Moore & Van Allen Law Firm, Attorneys

Privacy & Data Security

{ Banner Image }
Search Practice Areas
By Keyword

Corporate Member of the International Association of Privacy Professionals (IAPP)

Practice Contact(s)
Data Points
Related Practices

Privacy and data security issues impact every industry and affect almost all aspects of a company’s operations.  Sales, human resources, data maintenance and storage, IT, legal and compliance, even litigation, all require careful attention to protecting the privacy of personal information as well as preserving the integrity of company, customer or third party data.   

Moore & Van Allen recognizes the challenges businesses face from rapidly evolving laws and even more rapidly evolving technology in these areas.  We also recognize the special challenges imposed by government regulation of companies in specialized fields, such as finance, health care and energy.  To help our clients successfully navigate these challenges and manage their risk in these areas, we have put together a multi-disciplinary team of lawyers with deep experience in addressing data privacy and information security obligations and disputes in a variety of fields including  labor and employment, health care, finance, information technology, cross-border transactions and energy (to name just a few). 

 Our services include:

  • Data Breach:
    • Managing data breach investigations, reporting, and litigation
    • Negotiating contracts to manage data breach risks
    • Developing programs and providing advice and counsel regarding data security breaches, including applicable reporting requirements
  • Health Care:
    • Developing policies and procedures for compliance with HIPAA's privacy, security and breach notification requirements
    • Preparing HIPAA-related forms, including Notices of Privacy Practices
    • Providing advice with respect to HIPAA compliance and operation issues, such as the use and disclosure of protected health information for research and other purposes
    • Negotiating business associate agreements
    • Assisting with the investigation and response to possible breaches of unsecured protected health information
    • Responding to patient complaints and inquiries from the Office of Civil Rights
  • Cross Border:
    • Assisting in cross border transfers of data
    • Providing advice and counsel related to the EU Data Protection Directive
    • Preparing Bring Your Own Device ("BYOD") policies
  • Employment:
    • Defending and pursuing claims for invasion of privacy and trade secret misappropriation
    • Preparing policies and other guidance regarding privacy, social media, data protection, BYOD, and mobile device programs
    • Providing advice and counsel regarding compliance with GINA, ADAAA, drug testing statutes, the FCRA and other laws touching on privacy issues
  • Financial Privacy & Data Security:
    • Developing policies, notifications and contracts compliant with GLBA, FCRA, FACTA and PCI DSS
    • Providing comprehensive legal support for full range of financial privacy and data security matters
  • Energy & Utility Cybersecurity:
    • Developing policies, procedures and contracts compliant with NERC Critical Infrastructure Reliability ("CIP") standards, TSA Pipeline Security Guidelines and NIST Critical Infrastructure Framework
  • E-Commerce:
    • Providing advice and counsel related to data privacy and information security obligations for companies engaged in e-commerce

Representative team engagements include the following:

  • Developed BYOD and mobile device programs, policies and terms of use for Fortune 50 multinational corporations
  • Handled data breach investigation, reporting, notification, remediation, PCI compliance, and interaction with state Attorneys General, for numerous clients, including online retailers and service providers, financial institutions, public utilities, and others, covering U.S. and international customers

  • Assisted publicly-held public utilities companies in privacy and information security programs and system access management
  • Assisted multinational financial services company in establishing a global ethics program in compliance with foreign data privacy laws
  • Created record retention programs for national and regional healthcare, food manufacturing and distribution and manufacturing clients, including retention of data on electronic media
  • Defended claims of employee invasion of privacy
  • Pursued multiple claims against unauthorized accessing of computer information under the Computer Fraud and Abuse Act
  • Crafted social media and NLRB compliant nondisclosure agreements, policies and data protection programs
  • Pursued and defended numerous claims of trade secret misappropriation  
  • Developed HIPAA compliant privacy and security policies for health care and employee benefit clients
  • Investigated and advised on data breach matters involving potential violations of HIPAA and state privacy laws governing financial data, including assistance with required reporting to patients, the media, and applicable state and federal agencies and interaction with US DHHS Office for Civil Rights and state attorneys general.
  • Advised on HIPAA and other data privacy and security issues related to the negotiation of agreements with cloud service providers and other vendors who access and handle PHI and other personal and financial data
  • Advised health care providers on the permissible uses of health information for clinical research, including development of necessary patient authorizations and consents
  • Advised and assisted multiple clients in obtaining certification under, and complying with, US-EU Safe Harbor Framework
  • Provided advice and counsel to financial service firms, technology and software providers and manufacturing companies with their respective compliance obligations under the EU Data Privacy Directive
  • Assisted Fortune 50 client in managing state law data breach compliance obligations
  • Managed numerous client negotiations involving information security and data privacy contractual provisions
  • Advised and assisted financial service firms and their vendors in managing PCI data security standard compliance obligations


View All »


View All »


View All »