Duane Morris Home
Search Site | Languages | Site Map | Alumni | Careers | Contact Us | Watch Duane Morris Video Listen to Duane Morris Podcasts, Webcasts and Audio Connect with Duane Morris LLP on LinkedIn Follow Duane Morris LLP on Facebook Follow Duane Morris LLP on Twitter Subscribe to RSS feed
  • About Duane Morris  ∨
    • Annual Report
    • Firm Rankings and Statistics
    • Past and Present
    • Firm Accolades and Honors
    • Attorney Accolades and Honors
    • Diversity and Inclusion
    • Women's Initiative
    • Pro Bono
  • Practices and Industries  ∨
    • Expanded Service Area Listing
  • People
  • Offices
  • Annual Report
  • News, Pubs and Multimedia  ∨
    • Alerts and Updates
    • Bylined Articles
    • In the News
    • Press Releases
    • For the Press
    • Video
    • Podcasts
    • Blogs
  • Events
  • Affiliates

 

Read the Duane Morris TechLaw Blog

TechLaw Blog

Info Tech & Telecom

  • Corporate Organization, Funding and Financial Transactions
  • Websites and Online Services
  • Distribution, Licensing, Vendor Agreements & Strategic Alliances
  • Litigation
  • Legislation and Public Policy
  • Web Content Generation and Distribution
  • Administrative/Regulatory

Home > Practices > Information Technologies and Telecom

Information Technologies and Telecom

Privacy and IT Security

The collection, retention, use and protection of personally identifiable or confidential information, including customer data, employee records and proprietary corporate information, is a convoluted and rapidly changing area of the law. Likewise, reported data breaches are at an all-time high. Attorneys in the practice group regularly handle security breaches and are highly knowledgeable about privacy and security laws – federal (including HIPAA, GLB, SOX, CAN-SPAM, Do-Not-Call, Computer Fraud and Abuse Act), state (breach notification and related statutes) and EU and Canadian privacy policies – and frequently provide clients with compliance and auditing advice on privacy and IT security exposure. We have extensive experience in regulated industries (e.g., healthcare, financial services, telecom, insurance, etc.) and consult on the collection and transmission of data outside the United States and pursuant to the EU Privacy Directive.

Attorneys in the practice group develop and draft Web privacy policies and corporate IT security and technology policies, conduct compliance training for employees, assist in the legal aspects of IT security audits, and prepare data retention policies and SAS 70 reports (including issues involving the security of data in third-party data centers). As class action and related litigation arising from privacy and IT security breaches increases, our lawyers are also well positioned to handle or assist in the litigation of damages actions in these often high-profile cases.

Duane Morris can assist in a wide variety of areas related to data security and privacy:

Regulatory Advice

Navigating the complex regulatory minefield governing data security is challenging. We rely on our extensive knowledge of federal, state and international laws, as well as current FTC guidance and client advocacy, to provide sound advice regarding privacy and security of consumer data in such industries as healthcare, financial services, telecom, insurance and others. In many of these markets, careful attention must also be given to the provisions of vendor and customer agreements in order to ensure regulatory compliance and to minimize the risk of potentially harmful electronic data breaches.

Policy Development and Enforcement

Members of the Information Technologies and Telecom practice group regularly prepare and update an array of IT security policies, including:

  • Online and "brick and mortar" privacy and security policies for collecting, handling and protecting sensitive data
  • Enterprise data retention and destruction policies
  • Internal corporate employee policies for handling and use of confidential company or customer information
  • Guidelines and advice regarding protection of competitively sensitive corporate information (e.g., trade secrets, copyrights, proprietary and confidential data, customer information, records data and product/pricing information)

Employee Training

In today's digital age, where a single misplaced laptop or "thumb drive" can land a company in the crosshairs of the plaintiffs bar, corporations of all sorts must develop internal human resource (HR) policies for employees governing handling and use of information. Attorneys in the practice group have a wealth of experience preparing and training employees on permissible employee usage of IT assets (e.g., laptops, USB drives, camera phones, iPods, PDAs, etc.) and services (e.g., email, instant messaging and SMS/text messaging). Our attorneys also advise clients on identity theft by employees (reportedly 70% of identity theft in the United States occurs internally) and on the scope of employers' rights to monitor and intercept employee communications.

Transactional Safeguards

Every corporate sale or vendor agreement, particularly if it involves partnering with another company for some or all of manufacturing or fulfillment, presents a risk to privacy and IT security. Where regulatory standards exist, they must be incorporated into (and followed upon implementation of) transactional agreements. Where state-specific requirements, frequently pioneered in California, are at issue, attention must be given to ensuring that deal partners know and adhere to the law despite geographic differences.

Security Breach, Crisis Management and Litigation

No IT security process is perfect, and holes, whether inadvertent or malicious, will always exist. Hence, when Social Security or credit card numbers are hacked from a corporation's IT system, there is more than one audience for the board of directors to satisfy. Astute directors and CEOs will devote equal attention to three complementary areas: media relations, legal compliance and proactive "fixes." While adhering to statutory obligations for customer notice is necessary, it is far from sufficient to ward off or end litigation claims by federal agencies (principally the FTC) and by those whose information has been compromised. At Duane Morris, our IT and Telecom attorneys can assist in each of these endeavors, through and including trial of damages and class action claims.

For More Information

For more information, please contact Sandra A. Jeskie or any of the group members referenced in the Attorney Listing.

 

Duane Morris LLP & Affiliates. © 1998-2013 Duane Morris LLP. Duane Morris is registered service mark of Duane Morris LLP. Disclaimer | Privacy | Attorney Advertising
Other Languages: Chinese • Deutsch • Español • Français • Português