Overview
Privacy and data security issues impact every industry and affect almost all aspects of a company’s operations. Sales, human resources, data maintenance and storage, IT, legal and compliance, even litigation, all require careful attention to the protection of personal and business information.
We recognize the challenges businesses face from rapidly evolving laws and even more rapidly evolving technology in these areas. We also recognize the special challenges imposed by government regulation of companies in specialized fields, such as finance, e-commerce and health care. To help our clients successfully navigate these challenges and manage their risks in these areas, we have put together a multi-disciplinary team of lawyers with deep experience in addressing data privacy and information security obligations and disputes in a variety of fields.
Artificial Intelligence (AI)
MVA’s PDS team has addressed issues in the AI space long before ChatGPT. We continue to closely track burgeoning challenges and regulation in this area. Representative work includes:- Advice and counseling regarding compliance with government regulation and guidance on artificial intelligence
- Drafting and negotiating vendor contracts to address AI products and use of client data for training AI
- Addressing AI in employment including compliance with the Illinois Video Interview Act, NYC Local Law No. 144, and EEOC guidance
- Advice to financial institutions on matters related to compliance with laws, regulations and regulatory guidance related to the use of AI tools in their operations
- Drafting privacy policies and data protection addendums under US state and international privacy laws limiting automated decision-making
Cross Border Business & Data Transfer
Some of the most significant challenges to a U.S. business arise not from U.S. laws, but from the laws of foreign countries where the business operates, has employees, or markets its products. We help companies navigate these challenges by determining the applicability and requirements of these laws and keeping an eye on how trends can impact our clients’ operations and plans. Representative work includes:
- Defending against litigation or government information requests that infringe on data privacy restrictions in other countries
- Assisting in and recommending best options for the cross border transfers of data
- Managing cross border data breaches
- Providing advice and counsel related to the EU General Data Protection Regulation and e-Privacy directive, and other foreign data protection laws
- Preparing notices, consents, data processing addendums, privacy policies and related documents under foreign data privacy regulations
Data Breach Prevention & Response Management
We recognize that no business is immune from a possible data breach, and we help clients plan for, test, evaluate, respond to, and recover from data breaches. Over the years we have developed strong relationships with forensic firms and other experts to ensure prompt and effective data breach response and mitigation. Our work includes:
- Managing and handling data breach investigations, notices, and reporting
- Working with law enforcement to pursue criminal action against hackers and botnet operators
- Addressing and advising with respect to PCI-DSS issues in a data breach
- Negotiating contracts to manage data breach risks
- Developing programs and providing advice and counsel regarding data security breaches, including applicable reporting requirements
- Addressing cyber insurance coverage issues
e-Commerce
We recognize that online advertising and sales are paramount for many businesses, and we help our clients stay compliant with regulations and challenges unique to this space. Our work includes:
- Providing advice and counsel related to data privacy and information security obligations for companies engaged in e-commerce
- Drafting online privacy policies and terms of use
- Advising regarding cookie regulations and management, third party advertising, and cross device tracking
- Assisting with PCI-DSS compliance
- Advice regarding data aggregation
- Negotiating e-commerce vendor agreements
Employment, Trade Secrets & BYOD Policies
From applicants to reasonable accommodations, we help employers navigate an array of laws and regulations limiting the use and disclosure of employee data and requiring notice to applicants and employees regarding the collection and processing of their data. We also assist international employers with cross border transfers of employment related information, and are experienced with protecting business and customer data through strong security, telework, and BYOD policies and programs. Examples of our work include:
- Defending and pursuing claims for invasion of privacy and trade secret misappropriation
- Preparing policies and other guidance regarding privacy, social media, data protection, BYOD and mobile device programs, and employee monitoring
- Providing advice and counsel regarding compliance with GINA, ADAAA, drug testing statutes, FCRA and other laws imposing privacy obligations on employers
- Preparing consents and notices related to the processing of employee data, including requirements under the CCPA, GDPR, drug testing, and other statutes
- Advice regarding employee monitoring and compliance with laws requiring notice
- Pursuing claims related to unlawful recording of workplace conversations and computer trespass by employees
Financial Privacy & Data Security Compliance & Monitoring
- Developing policies, notifications compliant with GLBA, FCRA, FACTA, PCI DSS, NY DFS, CCPA and various other state laws and regulations
- Contract and vendor management to comply with GLBA, FCRA, FACTA, PCI DSS, NY DFS, CCPA and various other state laws and regulations
- Providing comprehensive legal support for full range of financial privacy and data security matters
Health Care & HIPAA Compliance
Our team provides advice and counseling regarding HIPAA and other state and federal laws governing the privacy and security of patient data. Examples include:
- Development of policies to comply with HIPAA’s privacy and security requirements and advice regarding ongoing day-to-day HIPAA compliance
- Investigating possible breaches and coordinating notices to affected individuals, the media and the Office for Civil Rights
- Negotiation of health care technology and cloud service agreements, including related business associate agreements
- Diligence related to data privacy and security issues in health care transactions
Litigation
We are adept at handling privacy issues in court. Our litigation experience includes:
- Defending Telephone Consumer Privacy Act (TCPA) putative class actions
- Defending claims arising out of wire fraud and business email compromises (BECs)
- Protection of company data through Computer Fraud and Abuse Act (CFAA), computer trespass and trade secret litigation
- Working with law enforcement to pursue criminal action against hackers and botnet operators
- Defending cases involving employee privacy issues
- Pursuing John Doe actions regarding improper social media postings and regarding interference with Google Ads accounts
- Addressing special issues in litigation pertaining to protected PII and PHI
Marketing & Advertising
We help clients pursue their marketing goals while staying compliant with state, federal, and international laws. Our work includes:
- Advice and planning regarding TCPA, CAN-SPAM and state law requirements for email, texting and telephone solicitations
- Drafting and negotiating email service provider contracts and service level agreements
- Guidance and drafting regarding cookie compliance and management
- Advice and drafting regarding online contests
- Advice regarding compliance with data privacy laws in connection with data analytics and sales of consumer data
Public Records/FOIA Requests
We help our clients who contract with government entities protect their information from public record access requests. When needed by our clients, we pursue access to data held by the government. Our work includes:
- Pursuing objections under FOIA and state law to third party requests for competitive, personnel or client data
- Making and defending public records access requests
Representative Work
Representative Work
- Developed BYOD and mobile device programs, policies and terms of use for Fortune 50 multinational corporations
- Handled data breach investigation, reporting, notification, remediation, PCI compliance, and interaction with state Attorneys General for numerous clients (including online retailers and service providers, financial institutions, public utilities, and others)
- Lead counsel for Fortune Global 500 financial services firm’s response to global inquiries stemming from the largest data breach in history
- Negotiated with government authorities in multiple jurisdictions to allow for cross border productions without infringing on data privacy or bank secrecy restrictions
- Assisted publicly-held public utilities companies in privacy and information security programs and system access management
- Assisted multinational financial services company in establishing a global ethics program in compliance with foreign data privacy laws
- Negotiated cross border transfer agreements including EU model clauses
- Created record retention programs for national and regional healthcare, food manufacturing and distribution and manufacturing clients, including retention of data on electronic media
- Defended claims of employee invasion of privacy
- Pursued multiple claims against unauthorized accessing of computer information under the Computer Fraud and Abuse Act
Read More
- Crafted social media and NLRB compliant nondisclosure agreements, policies and data protection programs
- Developed HIPAA compliant privacy and security policies for health care and employee benefit clients
- Investigated and advised on data breach matters involving potential violations of HIPAA and state privacy laws governing financial data, including assistance with required reporting to patients, the media, and applicable state and federal agencies and interaction with US DHHS Office for Civil Rights and state attorneys general
- Advised on HIPAA and other data privacy and security issues related to the negotiation of agreements with cloud service providers and other vendors who access and handle PHI and other personal and financial data
- Represented major technology company in working with law enforcement to take down botnets affecting as many as 5 million computers in more than 90 countries
- Represented merchant payment processing company in investigating and responding to data breach investigation
- Represented regional consumer bank in structuring and negotiating cyber and data breach insurance policies
- Assisted client in contesting proposed PCI DSS fine
- Advised numerous clients with respect to PCI DSS compliance issues involving processing of card payments
- Assisted numerous clients in managing vendor compliance with privacy and information security laws and regulations
- Advised and assisted multiple clients in obtaining certification under, and complying with, US-EU Safe Harbor Framework and the US-EU Privacy Shield
- Advised large, multinational public company on development of GDPR policy
- Assisted Fortune 50 client in managing state law data breach compliance obligations
- Managed numerous client negotiations involving information security and data privacy contractual provisions
News
News
Insights
Blogs and Resources
Alerts
Blog Posts
People
People
- Co-head of Privacy & Data Security, Employment & Labor, and Litigation
- Co-head of Intellectual Property; Co-head of Commercial & Technology Transactions