The frictionless flow of information is a defining feature of today’s information economy. The ability to transfer customer data, employee files, financial records, and other information around the globe quickly and cheaply has opened up a world of opportunity for many businesses. It also presents a new world of risks.

The potential for misuse of sensitive personal information has triggered legislative and regulatory action worldwide. The US has seen a groundswell of state and federal privacy legislation. The EU has adopted a myriad of rules and regulations, leading The Wall Street Journal to dub it the world’s “top privacy cop.”  Other commercially prominent nations are rushing to join the trend.

The risks are high. Privacy laws vary by jurisdiction, are interpreted unpredictably, and are in a constant state of flux. Even the most well-meaning, conscientious company can make a false step as it captures, uses, transfers and discloses personal information. The consequences can be serious and even devastating: heavy fines, injunctions, government audits, even criminal liability. Perhaps more importantly, companies that run afoul of privacy and data protection standards may suffer reputation-wrecking media attention and the immeasurable damage of lost consumer trust and confidence.

These risks have led a growing number of companies to turn to our global privacy group for help in adopting sound privacy practices, ensuring regulatory and legal compliance, and protecting their competitive advantage.

Our People
With over 65 practitioners, we have one of the largest and most experienced privacy practices in the world. Our global practice – expertise in offices in 20 cities in 14 countries – is backed by the resources of our global IP/IT and employment groups, with more than 150 lawyers worldwide.

White & Case is the only law firm member of the prestigious Ponemon Institute’s RIM Council. The US-based RIM (Responsible Information Management) Council is a group of Chief Privacy Officers, many from Fortune 100 companies, who meet and discuss topics of concern in the privacy arena. Our work with the Ponemon Institute gives us unique insight into the privacy and data protection concerns of our clients.

White & Case showcases its leadership in privacy and data protection law with an annual Global Privacy Symposium. Cosponsored by BNA’s Privacy & Security Law Report, the Symposium is often accompanied by a survey that typically examines the regulatory landscape of dozens of commercially prominent jurisdictions.

White & Case was named as one of twelve Leading American Law Firm privacy practices in a recent survey of 157 US-based corporate privacy officers published in the March 7, 2006 edition of Computerworld. 

Our Services
Privacy and data protection services we provide for our clients include:

• Privacy Audits. Our privacy audit offers a detailed analysis of how you collect, use, disclose and transfer personal information and provides advice on modifying your company’s policies and practices to ensure compliance in every applicable jurisdiction. We use an efficient, patent-pending methodology, developed through extensive experience, to review your practices in an expeditious and cost-effective fashion. We also have extensive experience working with local Data Protection Authorities (DPAs) to bring clients into compliance with DPA interpretations of local law.
• Cross-border Data Transfer. We advise major multinational companies in their efforts to export personal data from EU countries and other nations with cross-border restrictions under the Safe Harbor Principles, Standard Contractual Clauses, Binding Corporate Rules, and other available mechanisms.
• Data Security Breaches. We advise clients on their obligations under the numerous state security breach notification laws. Our advice has included suggestions on the best methods and content to use in communicating breach notification to affected individuals so as to minimize loss of customers.
• Employee Monitoring. We counsel clients on the bounds of permissible monitoring of employee use of company electronic systems (e-mail and the Internet), monitoring by video