The rapid proliferation of security threats, technology innovation, and privacy laws demand a legal team with deep and varied expertise. In the Privacy and Data Security practice at Manning Fulton, our attorneys represent diverse clients from a variety of industries, such as healthcare, technology, manufacturing and emerging growth companies.
Our team’s multidisciplinary experience allows us to identify trends and challenges across industries. We pride ourselves on taking a strategic and practical approach to effectuating compliance requirements and helping clients manage risk and we work to address all aspects of privacy and data security law, with areas of focus including:
- Data Security Breach Response and Cyber Risk: Our team confidently handles security incidents, guiding our clients through the response process from start to finish—assisting with the investigation process, including:
- Connecting clients with resources to conduct forensic analysis of data security incidents.
- Advising on notification obligations under state and federal law.
- Arranging notification to affected individuals and regulators.
- Providing assistance with setting up call centers and credit monitoring services.
- Responding to inquiries from state and federal regulators.
- Assisting with post-breach remediation and updates to policies and procedures.
- Healthcare: We frequently counsel clients in the healthcare industry on HIPAA privacy and security compliance, including:
- Whether and when HIPAA applies.
- Technology implementation such as Electronic Medical Records (EMRs), Healthcare Information Exchanges (HIEs), and patient portals.
- Data analytics and leveraging third-party data sources.
- Patient outreach initiatives such as text messaging.
Our expertise allows us to address not only primary regulatory matters, but also emerging compliance concerns arising from FTC and state Attorney Generals’ enforcement, litigation risks surrounding data breach and text messaging, and cybersecurity risks such as ransomware and phishing.
- Mobile and Online Privacy: Our attorneys work with clients to navigate the procession of requirements that pose challenges for mobile applications, websites, social media, digital advertising models, Software-as-a-Service (SaaS) offerings, and similar technology platforms that leverage personal information and user-generated content to deliver services and enhance user experience. These challenges include:
- Location tracking limitations.
- Online behavioral advertising guidelines.
- Statutes compelling privacy representations.
- State laws limiting employer access to social media accounts.
- Specific regulatory regimes like California’s Online Privacy Protection Act (COPPA).
- Technology Implementation and Complex Transactional Matters: Increasingly, business deals are driven by data and analytics. Understanding whether the data is actually usable in a legal sense, and whether the analytics model is compliant with applicable law, can be a material issue in these transactions. Our attorneys assist clients in seeking or responding to due diligence requests and negotiate appropriate representations and contractual terms. We also regularly deal with service provider engagements where a vendor will be entrusted with sensitive information and negotiation of appropriate contractual protections become a key part of the transaction. Our suite of services also includes assistance with the compliance aspects of complex technology implementation, such as cloud computing implementation, as a natural extension of transactional work.
- Workplace Privacy: Our experienced attorneys frequently advise businesses on workplace privacy regulations and requirements, including monitoring of employee communications, Internet and information systems use, and location.
- International: We help our clients develop a practical and strategic approach to compliance with international privacy and data security law, including advising on the current European Data Protection Directives, the new EU General Data Protection Regulation, Privacy Shield implementation, and EU-US data transfer requirements.