Data Protection and Information Security REGULATORY AND GOVERNMENT AFFAIRS

In our online world, we encounter data protection/privacy and information security issues constantly. The Treaty of Lisbon has now enshrined the right to the protection of personal data among the principles on which the European Union (EU) is based. WilmerHale has one of the world's premier privacy, data protection and data security practices and has been advising on data protection issues since the earliest legislative proposals for an overarching EU-wide privacy regime were made. More information on our global Cybersecurity, Privacy and Communications Practice can be found here.

We help clients navigate the thorny issues often raised by the interplay of commercial objectives, compliance needs and data protection and data security laws. Our interdisciplinary team is comprised of lawyers with a broad mix of regulatory, counseling, litigation and transactional expertise.

Our lawyers work on privacy, data protection and data security issues with clients across all sectors of the economy, including e-commerce operators and vendors, communications and media companies, financial institutions, pharmaceutical companies and health care providers, retailers and human resource companies. These companies come to us for help navigating their most difficult domestic and cross-border privacy issues. We have helped clients across the globe develop company-wide privacy, data protection and security compliance strategies; conduct security breach and other sensitive investigations; address cutting edge law enforcement issues; litigate issues of first impression; and navigate various legal regimes in Europe, the US and Asia.

Where our practice particularly stands out is our ability to martial lawyers in all relevant jurisdictions with an array of skill sets and knowledge to address a client's privacy issue, so that all aspects can be handled by a coordinated team.

In our online world, we encounter data protection/privacy and information security issues constantly. The Treaty of Lisbon has now enshrined the right to the protection of personal data among the principles on which the European Union (EU) is based. WilmerHale has one of the world's premier privacy, data protection and data security practices and has been advising on data protection issues since the earliest legislative proposals for an overarching EU-wide privacy regime were made. More information on our global Cybersecurity, Privacy and Communications Practice can be found here.

We help clients navigate the thorny issues often raised by the interplay of commercial objectives, compliance needs and data protection and data security laws. Our interdisciplinary team is comprised of lawyers with a broad mix of regulatory, counseling, litigation and transactional expertise.

Read More

Contacts

Sort By
Duvernoy, Christian

Christian Duvernoy

Partner-in-Charge, Brussels Office

+32 2 285 49 06 (t)

christian.duvernoy@wilmerhale.com

Braun, Martin

Dr. Martin Braun

Partner

+49 69 27 10 78 207 (t)

martin.braun@wilmerhale.com

Braun, Martin

Dr. Martin Braun

Partner

+49 69 27 10 78 207 (t)

martin.braun@wilmerhale.com

Hurewitz, Barry J.

Barry J. Hurewitz

Partner

+1 202 663 6089 (t)

barry.hurewitz@wilmerhale.com

Seyfarth, Martin

Martin Seyfarth

Partner

+49 30 20 22 64 30 (t)

martin.seyfarth@wilmerhale.com

Zachary, Heather

Heather Zachary

Partner

+1 202 663 6794 (t)

heather.zachary@wilmerhale.com

Vallery_Anne.jpg

Anne Vallery

Special Counsel

+32 2 285 49 58 (t)

anne.vallery@wilmerhale.com

David, Christopher

Christopher David

Counsel

+44 (0)20 7872 1015 (t)

christopher.david@wilmerhale.com

Freya Baetens

Prof. Dr. Freya Baetens

Consultant

+32 2 285 49 32 (t)

freya.baetens@wilmerhale.com

Experience

Cross-Border Data Transfers and International Data Protection/Privacy Laws

Our team is recognized for its understanding of international data protection regimes and for its ability to craft practical solutions to transborder data flow issues. We frequently advise on international e-commerce laws and cross-border data protection issues such as compliance with the data protection regime in the EU. Recent matters include:

  • Working with various multinational businesses to develop privacy and security programs to comply with cross-border EU data protection requirements for transfer of customer and employee data and to obtain Safe Harbor certifications.
  • Developing data security programs to support offshore outsourcing of various data processing activities and setting up appropriate legal regimes and data flows in domestic outsourcing arrangements.
  • Advising various clients on compliance with European data protection rules in connection with marketing strategies, licensing agreements, enforcement of corporate compliance rules (including cross-border whistle-blowing policies) and data retention issues.
  • Advising clients on compliance with EU privacy and data protection rules included in sector-specific regulation (e.g., in the telecommunications sector).
  • Dealing with EU restrictions on the transfer of personal data in the context of US pretrial discovery and advising clients on how to prepare for litigation in the US in general by setting up appropriate document retention policies, taking into account European data protection and employment law requirements.

Compliance, Data Protection/Privacy Policies and Data Security

We are trusted advisors to a large number of clients on many novel and important questions concerning data protection and security issues. We have developed practical enterprise-wide privacy and security policies and programs for multinational corporations in the online services, financial services, IT, manufacturing, telecommunications, media and retail sectors. We regularly advise clients on developing security incident response plans and providing data breach crisis management. We counsel clients on compliance with the often slightly diverging national implementations of EU data protection rules in EU member countries, particularly in the context of implementation of a multi-jurisdictional business plan in Europe. Our work has included:

Internet and Communications

  • Advising on compliance with privacy rules in the context of advertising and marketing campaigns, lotteries and loyalty programmes, sales and purchases of customer lists and unsolicited commercial communications.
  • Advising clients on privacy issues in connection with monitoring communications for purposes of network management and detecting unlawful activity.
  • Advising clients such as broadband service providers, online content companies and mobile operators concerning the privacy implications of offering targeted advertising using behavioral data from customers' Internet usage, location data and other demographic information.
  • Advising Internet service providers and online operators on compliance with data retention obligations.

Financial Services

  • Crafting a network of corporate intra-group data protection and data security agreements worldwide to meet the stringent criteria of the EU's data protection laws.
  • Advising on privacy compliance and consent requirements in the context of the provision and marketing of consumer credit products.

Human Resources/Employee Data

  • Advising multinational companies on data protection issues affecting centralization of global human resources information systems.
  • Counseling a global provider of outsourced human resources benefits management about compliance with international privacy and data transfer laws, including those applicable to sensitive (e.g., medical and financial) personal information; privacy and security obligations in connection with large-scale outsourcing; and security incident response and state and international breach notification obligations.
  • Advising clients on data protection and data transfer issues in the context of corporate reorganizations, mergers and acquisitions.

Corporate Compliance and Investigations

  • Drafting corporate codes of conduct that respect data protection obligations and allow appropriate Sarbanes-Oxley oversight, including anonymous whistle-blowing.
  • Assisting clients on privacy issues in connection with electronic discovery.
  • Advising and assisting clients on privacy issues in connection with internal investigations in competition, anti-corruption and corporate governance matters.