King & Spalding’s Data, Privacy & Security Practice covers a broad range of legal issues relating to privacy and security faced by both web-based and traditional “bricks and mortar” businesses. Our Data, Privacy & Security Practice regularly advises clients regarding the myriad statutory and regulatory requirements businesses face when handling—either in gathering, managing, securing, transferring, sharing, selling or disposing of—personal and other sensitive information concerning individuals such as employees, consumers, customers, or patients, in the U.S. and globally. This often entails assisting clients in responding to data security breaches, complying with security breach notice laws, avoiding potential litigation arising out of internal and external data security breaches, and, as necessary, defending litigation—usually in the form of proposed class actions brought on behalf of those affected by the data compromise.
With more than 30 Data, Privacy & Security Practice lawyers in offices across the United States, Europe and the Middle East, King & Spalding is able to provide substantive expertise and collaborative support to clients across a wide spectrum of industries and jurisdictions facing privacy-based legal concerns. Applying a multidisciplinary approach to such issues, we bring together attorneys with backgrounds in corporate governance and transactions, healthcare, intellectual property rights, complex civil litigation, e-discovery, government investigations, government advocacy, and public policy.
Collectively, the members of King & Spalding’s Data, Privacy & Security Practice have unparalleled experience in areas ranging from providing regulatory compliance advice, to responding to security incidents, to interfacing with credit card processors and card brands, to engaging in complex civil litigation such as class actions, to handling both state and federal government investigations and enforcement actions, to advocating on behalf of our clients before the highest levels of state and federal government.
Areas of Expertise
- Corporate Compliance Programs, including establishing information security and protection procedures and corporate information security and privacy policies.
- Consumer Protection Laws, including (1) federal statutes that address privacy claims such as the Federal Trade Commission (FTC) Act, the Fair Credit Reporting Act (FCRA) and its Fair and Accurate Credit Transactions Act (FACTA) amendment, the Drivers Privacy Protection Act (DPPA), and the Telephone Consumer Protection Act (TCPA), and (2) state statutes such as security breach notice laws, state unfair and deceptive trade practices acts, and state-level analogs to the FCRA, TCPA, and similar federal statutes.
- Healthcare Privacy Laws and Regulations, including the Health Insurance Portability and Accountability Act (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the corresponding privacy and security regulations adopted by the U.S. Department of Health and Human Services.
- Financial Privacy and Bank Secrecy Laws and Regulations, including the Gramm-Leach-Bliley Act (GLBA), the Right to Financial Privacy Act (RFPA), the Bank Secrecy Act, and the PATRIOT Act.
- Telecommunications Privacy Laws and Regulations, including Title III of the Omnibus Crime Control and Safe Streets Act (Title III), the Foreign Intelligence Surveillance Act (FISA), the Electronic Communications Privacy Act (ECPA), the Stored Wire and Electronic Communications Act, and the Telecommunications Act.
- Employer Monitoring of Employees, including electronic and computer surveillance, background checks and other investigative methods.
- Responding to Government Requests for PII or PHI, including search warrants, subpoenas, National Security Letters (NSLs), and other requests.
- Cybersecurity and Computer Crime Issues, including the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Children's Online Privacy Protection Act, and the Unlawful Internet Gambling Enforcement Act.
- Overseas and Trans-border Transfers of Information, including the EU Data Protection Directive and EU/US Safe Harbor arrangements.
- Social Media Policies, including providing guidance on the use of social media both internal and external to the client and the risks of disclosure of confidential data, misuse of personal data, and damage to brand or reputation.