Privacy & Data Protection
PRIVACY & DATA PROTECTION
More than ever before, companies are faced with data privacy issues. Many countries have enacted privacy and data protection laws and regulations that impact the creation, management, and transfer of information—particularly, sources of information that contain personal data. While these requirements vary greatly from jurisdiction to jurisdiction and from industry to industry, the global trend has been towards stricter enforcement and the imposition of increasingly severe penalties for violations.
Addressing these overlapping requirements requires adopting a risk management approach to precisely frame the purpose and means for the collection, processing, and transfer of personal data throughout the organization. To assist our clients in meeting these challenges, Nixon Peabody has a global team of lawyers with extensive experience developing defensible—and reasonable—approaches to comply with these varied requirements. Our attorneys are experienced in a wide range of data security, online security, and privacy issues and have an in-depth knowledge of the state, federal, and international laws and regulations that surround these issues.
Data privacy services
Our comprehensive services include: privacy, security, and data protection; records and information management; health care privacy and compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH); employee privacy and social media; consumer privacy; and data security/data breach response.
We have advised clients in the following areas:
- Developing written information security policies and procedures (WISPs) in compliance with the Massachusetts data regulations
- Developing approaches to comply with various U.S. and international privacy requirements, including safe harbor application
- Development of information privacy and security plans and policies
- Compliance with U.S. and industry-specific privacy and data protection regulations
- Development of HIPAA and HITECH policies, procedures, and employee awareness training
- Data breach response, remediation, and coordination
- Data breach litigation
- Data breach investigations by the U.S. Office for Civil Rights
- Data breach investigations by state regulatory authorities
- Guidance regarding the privacy and data protection implications associated with the deployment of communication and data storage technologies
- Audit and assessment of current data privacy and security policies and practices
- Website privacy policies
- Social media policies, practices, and procedures
Our team includes experienced corporate and transactional lawyers, HIPAA and HITECH professionals, and intellectual property, trial, and regulatory attorneys. Nixon Peabody attorneys are knowledgeable about state data security laws and frequently publish and lecture on data privacy and security and breach response. One of our attorneys is a Certified Information Privacy Professional. Drawing upon experience across multiple industries and traditional practices (such as health care, intellectual property, and labor and employment), we can provide service in the many different areas that involve privacy and data security issues including:
- Corporate information management governance
- Consumer privacy
- Employee privacy and social media in the workplace
- Data security/data breach response
- Health care privacy
- Managing e-discovery
- State data security issues: counseled clients in multiple states regarding individual state requirements
- Represented numerous companies with data breach responses
- Providing privacy and security strategy and response for numerous health care entities involved in the theft or loss of sensitive personal and health information of patients, including notification and interaction with federal and state authorities
- Representing numerous companies with data breaches, including a multistate retailer in connection with a data breach and a subsequent investigation by the Federal Trade Commission
- Counseled clients regarding (i) disclosure requirements under Massachusetts data breach law (M.G.L. c. 93H) and (ii) requisite components of comprehensive written information security policy (WISP) mandated by Massachusetts data security regulations (effective March 1, 2010)
- Provided privacy and security strategy and response for a large hospital involved in the theft of a laptop that contained sensitive personal and health information of patients
- Represented several national employers with data breaches involving stolen laptops
- Represented a large corporation in response to a hacking incident
- Represented numerous hospitals and health care providers in responses to breaches
- Represented various private colleges on data breaches and related issues
- Representing a records management company in federal court litigation over the loss of more than 1 million patient records that included protected health information
- Representing numerous clients in investigations by the Office for Civil Rights
- Representing a national medical device company with privacy and security issues
- Final HIPAA Omnibus Rule Expands Law's Impact on Firms
New Hampshire Business Review | May 3, 2013
Providence partner and leader of the firm’s Privacy & Data Protection group Linn Freedman and Manchester partner and leader of the firm’s Commercial Litigation practice Scott O’Connell co-authored this article discussing the final HIPAA Omnibus Rule, which implemented sweeping changes to the Health Insurance Portability and Accountability Act.
- 11th Circuit says HIPAA protections trump Florida law
Reuters | April 12, 2013
Leader of the firm’s Privacy & Data Protection group and the HIPAA Compliance group Linn Freedman discusses a Court of Appeals ruling finding that the patient privacy protections in the federal Health Insurance Portability and Accountability Act of 1996 trumped a 1987 Florida law that requires nursing homes to provide the records to a deceased resident's spouse, guardian or attorney.
- New HIPAA Rules Pose Challenges for Healthcare Industry
Reuters | March 18, 2013
Leader of the firm’s Privacy & Data Protection group and the HIPAA Compliance group Linn Freedman discusses the new Health Insurance Portability and Accountability Act (HIPAA) regulations announced by the Department of Health & Human Services. Click here to read the full article.