Sussman

Privacy & Data Security

We assist businesses and employers in meeting their privacy and data security obligations by drafting and updating privacy policies, privacy notices, terms of use, and document retention policies. We also prepare incident response plans, provide data security crisis response, and manage compliance with data breach notification laws. Our work includes the negotiation and review of vendor contracts, advice on cyber insurance coverage, and helping U.S.-based companies comply with the EU-US Privacy Shield, the EU's General Data Protection Regulation (GDPR), PIPEDA (Canada's Personal Information Protection and Electronic Documents Act), and other applicable regulations relating to cross-border transfers. 

Our litigators defend claims arising from data breach incidents and alleged violations of financial, telecommunications, media, and Internet privacy laws. We also assist clients in responding to government investigations, and litigate statutory and constitutional privacy rights in California. Our attorneys include a Certified Information Privacy Professional for the United States (CIPP/US) and a co-author of the Proskauer on Privacy treatise (published by PLI).

Representative Experience 

Drafting Document Retention and Destruction Policies
Our attorneys have drafted document retention and destruction policies for companies in a variety of industries, such as JetBlue, Occidental Petroleum, TheKnot.com and NBC Universal.

Insurance Coverage
Our attorneys have assisted with insurance coverage litigation relating to whether claims filed by data breach victims were covered under a company's general liability policy.

Drafting Privacy Policies
Any company collecting information through a website is subject to a variety of laws governing collection, use and storage of that information.  Our attorneys have drafted privacy policies for companies large and small—from giants such as AT&T and MasterCard, to family businesses.

Stored Communications Act
Our attorneys have defended an Internet Service Provider (ISP) against a class action in which the plaintiffs alleged that transient storage of information violated the Stored Communications Act.  The matter was settled.

CAN-SPAM Act
Assisted motion picture and television studio with CAN-SPAM Act compliance.  Of particular concern to the client was reconciling compliance obligations and required disclosures/opt-out with design preferences in a marketing campaign. 

Data Breach Notification, Investigation, and Litigation
Our attorneys have assisted massive multinational companies, as well as small family businesses, in identifying, investigating and responding to data breaches—whether the data pertains to one state or individuals across the country.  We've assisted in coordinating with credit reporting agencies in obtaining favorable rates for clients offering credit monitoring/freezes for potential breach victims.

Government Investigation (leaked data)
Most states require that businesses report data breaches to law enforcement authorities if such breaches affect over a certain number of people.  We have worked with clients in making the initial report within required timeframes, and then coordinating with law enforcement.

Computer Fraud and Abuse Act (CFAA)
Our attorneys recently sued a software company under the CFAA when that company apparently ransomed our client, a fulfillment warehouse, in order to extract payments to which the client contended the ransomer was not entitled.  The ordeal shut down our client's entire system until payment was made.  The matter was eventually resolved.

California Financial Information Privacy Act (Cal-FIPA)
All lenders or entities extending financing to California residents must comply with Cal-FIPA by making certain consumer disclosures.  We have assisted financial institutions, and others extending financing, in complying with this law.

Gramm-Leach-Bliley Act (GLBA)
Our attorneys have drafted comprehensive policies for financial institutions and members of the insurance industry (insurers and brokers).  GLBA is a federal law that requires covered entities to safeguard financial information, and often incorporates portions of applicable state laws.

Rulemaking
Our attorneys have sued the Federal Trade Commission (FTC) over a proposed privacy rule.  We won in the district court and, while appeal was pending, Congress changed the law to preclude the rule that the FTC was seeking to impose.


Return to Practice Area