Home Home About Us Practice Areas Our Attorneys Press & Publications Events Diversity Pro-Bono Careers Advertising, Marketing & Promotions Benefits & Compensation Corporate Digital Media, Technology & Privacy Entertainment, Media & Sports Insolvency, Creditors’ Rights & Financial Products Intellectual Property Labor & Employment Litigation private client Services Real Estate Taxation
FOLLOW US:

Privacy and data security issues are no longer unique to companies that engage in business solely online; they are important for any organization that collects, processes, stores or discloses personally identifiable information and other forms of data. It is therefore critical that every organization observe proper data collection and use practices and maintain comprehensive data security procedures in light of new technologies, the evolving legal and regulatory landscape and the expectations of consumers and business partners. A failure to do so can expose an organization to liability to many different parties, or leave an organization holding valuable data which it is unable to use.

Davis & Gilbert has a vibrant and highly experienced privacy and data security practice that helps clients in an array of fields shape their data and security practices to both accomplish their business goals and comply with the myriad laws, regulations and guidelines relating to privacy and data protection. Our leading expertise in this area has earned Davis & Gilbert a ranking in The Legal 500 United States for the "Technology: Data Protection and Privacy" category for six consecutive years (2012-2017). Our proactive approach helps clients avoid pitfalls or unwanted attention, and ultimately save time and money on costly investigations and disputes. We regularly assist in the establishment of policies and procedures that address internal and external privacy and security concerns, in areas from marketing to human resources to regulated industries to information technology. However, when security incidents do arise or when data practices are challenged, we are well-equipped to assist clients, regardless of whether that entails an analysis of challenged practices, responding to security breaches or regulatory inquiries, crisis management, or acting as litigation counsel in privacy-related disputes.

THE DAVIS & GILBERT ADVANTAGE
Davis & Gilbert’s privacy and data security practice is complemented and strengthened by the firm’s leading position in the advertising, marketing and promotions space. A critical component to this industry has always been privacy and data security, and the firm has a long history of assisting clients with their most complex and sensitive privacy issues. As the interactive world began to evolve in the mid-1990s, Davis & Gilbert was leading the way representing some of the early innovators and establishing standards and practices for this nascent industry, and we continue to be on the leading edge. The combination of our broad and deep privacy and data security knowledge with our historic preeminent advertising, marketing and promotions expertise results in a unique combination of skills and allows us to provide a comprehensive, high level of service and practical experience to our clients.

Further, as consumers and business partners are ever more cognizant of privacy issues, having clear and consistent privacy practices can become a competitive advantage. Clients benefit from our recognition that privacy and data security is not only a legally required issue that must be addressed, but an area that reflects upon an organization's sophisticated approach to cutting-edge issues. In addition, when incidents, disputes, regulatory investigations or litigations do arise, it is important to have experienced and qualified counsel already engaged and ready to act in the client's best interests.

OUR CLIENTS
Attorneys in our privacy group advise clients in a wide range of industries, given the multi-disciplinary impact of privacy issues. Among the many clients we advise are interactive marketing companies who are on the forefront of some of the hottest privacy debates today, as well as many large, consumer-facing content providers, technology and computer software companies. We also advise companies in what might be considered more "traditional" industries, such as financial services, manufacturing and service industries. There are privacy and data security issues applicable to every industry.

OUR PRACTICE
Since privacy is a cross-disciplinary issue, our privacy practice group is multi-faceted and consists of attorneys spanning several other practices, including Benefits & Compensation; Technology, Digital Media & Privacy; Labor & Employment; and Litigation. Our diverse work keeps us at the forefront of new developments in each of these areas. Our group includes attorneys who are Certified Information Privacy Professionals (CIPP) and who regularly attend and speak at relevant conferences and events, including those sponsored by the International Association of Privacy Professionals (IAPP). Gary Kibel, a partner in our Privacy and Data Security Group, chairs an annual privacy and data security conference held by the New York City Bar Association and is a former co-chair of the New York IAPP KnowledgeNet.

REPRESENTATIVE ISSUES ADDRESSED ON BEHALF OF OUR CLIENTS INCLUDE:

Internal Privacy Practices, Policies, Data Usage and Training
  • Advise on legal requirements and best practices for data collection, data usage and data retention procedures.
  • Draft and review online privacy policies, and specifically analyze how these policies fit into the operational needs of a client, both now and in the future.
  • Draft, review and provide counsel regarding internal privacy and data security policies, including information security programs, security breach response plans and disaster recovery plans.
  • Provide onsite privacy training sessions for business and legal personnel on privacy, data protection, data security and best business practices.
  • Advise clients regarding permitted uses of data generated or acquired from a variety of platforms, products, services and third party sources.
Employment
  • Draft employee policies regarding information and technology usage.
  • Provide advice and counsel regarding privacy-related incidents in the workplace.
  • Assist clients with taking disciplinary steps or enforcement actions against employees who have made privacy-related violations.
  • Provide advice on hiring practices that impact employee privacy, including implementation of background checks and drug testing polices.
  • Provide advice regarding employee participation in social media activities and develop policies and practices to manage associated legal and business risks.
  • Provide advice regarding "bring your own device" and other company policies.
Contracts
  • Draft, revise and negotiate contracts with vendors who store, access or use a client's data, including co-location and managed hosting agreements, development services, storage vendors, analytics companies and telecom providers.
  • Draft, revise and negotiate contracts with customers of our clients who insist upon a certain level of security prior to entering into a business relationship.
Marketing and Advertising
  • Advise clients regarding all aspects of engaging in, or procuring services for, online behavioral advertising, including compliance with the Self-Regulatory Principles for Online Behavioral Advertising.
  • Assess and address privacy issues raised by the use of online data matching projects and technologies.
Compliance with Applicable Laws and Regulations
  • Advise on the development and operation of online services compliant with the Children's Online Privacy Protection Act (COPPA).
  • Develop policies and procedures to comply with the Massachusetts Standards for The Protection of Personal Information of Residents of the Commonwealth codified at 201 CMR 17:00 et seq.
  • Provide advice and counsel regarding an organization's Health Insurance Portability and Accountability Act (HIPAA) compliance efforts, both with respect to Protected Health Information it collects as a HIPAA covered entity and with respect to Protected Health Information it collects as a business associate of a HIPAA covered entity. Draft policies and procedures in respect of new HIPAA requirements added under the HITECH Act and advise on data security issues and train employees on HIPAA's requirements.
  • Advise clients who are, and/or provide services to, financial services companies regarding compliance with the privacy requirements of the Gramm-Leach-Bliley Act (GLB).
  • Keep clients abreast of the latest U.S. state and federal privacy laws applicable to their business.
  • Keep clients current on all new Federal Trade Commission (FTC) guidelines, regulations and enforcement actions, and any new interpretations, in connection with privacy-related issues.
  • Work closely with clients to certify, apply for and maintain compliance with the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks.
  • Work closely with EU, APEC and other international clients and foreign counsel to develop compliant practices for those engaged in business on a global scale.
  • Provide advice and counsel regarding compliance with standards from numerous self-regulatory organizations, including Digital Advertising Alliance, Network Advertising Initiative, Better Business Bureau and Payment Card Industry Data Security Standards (PCI-DSS).
Security Breaches and Audits
  • Rapidly respond to security breach incidents, including incident analysis, preparation of consumer notifications, preparation of regulatory filings, communications to business partners and analysis of and recommendations for remedial steps.
  • Assist with internal, client and third party privacy and security audits.
  • Engage and guide the work of computer forensic consulting firms.
  • Work with clients' public relations representatives to provide strategic responses to press inquiries in connection with security breaches.
Litigation
  • Lead counsel for privacy-related disputes, including multi-state and FTC regulatory investigations at all levels (including requests for information, civil investigative demands and consent orders), as well as class action and other civil litigation.
  • Work with clients' public relations representatives to provide strategic responses to press inquiries in connection with privacy-related investigations and lawsuits.
  • Manage electronic discovery requests on behalf of plaintiffs and defendants.
  • Work with forensic analysis companies to mine and analyze vast amounts of data.

Further, as consumers and business partners are ever more cognizant of privacy issues, having clear and consistent privacy practices can become a competitive advantage. Clients benefit from our recognition that privacy and data security is not only a legally required issue that must be addressed, but an area that reflects upon an organization's sophisticated approach to cutting-edge issues. In addition, when incidents, disputes, regulatory investigations or litigations do arise, it is important to have experienced and qualified counsel already engaged and ready to act in the client's best interests.

OUR CLIENTS
Attorneys in our privacy group advise clients in a wide range of industries, given the multi-disciplinary impact of privacy issues. Among the many clients we advise are interactive marketing companies who are on the forefront of some of the hottest privacy debates today, as well as many large, consumer-facing content providers, technology and computer software companies. We also advise companies in what might be considered more "traditional" industries, such as financial services, manufacturing and service industries. There are privacy and data security issues applicable to every industry.

OUR PRACTICE
Since privacy is a cross-disciplinary issue, our privacy practice group is multi-faceted and consists of attorneys spanning several other practices, including Benefits & Compensation; Technology, Digital Media & Privacy; Labor & Employment; and Litigation. Our diverse work keeps us at the forefront of new developments in each of these areas. Our group includes attorneys who are Certified Information Privacy Professionals (CIPP) and who regularly attend and speak at relevant conferences and events, including those sponsored by the International Association of Privacy Professionals (IAPP). Gary Kibel, a partner in our Privacy and Data Security Group, chairs an annual privacy and data security conference held by the New York City Bar Association and is a former co-chair of the New York IAPP KnowledgeNet.

REPRESENTATIVE ISSUES ADDRESSED ON BEHALF OF OUR CLIENTS INCLUDE:

Internal Privacy Practices, Policies, Data Usage and Training
  • Advise on legal requirements and best practices for data collection, data usage and data retention procedures.
  • Draft and review online privacy policies, and specifically analyze how these policies fit into the operational needs of a client, both now and in the future.
  • Draft, review and provide counsel regarding internal privacy and data security policies, including information security programs, security breach response plans and disaster recovery plans.
  • Provide onsite privacy training sessions for business and legal personnel on privacy, data protection, data security and best business practices.
  • Advise clients regarding permitted uses of data generated or acquired from a variety of platforms, products, services and third party sources.
Employment
  • Draft employee policies regarding information and technology usage.
  • Provide advice and counsel regarding privacy-related incidents in the workplace.
  • Assist clients with taking disciplinary steps or enforcement actions against employees who have made privacy-related violations.
  • Provide advice on hiring practices that impact employee privacy, including implementation of background checks and drug testing polices.
  • Provide advice regarding employee participation in social media activities and develop policies and practices to manage associated legal and business risks.
  • Provide advice regarding "bring your own device" and other company policies.
Contracts
  • Draft, revise and negotiate contracts with vendors who store, access or use a client's data, including co-location and managed hosting agreements, development services, storage vendors, analytics companies and telecom providers.
  • Draft, revise and negotiate contracts with customers of our clients who insist upon a certain level of security prior to entering into a business relationship.
Marketing and Advertising
  • Advise clients regarding all aspects of engaging in, or procuring services for, online behavioral advertising, including compliance with the Self-Regulatory Principles for Online Behavioral Advertising.
  • Assess and address privacy issues raised by the use of online data matching projects and technologies.
Compliance with Applicable Laws and Regulations
  • Advise on the development and operation of online services compliant with the Children's Online Privacy Protection Act (COPPA).
  • Develop policies and procedures to comply with the Massachusetts Standards for The Protection of Personal Information of Residents of the Commonwealth codified at 201 CMR 17:00 et seq.
  • Provide advice and counsel regarding an organization's Health Insurance Portability and Accountability Act (HIPAA) compliance efforts, both with respect to Protected Health Information it collects as a HIPAA covered entity and with respect to Protected Health Information it collects as a business associate of a HIPAA covered entity. Draft policies and procedures in respect of new HIPAA requirements added under the HITECH Act and advise on data security issues and train employees on HIPAA's requirements.
  • Advise clients who are, and/or provide services to, financial services companies regarding compliance with the privacy requirements of the Gramm-Leach-Bliley Act (GLB).
  • Keep clients abreast of the latest U.S. state and federal privacy laws applicable to their business.
  • Keep clients current on all new Federal Trade Commission (FTC) guidelines, regulations and enforcement actions, and any new interpretations, in connection with privacy-related issues.
  • Work closely with clients to certify, apply for and maintain compliance with the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks.
  • Work closely with EU, APEC and other international clients and foreign counsel to develop compliant practices for those engaged in business on a global scale.
  • Provide advice and counsel regarding compliance with standards from numerous self-regulatory organizations, including Digital Advertising Alliance, Network Advertising Initiative, Better Business Bureau and Payment Card Industry Data Security Standards (PCI-DSS).
Security Breaches and Audits
  • Rapidly respond to security breach incidents, including incident analysis, preparation of consumer notifications, preparation of regulatory filings, communications to business partners and analysis of and recommendations for remedial steps.
  • Assist with internal, client and third party privacy and security audits.
  • Engage and guide the work of computer forensic consulting firms.
  • Work with clients' public relations representatives to provide strategic responses to press inquiries in connection with security breaches.
Litigation
  • Lead counsel for privacy-related disputes, including multi-state and FTC regulatory investigations at all levels (including requests for information, civil investigative demands and consent orders), as well as class action and other civil litigation.
  • Work with clients' public relations representatives to provide strategic responses to press inquiries in connection with privacy-related investigations and lawsuits.
  • Manage electronic discovery requests on behalf of plaintiffs and defendants.
  • Work with forensic analysis companies to mine and analyze vast amounts of data.