Privacy and Information Security
 
Kelley Drye is at the forefront of evolving privacy and information security law, advising clients on issues that directly impact their market momentum and business risk. We have a reputation for providing broad and deep legal services on privacy and data security issues, with a focus on offering practical and timely advice. Our attorneys regularly counsel clients regarding all aspects of privacy and data security compliance, including drafting and amending policies and programs, performing privacy and/or data security audits of existing business practices, drafting agreements with third parties regarding the handling of clients’ customer and employee data, and representing clients in connection with federal and state regulatory investigations. Whether your matter involves privacy and data security compliance, the launch of a new marketing campaign or new media issues, Kelley Drye will help your business achieve a competitive edge while satisfying the appropriate privacy and security obligations.

Kelley Drye’s Privacy and Information Security practice group includes recognized leaders in the field, including two former directors of the Bureau of Consumer Protection at the Federal Trade Commission (FTC). While at the FTC, members of our group targeted Internet privacy, identity theft, and electronic commerce issues, and directed the FTC’s implementation and enforcement of the Children’s Online Privacy Protection Act (COPPA) and the Gramm-Leach Bliley Act (GLBA). Our group also includes the chair of the American Bar Association’s Privacy and Information Security Committee and editor of the ABA’s Data Security Handbook and The Secure Times newsletter. The firm’s Privacy and Information Security practice is ranked in the 2008 and 2009 editions of Chambers USA, the 2009 edition of U.S. Legal 500, and has been named one of the top privacy advisers among law firms and consulting firms around the world in a survey published by Computerworld magazine.

Our attorneys apply experience gained from working with clients in a range of industries, and we have provided privacy and data security counseling for companies including Altria Group, AOL, Carlson Hotels Worldwide, Dick’s Sporting Goods, Enterprise Rent-A-Car, Kraft, Monster.com, NIKE, Saks Fifth Avenue, Sam’s Club, ServiceMaster, Sprint Nextel, The Children’s Place, XO Communications and others.

This team regularly counsels clients in the following areas:
  • Investigations – Kelley Drye represents clients in investigations and inquiries from the Federal Trade Commission, state attorneys general, and federal and state courts and agencies regarding their privacy and information security business practices.

  • Compliance – We counsel on all aspects of privacy and information security laws, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Children’s Online Privacy Protection Act, the EU Data Protection Directive and other national and local privacy laws around the world, the FTC Act, and state privacy and data security laws.

  • Marketing Campaigns – Our group counsels clients on how to use consumers’ personal information lawfully in marketing, including obtaining effective consent for email marketing, text messaging and online behavioral marketing. In the early stages of marketing campaigns, the firm represents clients in meetings with privacy advocates to address use of consumer information, particularly with regard to online behavior.

  • Compliance and Disaster Planning – We ensure that clients’ business practices are designed to comply with privacy and data security laws, as well as with federal and state banking and consumer financial services laws and regulations. The firm also helps clients handle potential data breach events by developing policies and procedures that allow them to meet their legal obligations while managing public relations implications.

  • Policy Development and Training – Our attorneys help clients draft, review, revise and interpret their privacy and data security policies and procedures, and develop appropriate, comprehensive security programs. The team’s lawyers also train clients’ employees on privacy, data security, advertising and business practices that comply with consumer protection laws.

  • Business Practice Audits – We perform privacy or data security audits of existing business practices. This involves assessing client compliance with current policies and reviewing how clients receive and share personal information with affiliates and third parties to ensure that such information sharing complies with laws and business policies.

  • Third-Party Compliance – Kelley Drye drafts clients’ agreements with third parties, and advises on how to oversee and monitor these parties, to ensure clarity and compliance in how they handle personal data.

  • Data Breach Counseling – We develop policies and procedures to ensure that clients are prepared to meet their legal obligations, as well as manage their public relations, in the event of a data breach.
As the rules governing privacy and data security change and expand, lawyers in this practice group work closely with other members of the firm, specifically with the Government Relations and Public Policy practice group, to stay abreast of new developments and analyze how clients should seize opportunities and protect against new risks.

Experience
  • Appointed Consumer Privacy Ombudsman by United States Trustees in various bankruptcy proceedings, submitting reports and recommendations to the courts regarding the disposition of customer lists and other personally identifiable information.

  • Represented leading children’s specialty retailer in an FTC investigation of the company's in-store and online privacy practices. Successful in convincing the FTC to close the investigation without pursuing law enforcement or remedial action.

  • Represented leading academic research company in separate privacy investigations by the FTC and 42 state attorneys general, and negotiated FTC consent order and state Assurance of Voluntary Compliance.

  • Represented online retailer in investigation of security breaches involving customer information by New York Attorney General’s Office, resulting in negotiation of Assurance of Discontinuance.

  • Represented leading online retailer in FTC privacy investigation, resulting in closing of investigation.

  • Defended a national financial services company in an FTC investigation for GLBA Safeguards Rule violations. The matter was closed without action.

  • Assisted a major retailer with a gap analysis for privacy compliance. This involved dividing the business units into discreet parts with similar privacy compliance issues. Our analysis then cataloged every applicable privacy law in the United States (federal and state) in the form of easy-to-follow questions for the business units to answer, which allowed the legal department to identify compliance gaps and most efficiently focus resources on those areas that needed it most.

  • Represented a financial institution in an investigation by the FTC concerning an information security breach the business incurred, and whether the company’s business practices complied with Section 5 of the FTC Act, the GLBA Safeguards Rule, and the GLBA Privacy Rule. The case resolved with a settlement that included relatively narrow injunctive relief (compared to other similar FTC settlements), and no monetary damages or penalties.

  • Counseled a Fortune 50 computer and technology company on global privacy and data security compliance, including assisting on compliance with the various U.S. state developments, enforcement trends and strategies for managing vendor relationships worldwide. Our work included drafting appropriate contractual language and developing and counseling on oversight and monitoring procedures for a company that maintains a very large and diverse set of vendors that raise varied data security compliance issues in the European Union and Asian countries in which they do business.

  • Worked with international retailers to review and certify data practices under the Safe Harbor program, to permit them to lawfully transfer its European Union employee and customer data to the United States.

  • Assisted a major consumer electronics retailer in connection with implementing a behavioral advertising initiative.

  • Regularly advise a Fortune 1000 clothing retailer on privacy and data security matters, including working closely with the company in designing a tailored privacy and data security compliance program that meets federal and state regulatory requirements.

  • Provide comprehensive privacy and data security advice for a major online retailer. This includes advising on compliance with the Children’s Online Privacy Protection Act, CAN-SPAM, and relevant FTC and state consumer protection, privacy, and data security laws.

  • Defending an apparel manufacturer in two major California class actions alleging violations of the Song-Beverly Act in the collection of customers’ personal information.

  • Counseled a Fortune 500 clothing manufacturer on enterprise-wide data security compliance. This included strategies for data protection compliance, legal policies, managing vendor relationships, negotiating privacy and data security terms in vendor contracts, and exercising privacy and due diligence in the company’s acquisition of new businesses, data assets and service providers.

  • Counseled numerous clients – retailers, financial service entities, and telecommunications providers – on appropriate responses to a data breach event in accordance with legal obligations and business risks.

Back to: Advertising and Marketing

For further information about Kelley Drye's Privacy and Information Security practice group, please contact:

Dana B. Rosenfeld
(202) 342-8588
drosenfeld@kelleydrye.com
^ top
© 2003-2010 Kelley Drye & Warren LLP, All Rights Reserved.
Contacts | Disclaimer | Privacy Policy | Sitemap | Help
Advertising and Marketing - Privacy and Information Security
Practice Group Chair
Attorneys and Professionals
News
Publications
Events
Client Advisories

 
 
highgrade-end