Data Privacy and Security

Members of our data privacy and security team include more than 30 interdisciplinary lawyers on the front lines of this rapidly evolving area of the law. We provide proactive counseling designed to protect the integrity of our clients’ systems, investigative and remediation services that may be required after a breach, and guidance to assist our clients as they develop new relationships and sources of revenue. Whatever the context, the team possesses the experience and professional networks necessary to address all our clients’ global needs in the area of data privacy and security.

Data Privacy Team Overview

Our team includes experienced intellectual property counsel, class action litigators and technology industry professionals to assist clients with transactional matters as well as instances where an alleged breach has led to litigation. Through McGuireWoods Consulting, we also offer lobbying services to ensure that our clients have a voice in shaping precedent-setting and far-reaching legislation. Our goal is to provide a comprehensive solution for our clients by working not only with their lawyers, but also with IT staff, human resources professionals and product specialists. This approach permits us to deliver integrated services that promote information-sharing within the organization and account for the interests of all stakeholders.

Team members regularly advise clients dealing with cybercrime and inadvertent breaches. Further, as new and multiple uses for technology emerge, we help clients respond to unforeseen consequences that require immediate action. As such, team members have become globally recognized legal resources in this practice area, with many clients hailing from diverse industries, including education, energy, financial services, healthcare, insurance and retail, among others.  

International Practice

Because global commerce recognizes no boundaries, the team’s Data Privacy and Security clients rely heavily on our deep international experience. Our team’s international practice helps clients secure their data globally, and navigate through U.S. (federal and state), Canadian, European, Middle Eastern and Asian data security and privacy laws. Team attorneys collectively speak 13 languages and respond to matters relating to international cloud computing, data transfer and international e-discovery matters.

Incident Response

In the event of a breach or other security matter, it is essential to be able to mobilize a broad-based response that includes resources outside of the client and our firm. Our data privacy and security team, which includes several former federal prosecutors, draws upon the resources of a large, external support network composed of qualified computer forensic examiners and law enforcement agents around the world. Among these resources are high-level technical subject matter experts and liaisons with the FBI, U.S. Secret Service, Postal Inspectors, New Scotland Yard and the big four international accounting firms. This network is further expanded through active memberships in InfraGard (FBI) and the Federal Electronic Crimes Task Force (U.S. Secret Service).

Director and Officer Protection

Our team is keenly aware of the dangers that security breaches pose to an organization as a whole, as well as the exposure of directors and officers in the event of such breaches. Therefore, a fundamental part of our practice is regularly counseling directors and executive officers on what they do and don't need to know, what the risks are of not knowing, and procedures and tips for how to stay educated and abreast of regulatory and hostile technology developments within and outside of their organizations. Whatever the risk profile of the company, we help ensure that the individual directors and officers are taking appropriate measures to faithfully fulfill their fiduciary duties, thereby protecting themselves as well as the companies they represent.

Areas of Experience

  • Comprehensive Information Governance program development
  • Data breach compliance, response and remediation, including media relations
  • Proactive data protection audits
  • Cross-border data transfer compliance, including the EU/U.S. Privacy Shield
  • M&A/private equity counseling
  • Vendor contract development and negotiation
  • Privacy policy management
  • HIPAA and state health records laws
  • Cyber insurance counseling
  • Legislative tracking, analysis and lobbying (in partnership with McGuireWoods Consulting)
  • Forensics and technical systems planning (in partnership with forensic consultants)
  • Cybersecurity crisis management

Included in team member credentials are:

  • Chair of the firm’s transactional Intellectual Property practice. Her experience includes auditing and evaluating client data security policies, drafting website privacy policies, negotiating cloud computing agreements from both the vendor and customer perspectives, and providing support in the aftermath of a data breach, including compliance with breach-notification laws.
  • Two Brussels-based partners are members of the European Privacy Association (EPA), a pan-European network of privacy, data protection and security experts, which works closely with the EU institutions. These partners both have experience in all privacy-related issues involving national data protection authorities and EU institutions, as well as broad experience in regulatory issues such as cloud computing, data transfers, coordination with foreign discovery or antibribery teams, interactions with intellectual property rights, re-use of public sector information, employee monitoring, and privacy audits.
  • A London-based partner with extensive experience in European regulatory issues, including data protection and security; cross-border data transfer; privacy; encryption; export controls; technology and EU public procurement regulations. One recent focus has been on technology transfer and regulation in the banking and financial markets sectors.
  • Chair of the firm’s Supply Chain practice, an experienced data privacy and security lawyer, who routinely counsels clients on protective measures to employ in the construction of policies and critical contracts in order to prevent security breaches, investigations, lawsuits and similar harmful events. He focuses on a variety of matters, including data storage, cloud computing and social-media risks and has particular knowledge of the Payment Card Industry Data Security Standards.
  • Fifteen members who hold either the CIPP/U.S. or CIPP/E certification as Certified Information Privacy Professionals from the International Association of Privacy Professionals (IAPP).  

CONTACTS

C. Andrew Konia Partner T: +1 703 712 5071 Email
Paul Van den Bulck Partner T: +32 2 629 42 39 Email
Results 1-20 of 28
Show All

RESULTS DEPEND ON A VARIETY OF FACTORS UNIQUE TO EACH CASE. PRIOR RESULTS DO NOT GUARANTEE OR PREDICT A SIMILAR OUTCOME.

Representative Matter

Voluntary dismissal of TCPA class action involving “one-click” dialing

Secured the voluntary dismissal of a putative TCPA class action against a market research company after convincing plaintiff’s counsel through informal discovery that the cell phone calls at issue were not placed by an ATDS.
Representative Matter

A2 Access LLC

Representation of A2 Access LLC, a leader in corporate access information, in connection with its sale to Dealogic.
Representative Matter

Client

Advising a client concerning the transfer of personal data from EU to the U.S. to comply with U.S. regulatory rules relating to a contract with the U.S. government.
Representative Matter

Communications company

Advising a company on all aspects of IT security and data protection compliance in its negotiation with its main IT service provider.
Representative Matter

International group

Advising an international group concerning the data protection compliance of an internal HR network.
Representative Matter

International group

Advising an international group concerning the data protection compliance of its e-commerce website (privacy notice, cookies, transfer of personal data to third parties for direct marketing purposes, etc.).
Representative Matter

Data protection compliance

Advising multinationals in the implementation of corporate-wide compliance with the EU data protection directive, for instance concerning Human Resources Management systems.
Representative Matter

U.S. export controls and EU data protection rules governing whistleblowing

Advising a large international chemicals manufacturer on the interaction between US export control rules and EU data protection law, and how to export to the US data relating to EU employees in order to comply with a US obligation to report crimes by company employees.
Representative Matter

Credit card issuer

Advice to a credit card issuer in IT and data protection compliance.
Representative Matter

German company

Advice to a German company concerning direct marketing operation in some European countries and in the United States.
Representative Matter

International counsel

Advice to international counsel as part of a team of U.S. and European lawyers, on a data breach investigation and reporting.
Representative Matter

U.S. company

Advice to a U.S. company concerning the introduction of a whistleblowing scheme in several Belgian entities.
Representative Matter

U.S. telecom operator

Advice to a U.S. telecom operator concerning a project that will collect automobilists' personal data in France in order to offer them various services.
Representative Matter

Fortune 500 wireless carrier

Assisting a Fortune 500 wireless carrier with evaluation of device financing proposals for postpaid and prepaid brands.
Representative Matter

International counsel

Advice to international counsel on direct marketing operation in France.
Case Study

Los Angeles and Pittsburgh teams secure win for GNC

In a case profiled in National Law Journal, McGuireWoods defeated a motion for class certification in an action brought against General Nutrition Corporation (GNC) in the U.S. District Court for the Central District of California alleging violations of California Civil Code section 1747.08 (the Song-Beverly Credit Card Act).

The Song-Beverly Credit Card Act (the "Act") was intended to stop businesses from gathering and storing unnecessary personal information from their consumers. The California Legislature passed the Act to address two important privacy concerns. First, corporations were needlessly storing consumer information and using it for their own marketing purposes or selling the information to other marketers. Second, store clerks who obtained customers' personal information engaged in acts of harassment and violence.

Representative Matter

European association

Advice to a European association on processing of sensitive data (judicial data) in matter of inside betting.
Representative Matter

Food and beverage company

Advice to a food and beverage company on data transfers for an US discovery procedure.
Representative Matter

Regional tourism promotion institution

Coordinating national compliance (inside and outside the EU) and data transfer from the EU to the United States and Japan for a regional tourism promotion institution.
Representative Matter

Consultant company

Advising a consultant company on IT breach tests and audits.
Results 1-20 of 28
Results 1-25 of 51
Show All
Vassilis Akritidis
Partner
rue des Colonies 56 - box 3
1000 Brussels
Email
T: +32 2 629 42 53
F: +32 2 629 42 22
vCard
Evan Bayh Evan Bayh
Partner
2001 K Street N.W.
Suite 400
Washington, DC 20006-1040
Email
T: +1 202 828 2825
F: +1 202 828 3331
vCard
Kenneth D Bell Kenneth D. Bell
Partner
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146
Email
T: +1 704 373 4620
F: +1 704 373 8836
vCard
Robert Bittman Robert J. Bittman
Partner
2001 K Street N.W.
Suite 400
Washington, DC 20006-1040
Email
T: +1 202 857 2472
F: +1 202 828 2962
vCard
Caitlin Bradley Caitlin O. Bradley
Associate
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916
Email
T: +1 804 775 1126
F: +1 804 698 2031
vCard
Meggan Michelle Bushee Meggan Michelle Bushee
Associate
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146
Email
T: +1 704 343 2360
F: +1 704 805 5085
vCard
Michelle Calloway Michelle E. Calloway
Counsel
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916
Email
T: +1 804 775 7819
F: +1 804 698 2189
vCard
Kevin L. Denny
Associate
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146
Email
T: +1 704 373 8058
F: +1 704 353 6206
vCard
Mehboob R Dossa Mehboob R. Dossa
Partner
11 Pilgrim Street
London EC4V 6RN
United Kingdom
Email
T: +44 20 7632 1627
F: +44 20 7632 1638
vCard
Jasen Eige J. Jasen Eige
Partner
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916
Email
T: +1 804 775 1929
F: +1 804 775 1061
vCard
Shawna English Shawna J. English
Associate
EQT Plaza
625 Liberty Avenue
23rd Floor
Pittsburgh, PA 15222-3142
Email
T: +1 412 667 7922
F: +1 412 667 7972
vCard
Jason D Evans Jason D. Evans
Partner
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146
Email
T: +1 704 343 2050
F: +1 704 444 8774
vCard
Jennifer Farer Jennifer L. Farer
Partner
2001 K Street N.W.
Suite 400
Washington, DC 20006-1040
Email
T: +1 202 857 1708
F: +1 202 828 3336
vCard
Jeremy D Freeman Jeremy D. Freeman
Partner
1345 Avenue of the Americas
7th Floor
New York, NY 10105-0106
Email
T: +1 212 548 7008
F: +1 212 715 6269
vCard
Steve Gold Steve Gold
Partner
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818
Email
T: +1 312 321 7664
F: +1 312 698 4583
vCard
Larry R Goldstein Larry R. Goldstein
Senior Counsel
77 West Wacker Drive
Suite 4100
Chicago, IL 60601-1818
Email
T: +1 312 849 8216
F: +1 312 920 3692
vCard
David L Greenspan David L. Greenspan
Partner
1750 Tysons Boulevard
Suite 1800
Tysons, VA 22102-4215
Email
T: +1 703 712 5096
F: +1 703 712 5214
vCard
Louis Greenstein Louis D. Greenstein
Partner
2001 K Street N.W.
Suite 400
Washington, DC 20006-1040

1345 Avenue of the Americas
7th Floor
New York, NY 10105-0106
Email
T: +1 202 857 2415
F: +1 202 828 3310
vCard

T:+1 212 548 7068
F: +1 212 548 2150

A. Brooks Gresham
Partner
1800 Century Park East
8th Floor
Los Angeles, CA 90067-1501
Email
T: +1 310 315 8291
F: +1 310 956 3104
vCard
Mary Grob Mary K. Grob
Associate
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146
Email
T: +1 704 343 2274
F: +1 704 353 6204
vCard
Bo Harvey Bo Harvey
Associate
1800 Century Park East
8th Floor
Los Angeles, CA 90067-1501

1345 Avenue of the Americas
7th Floor
New York, NY 10105-0106
Email
T: +1 310 315 8293
F: +1 310 956 3162
vCard

T:+1 212 548 2188
F: +1 212 715 6261

Melanie Holloway Melanie C. Holloway
Counsel
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916
Email
T: +1 804 775 1019
F: +1 804 698 2027
vCard
Wen Hutchinson William O. L. Hutchinson
Partner
201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146
Email
T: +1 704 343 2008
F: +1 704 353 6219
vCard
Jerry W Kilgore Jerry W. Kilgore
Partner
Gateway Plaza
800 East Canal Street
Richmond, VA 23219-3916
Email
T: +1 804 775 1933
F: +1 804 775 1061
vCard
C. Andrew Konia C. Andrew Konia
Partner
1750 Tysons Boulevard
Suite 1800
Tysons, VA 22102-4215

201 North Tryon Street
Suite 3000
Charlotte, NC 28202-2146
Email
T: +1 703 712 5071
F: +1 704 444 8834
vCard

T:+1 704 343 2070
F: +1 704 444 8834

Results 1-20 of 31
Show All
Event

The Data Privacy and Security Puzzle: Do You Have All the Pieces?

Thursday, November 3, 2016
Chicago, IL
Speaking Engagement

Summer Course on European Data Protection

September 12-16, 2016
ERA Academy of European Law e-Learning Course
Event

HIPAA Webinar Series

March 30 & April 6, 2016
Complimentary Healthcare Webinars
Speaking Engagement

ITechLaw: International India Conference

How Technology is Changing the Digital Life, Lifestyle Business and the Underworld

January 27-29, 2016
Bangalore
Speaking Engagement

ITechLaw Asia-Pacific Conference

January 29, 2015
Bangalore
Speaking Engagement

Safeguarding the Right to Data Protection in the EU

The role of the national and European courts

October 30, 2014
Speaking Engagement

eCommerce Webinar Series 2014

Understanding and benefitting from the new EU rules for online retail

October 14, 2014
Event

Community Banking and Cyber Risk Management

Legal, Regulatory, Litigation and Insurance Issues

September 17, 2014
Chicago, IL
Speaking Engagement

Global E-commerce Summit 2014 Pre-Conference: e-Regulations & e-Privacy

June 16-18, 2014
Barcelona
Speaking Engagement

Operations & Technology Conference

May 13-14, 2014
Charlottesville, VA
Speaking Engagement

4th EPDP 2014: European Data Protection Days

May 12-13, 2014
Berlin
Speaking Engagement

IT Security - How Exposed are we to the Cyber Threat?

A seminar for Professional Service Providers

April 24, 2014
Brussels
Speaking Engagement

Annual Conference on Data Protection in the EU 2014

April 7 - 8, 2014
Brussels
Speaking Engagement

Annual Conference on European Data Protection Law 2013

November 18-19, 2013
Trier
Event

Community Bank Cyber-Law Forum

Legal, Regulatory and Insurance Issues

November 14, 2013
Charlotte, NC
Results 1-20 of 31
Results 1-20 of 212
Show All
Legal Alert

Better Late Than Never? Yahoo Reveals 500 Million Affected From 2014 Hack

Password Protected
September 23, 2016
Legal Alert

New York Proposes First-in-the-Nation Cybersecurity Requirements

Password Protected
September 22, 2016
Legal Alert

Start Hiring: 28,000 Data Protection Officers Needed by 2018

Password Protected
September 16, 2016
Legal Alert

Court Finds Spokeo Closes Door on TCPA Claim

August 25, 2016
Legal Alert

FFIEC Provides Banks with Guidance Following the SWIFT Hacks

Password Protected
August 22, 2016
Legal Alert

Dude, Where’s My Bitcoin?

Password Protected
August 17, 2016
Legal Alert

The Cost of Non-Compliance: LifeLock, Inc. Continues to Pay

Password Protected
August 5, 2016
Legal Alert

OCR Makes It Official: Ransomware Attacks Are HIPAA Breaches

Password Protected
July 26, 2016
Results 1-20 of 212