Shipman & Goodwin’s Data Privacy and Protection Practice guides clients across sectors and jurisdictions through each step of the data privacy and protection lifecycle, from initial information collection, management, protection and disposal, through regulatory compliance, to post-breach responses, notifications and litigation. Our practice is national; we represent clients across the United States — from New England to Silicon Valley — as well as multinational corporations with a truly global footprint.
Our approach is proactive and comprehensive. We provide client-tailored guidance in the following:
Data Management and Protection. We counsel clients on all issues related to appropriately safeguarding data during collection, storage, maintenance and disposal, including:
- Data privacy and protection audits and risk profiles
- Strategies to build efficient privacy infrastructures
- Developing and documenting company data privacy and protection policies
- Retention, destruction and e-discovery of documentation
- Employee records
- Employee use of email and social media tools
- Licensing and data-sharing agreements
Regulatory Compliance. We work with clients to develop compliance programs to protect the confidentiality of data and spot potential issues, including the development and maintenance of compliance hotlines and training of privacy and security officers, as well as staff and employees. We also advise clients on the full spectrum of applicable privacy laws and regulations, including:
- HIPAA/HITECH
- Gramm-Leach-Bliley Act (GLB)
- Telephone Consumer Protection Act (TCPA)
- EU General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- New York Department of Financial Services (DFS) Cybersecurity Regulation
- Children’s Online Privacy Protection Act (COPPA)
- Federal Trade Commission Act (FTCA)
Data Breaches and Investigations. Our team has extensive experience handling all aspects of national and international data breach matters and other security incidents, including:
- Whistleblower and internal investigations
- Post-breach notifications
- Cooperation with federal and state agency investigations, including with the U.S. Department of Health & Human Services (HHS), the Office for Civil Rights (OCR), the Federal Trade Commission (FTC), state attorneys general and state departments of insurance
- Privacy litigation in federal and state courts
- Biometrics