Privacy

Overview

Achieving a balance between an entity’s need for use or disclosure of personal or confidential information with an individual’s or entity’s privacy rights and interests in an era of big data and high-powered analytics.

Big Data and Analytics

The utilization of “big data” and analytics technologies in systems and devices is here to stay and affects virtually everyone. Influencing decisions about who to hire/fire, who to promote, who to assign for a particular task, what/when/how much to buy and where to advertise, big data and analytics technologies require amassing large quantities of data, including data from and between devices. Despite the many benefits that can result, privacy objections flowing from concerns about the data collected, maintained and processed in the course of the analysis present challenges that have yet to be fully articulated, developed and regulated. We help clients to identify these issues and address the potential legal risks while maximizing available developing technologies and their emerging applications.

Monitoring and Surveillance of Customers, Employees and Others

GPS, radio frequency identification (RFID), spyware, biometrics, and other technologies and devices have propelled us to a brave new world, where our ability to view, record, transmit and store information about individuals’ activities and communications has been dramatically enhanced. In this environment, we advise clients and represent them in litigation on matters such as:

• Advice concerning the consumer protection, labor and other considerations affecting the ability to and legal risks associated with monitoring individuals’ information systems, telephone, internet and social media activity;
• Compliance with the Wiretap Act, Electronic Communications Privacy Act and the Stored Communications Act;
• Collection and use of medical information pertaining to patients, customers, employees and other individuals; and
• Surveillance of individuals through devices and technologies including, but not limited to GPS, RFID and spyware.

HIPAA Privacy and Security Compliance for Providers, Plans and Business Associates

HIPAA reaches well beyond your doctor’s office or health plan; it can apply to a wide range of entities in the health care industry, including businesses that service those entities such as software vendors, cloud service and data storage companies, medical device manufacturers, benefits brokers, law firms, accounting firms and others. We work with covered entities and business associates to achieve compliance, in areas such as:

• Writing policies and procedures to safeguard protected health information (PHI);
• Handling breaches of unsecured protected health information;
• Responding to complaints filed with the Department of Health and Human Services’ Office for Civil Rights;
• Training;
• Using and disclosing PHI in administrative and judicial proceedings; and
• Negotiating and drafting business associate agreements and data security agreements.

For more information about the HIPAA privacy and security rules and their application to wellness programs, please go to our practice page for Wellness Programs.

International/Cross Border Data Privacy Compliance

The patchwork of data privacy and security laws becomes even more complex when viewed globally as countries and groups of countries have adopted their own standards, principles and directives. We work in coordination with our International Employment Issues Practice Group and L&E Global affiliates to help clients address such challenges, including U.S./EU Safe Harbor compliance and cloud computing.

Records Access Management

Records pertaining to employees, patients, customers and others can be subject to a web of federal and state law requirements concerning access and retention requirements. We help companies navigate these requirements and develop strategies for efficient management of such records, including establishing protocols for appropriate access to and use of those records.

Leave of Absence Management

As companies struggle with the complex web of federal, state, and local leave and related laws, we work with the firm’s Disability, Leave and Health Management Practice Group to help clients deal with the highly sensitive personal data that is regularly at the heart of their decision making. This includes complying with confidentiality requirements under the ADA, FMLA and GINA, and ensuring the company’s third-party vendors are appropriately accessing, disclosing and safeguarding such information.

Background Checks, Workplace Searches and Investigations

We work with our Background Checks and Corporate Governance and Internal Investigations attorneys to help employers conduct background checks, searches and investigations appropriately to avoid violations under the Electronic Communications Privacy Act and the Stored Communications Act, as well as other attorney client privilege and employee privacy expectations and/or rights.

Strategies for Exchanges of Data in Mergers and Acquisitions

We advise clients on handling confidential and personal information in transactions and assist in negotiating and drafting data security agreements that apply over the course of the transaction.