftermath of a data breach, including compliance with breach-notification laws.
  • Two Brussels-based partners are members of the European Privacy Association (EPA), a pan-European network of privacy, data protection and security experts, which works closely with the EU institutions. These partners both have experience in all privacy-related issues involving national data protection authorities and EU institutions, as well as broad experience in regulatory issues such as cloud computing, data transfers, coordination with foreign discovery or antibribery teams, interactions with intellectual property rights, re-use of public sector information, employee monitoring, and privacy audits.
  • A London-based partner with extensive experience in European regulatory issues, including data protection and security; cross-border data transfer; privacy; encryption; export controls; technology and EU public procurement regulations. One recent focus has been on technology transfer and regulation in the banking and financial markets sectors.
  • Chair of the firm’s Supply Chain practice, an experienced data privacy and security lawyer, who routinely counsels clients on protective measures to employ in the construction of policies and critical contracts in order to prevent security breaches, investigations, lawsuits and similar harmful events. He focuses on a variety of matters, including data storage, cloud computing and social-media risks and has particular knowledge of the Payment Card Industry Data Security Standards.

Conclusion

Increasing sophistication of technology and a borderless marketplace have given rise to new sources, types and levels of risk. Hostile and criminal abuses of private data are escalating. National and global political environments are shifting faster and more radically, and regulatory scrutiny and pressure to protect our privacy and security are expanding. Boardroom liability and ever-evolving intellectual property and privacy laws complete the perfect storm for heightening business and personal risk. McGuireWoods’ data privacy and security team is highly qualified and brings a unique depth of experience to tackling the challenges of protecting our clients’ data, and equally important, their reputations.

CONTACTS

C. Andrew Konia Partner T: +1 703 712 5071
William J. Cook Partner T: +1 312 750 2750
Results 1-20 of 27
Show All

RESULTS DEPEND ON A VARIETY OF FACTORS UNIQUE TO EACH CASE. PRIOR RESULTS DO NOT GUARANTEE OR PREDICT A SIMILAR OUTCOME.

Representative Matter

Data protection compliance

Advising multinationals in the implementation of corporate-wide compliance with the EU data protection directive, for instance concerning Human Resources Management systems.
Representative Matter

U.S. export controls and EU data protection rules governing whistleblowing

Advising a large international chemicals manufacturer on the interaction between US export control rules and EU data protection law, and how to export to the US data relating to EU employees in order to comply with a US obligation to report crimes by company employees.
Representative Matter

Credit card issuer

Advice to a credit card issuer in IT and data protection compliance.
Representative Matter

German company

Advice to a German company concerning direct marketing operation in some European countries and in the United States.
Representative Matter

International counsel

Advice to international counsel as part of a team of U.S. and European lawyers, on a data breach investigation and reporting.
Representative Matter

U.S. company

Advice to a U.S. company concerning the introduction of a whistleblowing scheme in several Belgian entities.
Representative Matter

U.S. telecom operator

Advice to a U.S. telecom operator concerning a project that will collect automobilists' personal data in France in order to offer them various services.
Representative Matter

Fortune 500 wireless carrier

Assisting a Fortune 500 wireless carrier with evaluation of device financing proposals for postpaid and prepaid brands.
Representative Matter

International counsel

Advice to international counsel on direct marketing operation in France.
Case Study

Los Angeles and Pittsburgh teams secure win for GNC

In a case profiled in National Law Journal, McGuireWoods defeated a motion for class certification in an action brought against General Nutrition Corporation (GNC) in the U.S. District Court for the Central District of California alleging violations of California Civil Code section 1747.08 (the Song-Beverly Credit Card Act).

The Song-Beverly Credit Card Act (the "Act") was intended to stop businesses from gathering and storing unnecessary personal information from their consumers. The California Legislature passed the Act to address two important privacy concerns. First, corporations were needlessly storing consumer information and using it for their own marketing purposes or selling the information to other marketers. Second, store clerks who obtained customers' personal information engaged in acts of harassment and violence.

Representative Matter

European association

Advice to a European association on processing of sensitive data (judicial data) in matter of inside betting.
Representative Matter

Food and beverage company

Advice to a food and beverage company on data transfers for an US discovery procedure.
Representative Matter

Regional tourism promotion institution

Coordinating national compliance (inside and outside the EU) and data transfer from the EU to the United States and Japan for a regional tourism promotion institution.
Representative Matter

Consultant company

Advising a consultant company on IT breach tests and audits.
Representative Matter

Copyright owner

Advised a copyright owner against the Belgian State and other companies in  litigation concerning a possible copyright infringement of software relating to citizens' electronic identification.
Representative Matter

Data protection and EU direct marketing

Advice to a credit card issuer on direct marketing (marketing messages and Cookies).
Representative Matter

Data protection and Roadlog device

Advise to a U.S. company on data protection compliance concerning the data generated in the EU by a Roadlog device for trucks.
Representative Matter

Electronic components distributor

Advised an electronic components distributor on international privacy and security laws with special emphasis on state data privacy and breach notification requirements.
Representative Matter

Global media and technology company

Drafted a mobile media policy that complies with current FTC mobile media advertising guidelines for a global media and technology company.
Representative Matter

International hospitality company

Results 1-20 of 27
Results 1-25 of 41
Show All
Vassilis Akritidis
Partner
rue des Colonies 56 - box 3
1000 Brussels

T: +32 2 629 42 53
F: +32 2 629 42 22
vCard
Maureen Baikry Maureen Baikry
Associate
rue des Colonies 56 - box 3
1000 Brussels

T: +32 2 629 42 33
F: +32 2 629 42 22
vCard
Yongqing Bao
Associate
rue des Colonies 56 - box 3
1000 Brussels

T: +32 2 629 42 24
F: +32 2 629 42 22
vCard
Evan Bayh Evan Bayh
Partner
2001 K Street N.W.
Suite 400
Washington, DC 20006-1040

T: +1 202 828 2825
F: +1 202 828 3331
vCard
Kenneth D Bell Kenneth D. Bell
Partner
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146

T: +1 704 373 4620
F: +1 704 373 8836
vCard
Meggan Michelle Bushee Meggan Michelle Bushee
Associate
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146

T: +1 704 343 2360
F: +1 704 805 5085
vCard
Allison D Charney Allison D. Charney
Partner
1345 Avenue of the Americas
7th Floor
New York, NY 10105-0106

T: +1 212 548 2166
F: +1 212 715 6279
vCard
William J Cook William J. Cook
Partner
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 750 2750
F: +1 312 698 4536
vCard
Ashley Z Crenshaw Ashley Z. Crenshaw
Associate
One James Center
901 East Cary Street
Richmond, VA 23219-4030

T: +1 804 775 1150
F: +1 804 440 7725
vCard
Mehboob R Dossa Mehboob R. Dossa
Partner
11 Pilgrim Street
London EC4V 6RN
United Kingdom

T: +44 20 7632 1627
F: +44 20 7632 1638
vCard
Jennifer Farer Jennifer L. Farer
Associate
2001 K Street N.W.
Suite 400
Washington, DC 20006-1040

T: +1 202 857 1708
F: +1 202 828 3336
vCard
Jeremy D Freeman Jeremy D. Freeman
Partner
1345 Avenue of the Americas
7th Floor
New York, NY 10105-0106

T: +1 212 548 7008
F: +1 212 715 6269
vCard
Steve Gold Steve Gold
Partner
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 321 7664
F: +1 312 698 4583
vCard
David L Greenspan David L. Greenspan
Partner
1750 Tysons Boulevard
Suite 1800
Tysons Corner, VA 22102-4215

T: +1 703 712 5096
F: +1 703 712 5214
vCard
Louis Greenstein Louis D. Greenstein
Partner
2001 K Street N.W.
Suite 400
Washington, DC 20006-1040

T: +1 202 857 2415
F: +1 202 828 3310
vCard
A. Brooks Gresham
Partner
1800 Century Park East
8th Floor
Los Angeles, CA 90067-1501

T: +1 310 315 8291
F: +1 310 956 3104
vCard
Adam A Grove Adam A. Grove
Associate
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 849 8147
F: +1 312 698 4561
vCard
Veronica Jackson Veronica D. Jackson
Associate
7 Saint Paul Street
Suite 1000
Baltimore, MD 21202-1671

T: +1 410 659 4436
F: +1 410 659 4471
vCard
Noreen Kelly-Dynega
Partner
1345 Avenue of the Americas
7th Floor
New York, NY 10105-0106

T: +1 212 548 7025
F: +1 212 715 6290
vCard
C. Andrew Konia C. Andrew Konia
Partner
1750 Tysons Boulevard
Suite 1800
Tysons Corner, VA 22102-4215

201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146

T: +1 703 712 5071
F: +1 704 444 8834
vCard

T:+1 704 343 2070
F: +1 704 444 8834

Nathan A Kottkamp Nathan A. Kottkamp
Partner
One James Center
901 East Cary Street
Richmond, VA 23219-4030

T: +1 804 775 1092
F: +1 804 698 2072
vCard
Clare McGovern Clare M. Lewis
Associate
Court Square Building
310 Fourth Street, N.E.
Suite 300
Charlottesville, VA 22902-1288

T: +1 434 977 2530
F: +1 434 980 2256
vCard
Mark J Maier Mark J. Maier
Partner
1750 Tysons Boulevard
Suite 1800
Tysons Corner, VA 22102-4215

T: +1 703 712 5135
F: +1 703 712 5296
vCard
Ashley Matthews Ashley B. Matthews
Associate
Court Square Building
310 Fourth Street, N.E.
Suite 300
Charlottesville, VA 22902-1288

T: +1 434 977 2570
F: +1 434 980 2250
vCard
Timothy Maun Timothy J Maun
Associate
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818

T: +1 312 849 8199
F: +1 312 698 4506
vCard
Results 1-20 of 21
Show All
Speaking Engagement

Safeguarding the Right to Data Protection in the EU

The role of the national and European courts

Thursday, October 30, 2014
Paris
Event

Community Banking and Cyber Risk Management

Legal, Regulatory, Litigation and Insurance Issues

September 17, 2014
Chicago, IL
Speaking Engagement

Global E-commerce Summit 2014 Pre-Conference: e-Regulations & e-Privacy

June 16-18, 2014
Barcelona
Speaking Engagement

Operations & Technology Conference

May 13-14, 2014
Charlottesville, VA
Speaking Engagement

4th EPDP 2014: European Data Protection Days

May 12-13, 2014
Berlin
Speaking Engagement

IT Security - How Exposed are we to the Cyber Threat?

A seminar for Professional Service Providers

April 24, 2014
Brussels
Speaking Engagement

Annual Conference on Data Protection in the EU 2014

April 7 - 8, 2014
Brussels
Speaking Engagement

Annual Conference on European Data Protection Law 2013

November 18-19, 2013
Trier
Event

Community Bank Cyber-Law Forum

Legal, Regulatory and Insurance Issues

November 14, 2013
Charlotte, NC
Speaking Engagement

PL&B 26th Annual International Conference: Bridging Privacy Cultures

Data privacy cases decided by the Court of Justice of the European Union and the European Court of Human Rights

July 1-3, 2013
Cambridge
Event

Tysons Data Privacy and Security Forum

Thursday, June 27, 2013
Tysons Corner, VA
Event

A Passage to India (and Back)

Data Protection Liabilities for Indian Businesses in the U.S., UK and India

December 5, 2012
Complimentary Webinar
Event

10th Annual Nonprofit Seminar: Regulatory and Legal Challenges Facing Nonprofits

September 25, October 9 & 16, 2012
Charlottesville, VA and Charlotte, NC
Speaking Engagement

British Chamber of Commerce in Belgium

Data Protection Law

September 25, 2012
Speaking Engagement

SOURCE Security Conference and Training

Data Breach: Let the Finger Pointing Begin!

September 13, 2012
Seattle, WA
Speaking Engagement

Presentation to the Association of Corporate Counsel

EU Data Protection Update

June 19, 2012
Results 1-20 of 21
Results 1-20 of 70
Show All
Legal Alert

The Impact of Data Protection on E-commerce

Password Protected
June 18, 2014
Legal Alert

Big Data and Competition Law in the EU

Password Protected
May 21, 2014
Legal Alert

The CJEU's Google Spain Decision

A Right to be Forgotten Within the Limits of the Freedom of Expression

May 14, 2014
Legal Alert

Breach Notification Dilemma

Password Protected
May 8, 2014
Legal Alert

FTC May Use Unfair and Deceptive Trade Practices Authority to Regulate Cybersecurity

Even Where It Has Not Issued Regulations to Set an Acceptable Cyber Security Standard

April 9, 2014
Results 1-20 of 70