Privacy & Data Protection

Many countries have enacted privacy and data protection laws and regulations that impact the creation, management, and transfer of information—particularly, sources of information that contain personal data. While these requirements vary greatly from jurisdiction to jurisdiction and from industry to industry, the global trend has been towards stricter enforcement and the imposition of increasingly severe penalties for violations.

Addressing these overlapping requirements requires adopting a risk management approach to precisely frame the purpose and means for the collection, processing, and transfer of personal data throughout the organization. This approach includes evaluating the legal qualification of the entities involved (data controller, data processor, data recipient) together with the data flow scheme, with a view to determining (i) whether the processing is acceptable as such from a legal perspective, (ii) the appropriate formalities in light of the purpose of the processing, and (iii) the obligations to be complied with (e.g., individuals’ information, data security/confidentiality, data transfer agreements).

To assist our clients in meeting these challenges, Nixon Peabody has a global team of lawyers with extensive experience developing defensible (and reasonable) approaches to comply with these varied requirements.

Our privacy and data protection services include:

  • Development of global compliance frameworks to assist in-house legal and privacy professionals assess international data protection and privacy risks
  • Guidance regarding compliance with specific international privacy and data protection regulations (e.g., EU Data Protection regulations, enacting regulations in individual member states)
  • Coordination/negotiation with individual data protection authorities
  • Development of the necessary forms of notice, rights of access, data transfer agreements, binding corporate rules, and data protection contact provisions needed to support a data protection program
  • Developing approaches that seek to balance the competing interests between compliance with international privacy and data protection regulations and the requirements associated with document disclosure and/or discovery orders in litigation matters and governmental investigations
  • Compliance with United States privacy and data protection regulations (e.g., COPPA, FTC requirements, data security regulations, data breach regulations) including industry-specific requirements (e.g., GLBA, HIPAA)
  • Guidance regarding the privacy and data protection implications associated with the deployment of communication and data storage technologies (e.g., centralized data centers, off-site data storage, third-party support services, cloud computing, Web 2.0 and social networking applications)
  • Partnering with leading data breach services providers to offer the full range of data breach response and remediation services
BostonChicagoLos AngelesLondonNew YorkParis
RochesterSan FranciscoShanghaiSilicon ValleyWashingtonAlbany
BuffaloLong IslandManchesterPalm Beach GardensProvidence

Disclaimer | Nixon Peabody International | © 2010 Nixon Peabody LLP
This website contains attorney advertising. Prior results do not guarantee a similar outcome.