The frictionless flow of information is a defining feature of today's information economy. The ability to transfer customer data, employee files, financial records, and other information around the globe quickly and cheaply has opened up a world of opportunity for many businesses. It also presents a new world of risks.
The potential for misuse of sensitive personal information has triggered legislative and regulatory action worldwide. The US has seen a groundswell of state and federal privacy legislation. The EU has adopted a myriad of rules and regulations, leading The Wall Street Journal to dub it the world's "top privacy cop." Other commercially prominent nations are rushing to join the trend.
The risks are high. Privacy laws vary by jurisdiction, are interpreted unpredictably, and are in a constant state of flux. Even the most well-meaning, conscientious company can make a false step as it captures, uses, transfers and discloses personal information. The consequences can be serious and even devastating: heavy fines, injunctions, government audits, even criminal liability. Perhaps more importantly, companies that run afoul of privacy and data protection standards may suffer reputation-wrecking media attention and the immeasurable damage of lost consumer trust and confidence.
These risks have led a growing number of companies to turn to our global privacy group for help in adopting sound privacy practices, ensuring regulatory and legal compliance, and protecting their competitive advantage.
With over 65 practitioners, we have one of the largest and most experienced privacy practices in the world. Our global practice – expertise in offices in 20 cities in 14 countries – is backed by the resources of our global IP/IT and employment groups, with more than 150 lawyers worldwide.
White & Case is the only law firm member of the prestigious Ponemon Institute's RIM Council. The US-based RIM (Responsible Information Management) Council is a group of Chief Privacy Officers, many from Fortune 100 companies, who meet and discuss topics of concern in the privacy arena. Our work with the Ponemon Institute gives us unique insight into the privacy and data protection concerns of our clients.
Privacy and data protection services we provide for our clients include:
- Privacy Audits. Our privacy audit offers a detailed analysis of how you collect, use, disclose and transfer personal information and provides advice on modifying your company’s policies and practices to ensure compliance in every applicable jurisdiction. We use an efficient, patent-pending methodology, developed through extensive experience, to review your practices in an expeditious and cost-effective fashion. We also have extensive experience working with local Data Protection Authorities (DPAs) to bring clients into compliance with DPA interpretations of local law.
- Cross-border Data Transfer. We advise major multinational companies in their efforts to export personal data from EU countries and other nations with cross-border restrictions under the Safe Harbor Principles, Standard Contractual Clauses, Binding Corporate Rules, and other available mechanisms.
- Data Security Breaches. We advise clients on their obligations under the numerous state security breach notification laws. Our advice has included suggestions on the best methods and content to use in communicating breach notification to affected individuals so as to minimize loss of customers.
- Employee Monitoring. We counsel clients on the bounds of permissible monitoring of employee use of company electronic systems (e-mail and the Internet), monitoring by video, and similar matters, including steps that clients must take to be in a position to engage in such monitoring legally.
- Employee Privacy. We advise clients on the most appropriate method of protecting their employees’ personal data, including the implementation of whistle-blowing hotlines in compliance with European Union data protection law.
- Privacy Policies. We have developed and revised scores of online, off-line, and universal privacy policies for companies in a myriad of industries.
- Direct Marketing Policies. We advise clients on the data protection implications of direct marketing.
- Document Management Policies. We advise clients on the requirements imposed by various types of law (e.g., privacy, e-discovery, document retention) on documents from their creation through their destruction.
- Financial Privacy. We advise major banks on their compliance with the privacy provisions of the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and state financial privacy laws.
- Healthcare Privacy. We counsel healthcare companies on compliance obligations under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations.
- Privacy Litigation. In the event your business encounters litigation, or civil or criminal enforcement proceedings in privacy, our 500-lawyer global disputes team has substantial privacy litigation experience.