King & Spalding's Privacy & Information Security Practice covers a broad range of legal issues relating to privacy and compliance faced by both web-based and traditional “bricks and mortar” businesses. Our Privacy & Information Security Practice regularly advises clients and engages in litigation regarding the myriad statutory and regulatory requirements businesses face when handling — either in gathering, managing, securing, transferring, sharing, selling or disposing of — personal and other information on individuals such as employees, consumers, customers or business competitors. This has often entailed assisting clients in responding to data security breaches, complying with security breach notice laws and avoiding potential litigation arising out of internal and external data security breaches.
With more than 880 lawyers in offices across the United States, Europe and the Middle East, King & Spalding is able to provide substantive expertise and collaborative support to clients across a wide spectrum of industries and jurisdictions facing privacy-based legal concerns. Applying a multidisciplinary approach to such issues, we bring together attorneys with backgrounds in corporate and transactional law, intellectual property rights, complex civil litigation, government investigations and government advocacy and public policy.
Collectively, the members of King & Spalding’s Privacy & Information Security Practice have unparalleled experience in areas ranging from providing regulatory compliance advice, to engaging in complex civil litigation such as class actions, to handling both state and federal government investigations and enforcement actions, to advocating on behalf of our clients before the highest levels of state and federal government.
Areas of Expertise
- Corporate Compliance Programs, including establishing information security and protection procedures and corporate privacy polices.
- Consumer Protection Laws, including security breach notice laws, the Federal Trade Commission (FTC) Act, state Unfair and Deceptive Trade Practices Acts, the Fair Credit Reporting Act (FCRA), state level FCRA analogs, the Fair and Accurate Credit Transaction Act (FACTA) and the Drivers Privacy Protection Act (DPPA).
- Healthcare privacy laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the corresponding privacy and security regulations adopted by the U.S. Department of Health and Human Services.
- Financial privacy and bank secrecy laws and regulations, including the Gramm-Leach-Bliley Act (GLBA), the Right to Financial Privacy Act (RFPA), the Bank Secrecy Act and the PATRIOT Act.
- Telecommunications privacy laws and regulations, including Title III of the Omnibus Crime Control and Safe Streets Act (Title III), the Foreign Intelligence Surveillance Act (FISA), the Electronic Communications Privacy Act (ECPA), the Stored Wire and Electronic Communications Act and the Telecommunications Act.
- Employer monitoring of employees, including electronic and computer surveillance, background checks and other investigative methods.
- Responding to government requests for personal and other information, including search warrants, subpoenas, National Security Letters (NSLs) and other requests regarding the corporation, its employees, its customers or members of the public at large.
- Cyberlaw and computer crime issues, including the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Children’s Online Privacy Protection Act and the Unlawful Internet Gambling Enforcement Act.
- Overseas activities and trans-border transfers of information, including the EU Data Protection Directive and EU/US Safe Harbor arrangements.
