Privacy & Security
Arent Fox is on the cutting edge of privacy laws and has experience assisting clients with all aspects of privacy and data security. For example, we routinely assist companies with the development of an internal security protocol that meets the requirements of the applicable state and federal laws. In this regard, our practice groups have helped companies comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, the Gramm-Leach-Bliley Act (GLB), and the Children’s Online Privacy Protection Act (COPPA), as well as the Payment Card Industry Data Security Standard (PCI DSS) and related payment laws.
Our lawyers also routinely advise companies about online privacy, including providing advice on notification and consent, and when an opt-in is necessary, or merely suggested. In this capacity, we work with small and large businesses on their social media marketing to help them comply with all applicable rules, guidelines, and laws.
Finally, our team has notable experience with managing a reaction to a data breach, having been part of the response to one of the largest known data breach incidents. In this capacity, we assist with all aspects of the breach, including the consumer, regulator, and payment card industry notification procedures, and the compliance and protocol development after the incident.
Last month, the SEC announced the creation of a new “Cyber Unit” within the Enforcement Division to target misconduct related to cybersecurity. The unit is being created in conjunction with internal SEC initiatives to strengthen cybersecurity in the wake of the agency’s infamous data breach last year.
The latest question in privacy law is not what’s in a name (or IP address, PHI, TV viewing activity, etc.), but what’s on a face. Consumers are becoming increasingly concerned with how companies are using their biometric information such as facial, fingerprint, and iris information. In one closely watched case, photo sharing website Shutterfly faces allegations that it violated consumer privacy by collecting facial scans without consent.
Just as the Sword in the Stone could only be used by its rightful owner, the Privacy Shield can only be claimed by the rightfully certified entities. If not, false representations may stir Federal Trade Commission action. The FTC recently announced their first enforcement actions involving the EU-US Privacy Shield framework, settling complaints with three US companies.
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.