Privacy Practice Group


PRACTICE AREA ATTORNEYS
KHIZAR SHEIKH (Chair)
RICHARD I. SIMON
JON FALLON
More specifically, our Privacy, Cybersecurity & Information Management Group assists clients with the following:
  • Conducting initial risk assessments and privacy impact assessments for clients and their third party vendors.
  • Drafting policies, disclosures, and procedures that govern the collection, use, storage, and disposal of sensitive data and use of technology;
  • Drafting and implementing privacy and security compliance plans around:
    • HIPAA & HITECH
    • FTC Breach Notification Rule
    • The Gramm-Leach-Bliley Act (“GLBA”)
    • The Children’s Online Privacy & Protection Act (“COPPA”)
    • The Telephone Consumer Protection Act (“TCPA”)
    • The Fair Credit Reporting Act (“FCRA”) and the Fair & Accurate Credit Transactions Act (“FACTA”)
    • Data Breach Statutes
    • PCI-DSS and PA-DSS
    • State-specific privacy laws
    • European Union Directive 95/46/EC
    • Workplace privacy issues
    • International data transfer
    • Social Media
    • Bring Your Own Device (“BYOD”)
  • Training our client’s employees and partners about their obligations and best practices.
  • Reviewing and preparing contracts and releases with third-parties to ensure compliance and limit liability:
    • Domestic and international data protection agreements with vendors and suppliers
    • Outsourcing agreements
    • Cloud computing agreements
    • Non-disclosure and non-compete agreements addressing the protection of confidential information
    • E-commerce and internet contracts
    • Electronic health record contracts
  • Handling data breaches and privacy complaints.
  • Assisting our clients during M&A transactions with privacy due diligence.
  • Representing clients during privacy-related matters before federal and state courts, administrative agencies, and professional boards.
  • Responding to subpoenas and law enforcement inquiries.
  • Seeking restraining orders and injunctions to prohibit unauthorized use of client confidential information.
  • Managing eDiscovery & data governance.
  • Advising clients on cyberinsurance policies and other applicable insurance policies.

Privacy, Cybersecurity & Information Management Group

The concept and importance of privacy is not new. For centuries, our sensitive personal and business information has been guarded against disclosure by our federal and state constitutions; laws regarding invasion of privacy, misappropriation, and breach of confidentiality; and laws protecting intellectual property such as trade secrets, copyrights, trademarks, and patents.

Today, as more sensitive and critical information and data is collected, stored, used, and disclosed electronically, the risks have changed for organizations that touch personal, health, financial, trade secret, and other sensitive information in their domestic and international business operations. An increasingly overlapping system of international, federal, and state statutes, administrative regulations, common law, and evolving cybersecurity industry standards present new compliance challenges, and also increased risks of potential civil and regulatory liability, financial penalties, and reputational harm.

At MSLD, we have a dedicated team of attorneys that help clients implement best practices in privacy and data security. Our Privacy, Cybersecurity & Information Management Group works closely with clients to evaluate their data uses and practices and help them achieve their business goals while reducing their risk of data breach or data misuse, whether through intentional misconduct, employee negligence, or vendor breach. The Group’s practice is interdisciplinary with attorneys drawn from our corporate, health, litigation, employment, intellectual property, and eDiscovery practice areas.