Data, Privacy & Security

Translate this page Share this page Print this page
Data, Privacy & Security Law Firm


Class Action
Corporate Governance
Crisis Management
First Amendment/Defamation
Government Advocacy &
Public Policy
Healthcare Litigation
Insurance Coverage/Recovery
National Security, Intelligence & Defense Industry
White Collar Defense & Government Investigations
Overview| People| Matters| News & Insights

King & Spalding’s Data, Privacy & Security Practice covers a broad range of legal issues relating to privacy and security faced by both web-based and traditional “bricks and mortar” businesses. Our Data, Privacy & Security Practice regularly advises clients regarding the myriad statutory and regulatory requirements businesses face when handling—either in gathering, managing, securing, transferring, sharing, selling or disposing of—personal and other sensitive information concerning individuals such as employees, consumers, customers, or patients, in the U.S. and globally. This often entails assisting clients in responding to data security breaches, complying with security breach notice laws, avoiding potential litigation arising out of internal and external data security breaches, and, as necessary, defending litigation—usually in the form of proposed class actions brought on behalf of those affected by the data compromise.

With more than 30 Data, Privacy & Security Practice lawyers in offices across the United States, Europe and the Middle East, King & Spalding is able to provide substantive expertise and collaborative support to clients across a wide spectrum of industries and jurisdictions facing privacy-based legal concerns. Applying a multidisciplinary approach to such issues, we bring together attorneys with backgrounds in corporate governance and transactions, healthcare, intellectual property rights, complex civil litigation, e-discovery, government investigations, government advocacy, and public policy.

Collectively, the members of King & Spalding’s Data, Privacy & Security Practice have unparalleled experience in areas ranging from providing regulatory compliance advice, to responding to security incidents, to interfacing with credit card processors and card brands, to engaging in complex civil litigation such as class actions, to handling both state and federal government investigations and enforcement actions, to advocating on behalf of our clients before the highest levels of state and federal government.

Areas of Expertise

  • Corporate Compliance Programs, including establishing information security and protection procedures and corporate information security and privacy policies.

  • Consumer Protection Laws, including (1) federal statutes that address privacy claims such as the Federal Trade Commission (FTC) Act, the Fair Credit Reporting Act (FCRA) and its Fair and Accurate Credit Transactions Act (FACTA) amendment, the Drivers Privacy Protection Act (DPPA), and the Telephone Consumer Protection Act (TCPA), and (2) state statutes such as security breach notice laws, state unfair and deceptive trade practices acts, and state-level analogs to the FCRA, TCPA, and similar federal statutes.

  • Healthcare Privacy Laws and Regulations, including the Health Insurance Portability and Accountability Act (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the corresponding privacy and security regulations adopted by the U.S. Department of Health and Human Services.

  • Financial Privacy and Bank Secrecy Laws and Regulations, including the Gramm-Leach-Bliley Act (GLBA), the Right to Financial Privacy Act (RFPA), the Bank Secrecy Act, and the PATRIOT Act.

  • Telecommunications Privacy Laws and Regulations, including Title III of the Omnibus Crime Control and Safe Streets Act (Title III), the Foreign Intelligence Surveillance Act (FISA), the Electronic Communications Privacy Act (ECPA), the Stored Wire and Electronic Communications Act, and the Telecommunications Act.

  • Employer Monitoring of Employees, including electronic and computer surveillance, background checks and other investigative methods.

  • Responding to Government Requests for PII or PHI, including search warrants, subpoenas, National Security Letters (NSLs), and other requests.

  • Cybersecurity and Computer Crime Issues, including the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Children's Online Privacy Protection Act, and the Unlawful Internet Gambling Enforcement Act.

  • Overseas and Trans-border Transfers of Information, including the EU Data Protection Directive and EU/US Safe Harbor arrangements.

  • Social Media Policies, including providing guidance on the use of social media both internal and external to the client and the risks of disclosure of confidential data, misuse of personal data, and damage to brand or reputation.

Phyllis B Sumner 
T: +1 404 572 4799 ATLANTA
J.C. Boggs 
T: +1 202 626 2383 WASHINGTON, D.C.
T: +1 650 422 6728 SILICON VALLEY
Barry Goheen 
T: +1 404 572 4618 ATLANTA
Robert M Keenan III (Rob) 
T: +1 404 572 3591 ATLANTA
Emma Maconick 
T: +1 650 422 6742 SILICON VALLEY
Meghan Magruder 
T: +1 404 572 2615 ATLANTA
Alla Y Naglis 
T: +7 495 228 8504 MOSCOW
Nicholas A Oldham 
T: +1 202 626 3740 WASHINGTON, D.C.

Areas of Specialty Flowchart

Join Our Mailing List
If you would like to be included on our Data, Privacy, & Security practice email list to receive notices of events and written updates, you can be added by submitting your contact information to