Shipman & Goodwin’s Data Privacy and Protection Practice Group assists clients with the critical responsibility of securing data, complying with regulations for the proper use and disclosure of data and responding to breaches and other security incidents.
The firm’s Data Privacy and Protection Practice Group is led by attorneys who possess deep and wide-ranging national experience. Co-Chair William Roberts has advised clients in more than 100 national and international data breach matters and is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP). He has extensive experience with the specific privacy and security challenges faced by health care providers, insurance technology (“InsurTech”) firms and health care technology companies.
Co-Chair George Jepsen, former Connecticut Attorney General, and Perry Zinn Rowthorn, former Connecticut Deputy Attorney General vigorously pursued data privacy and protection matters as one of their priorities while serving as state officials. They also collaborated on the development of an innovative Privacy Task Force that became the Connecticut Privacy & Data Security Department, the first such department in a state attorney general’s office in the nation. (This department subsequently led nationwide multi-state investigations into the nation’s largest data breaches, resulting in sizeable settlements and working with industry to establish best practices and standards to protect the data of citizens and businesses.)
Our multi-disciplinary team of lawyers is experienced in all aspects of data privacy and protection and has a consistent record of representing leading companies in a variety of industries, including health care providers, insurers, technology firms, manufacturers and educational institutions as well as governmental and quasi-governmental entities.
We offer a comprehensive approach to counseling clients through prevention, compliance and crisis management.
Safeguarding Data. We counsel clients on all issues related to appropriately safeguarding data during collection, storage, maintenance and disposal. Our representation includes:
- Evaluating data privacy and protection risk profiles
- Developing strategies to build efficient privacy infrastructures
- Drafting and implementing company data privacy and protection policies
- Advising on retention, destruction and e-discovery of documentation
- Advising on employee records issues and employee use of email and social media tools
- Developing licensing and data-sharing agreements
Compliance. We work with clients to develop compliance programs to protect the confidentiality of data, which includes:
- Establishing compliance programs for early detection of privacy issues
- Establishing and maintaining compliance hotlines
- Complying with domestic and international data protection laws and privacy laws and regulations), including:
- HIPAA/HITECH
- Gramm-Leach-Bliley Act (GLB)
- Telephone Consumer Protection Act (TCPA)
- EU General Data Protection Regulation (GDPR)
- New York Department of Financial Services (DFS) Cybersecurity Regulation
- Children’s Online Privacy Protection Act (COPPA)
- Federal Trade Commission Act (FTCA)
- Providing training to privacy and security officers, staff and employees.
Data Breaches and Investigations. Our team has extensive experience handling all aspects of national and international data breach matters and other security incidents, including:
- Conducting whistleblower and internal investigations
- Guidance on conducting investigations and providing required notifications when a breach has occurred
- Providing representation during breach investigations before federal and state agencies, including the Department of Health & Human Services (HHS), the Office for Civil Rights (OCR), the Federal Trade Commission (FTC), state attorneys general and state departments of insurance
- Litigating privacy disputes in jurisdictions throughout the country.