Moore & Van Allen Law Firm, Attorneys

Privacy & Data Security

{ Banner Image }

Privacy and data security issues impact every industry and affect almost all aspects of a company’s operations. Sales, human resources, data maintenance and storage, IT, legal and compliance, even litigation, all require careful attention to protecting the privacy of personal information as well as preserving the integrity of company, customer or third party data.

Moore & Van Allen recognizes the challenges businesses face from rapidly evolving laws and even more rapidly evolving technology in these areas. We also recognize the special challenges imposed by government regulation of companies in specialized fields, such as finance, health care and energy. To help our clients successfully navigate these challenges and manage their risks in these areas, we have put together a multidisciplinary team of lawyers with deep experience in addressing data privacy and information security obligations and disputes in a variety of fields including labor and employment, health care, finance, information technology, cross-border transactions and energy (to name just a few).

 Our services include:

  • Data Breach:
    • Managing and handling data breach investigations, notices, reporting, and litigation
    • Working with law enforcement to pursue criminal action against hackers and botnet operators
    • Addressing and advising with respect to PCI-DSS issues in a data breach
    • Negotiating contracts to manage data breach risks
    • Developing programs and providing advice and counsel regarding data security breaches, including applicable reporting requirements
  • Health Care:
    • Developing policies and procedures for compliance with HIPAA's privacy, security and breach notification requirements
    • Preparing HIPAA-related forms, including Notices of Privacy Practices
    • Providing advice with respect to HIPAA compliance and operation issues, such as the use and disclosure of protected health information for research and other purposes
    • Negotiating business associate agreements
    • Assisting with the investigation and response to possible breaches of unsecured protected health information
  • Cross Border:
    • Defending against requests that infringe on data privacy restrictions
    • Assisting in cross border transfers of data
    • Managing cross border data breaches
    • Providing advice and counsel related to the EU Data Protection Directive and GDPR
    • Preparing Privacy Shield certifications
    • Preparing Bring Your Own Device ("BYOD") policies
  • Employment:
    • Defending and pursuing claims for invasion of privacy and trade secret misappropriation
    • Preparing policies and other guidance regarding privacy, social media, data protection, BYOD and mobile device programs, and employee monitoring
    • Providing advice and counsel regarding compliance with GINA, ADAAA, drug testing statutes, FCRA and other laws touching on privacy issues
  • Financial Privacy & Data Security:
    • Developing policies, notifications and contracts compliant with GLBA, FCRA, FACTA and PCI DSS
    • Providing comprehensive legal support for full range of financial privacy and data security matters
  • Energy & Utility Cybersecurity:
    • Developing policies, procedures and contracts compliant with NERC Critical Infrastructure Reliability ("CIP") standards, TSA Pipeline Security Guidelines and NIST Critical Infrastructure Framework
  • E-Commerce:
    • Providing advice and counsel related to data privacy and information security obligations for companies engaged in e-commerce

Representative team engagements include the following:

  • Developed BYOD and mobile device programs, policies and terms of use for Fortune 50 multinational corporations.
  • Handled data breach investigation, reporting, notification, remediation, PCI compliance, and interaction with state Attorneys General, for numerous clients, including online retailers and service providers, financial institutions, public utilities, and others, covering U.S. and international customers.
  • Lead counsel for Fortune Global 500 financial services firm’s response to global inquiries stemming from the largest data breach in history.
  • Negotiated with government authorities in multiple jurisdictions to allow for cross border productions without infringing on data privacy or bank secrecy restrictions.
  • Assisted publicly-held public utilities companies in privacy and information security programs and system access management.
  • Assisted multinational financial services company in establishing a global ethics program in compliance with foreign data privacy laws.
  • Negotiated cross border transfer agreements including EU model clauses.
  • Created record retention programs for national and regional healthcare, food manufacturing and distribution and manufacturing clients, including retention of data on electronic media.
  • Defended claims of employee invasion of privacy.
  • Pursued multiple claims against unauthorized accessing of computer information under the Computer Fraud and Abuse Act.
  • Crafted social media and NLRB compliant nondisclosure agreements, policies and data protection programs.
  • Pursued and defended numerous claims of trade secret misappropriation.
  • Developed HIPAA compliant privacy and security policies for health care and employee benefit clients.
  • Investigated and advised on data breach matters involving potential violations of HIPAA and state privacy laws governing financial data, including assistance with required reporting to patients, the media, and applicable state and federal agencies and interaction with US DHHS Office for Civil Rights and state attorneys general.
  • Advised on HIPAA and other data privacy and security issues related to the negotiation of agreements with cloud service providers and other vendors who access and handle PHI and other personal and financial data.
  • Represented major technology company in working with law enforcement to take down botnets affecting as many as 5 million computers in more than 90 countries.
  • Represented merchant payment processing company in investigating and responding to data breach investigation.
  • Represented regional consumer bank in structuring and negotiating cyber and data breach insurance policies.
  • Assisted client in contesting proposed PCI DSS fine.
  • Advised numerous clients with respect to PCI DSS compliance issues involving processing of card payments.
  • Assisted numerous clients in managing vendor compliance with privacy and information security laws and regulations.
  • Advised health care providers on the permissible uses of health information for clinical research, including development of necessary patient authorizations and consents.
  • Advised and assisted multiple clients in obtaining certification under, and complying with, US-EU Safe Harbor Framework and the US-EU Privacy Shield.
  • Provided advice and counsel to financial service firms, technology and software providers and manufacturing companies with their respective compliance obligations under the EU Data Privacy Directive.
  • Advised financial services company on preparing for GDPR.
  • Assisted Fortune 50 client in managing state law data breach compliance obligations.
  • Managed numerous client negotiations involving information security and data privacy contractual provisions.
  • Advised and assisted financial service firms and their vendors in managing PCI data security standard compliance obligations.