Data Privacy and Cybersecurity

Dechert lawyers assist clients in complying with the many, and often inconsistent, rules and regulations established to protect the privacy of customer and employee information, working to minimize the cost and time for compliance. As prominent thought leaders in this field, our attorneys frequently lecture and publish articles and white papers on current information security law trends, including China’s Cybersecurity Law, the EU’s General Data Protection Regulation (GDPR), and a white paper analyzing U.S. data security laws, which was prepared for the French Senate. We have particular expertise advising clients on cybersecurity and data protection in the financial services, consumer marketing, healthcare and life sciences sectors. Dechert was named a "Leading Cybersecurity Law Firm" in BTI Consulting Group's report BTI Law Firms Best at Cybersecurity 2017: Corporate Counsel Rank the Law Firms Leading the Charge on Change.

Banking and Financial Services

We help clients develop policies, privacy agreements, and compliance/audit programs so that they can efficiently manage their privacy obligations in the U.S. under the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the SEC’s Regulation S-P and related federal and state privacy regulations. Lawyers in our European offices advise on financial services regulator information security requirements such as the UK FSA’s Codes of Business, as well as the implications of the European data protection directives. We counsel clients on how their privacy obligations are affected by other federal statutes and regulations, including anti-money laundering obligations under the Bank Secrecy Act, as amended by the USA PATRIOT Act. We have also advised clients regarding data protection issues involved in outsourcing, such as subcontractor processing of bank software, participating in third-party Internet banking systems and contracting with acquisition agents.

E-Business and Consumer Marketing

Dechert lawyers advise buyers and sellers on important e-issues such as data collection and consumer information exchange policies, transactions and indemnification. In the U.S, we provide guidance on the Federal Trade Commission Act, Electronics Communications Act, the Video Privacy Protection Act, the Computer Fraud and Abuse Act and the Children’s Online Privacy Protection Act. We have represented and counseled clients involved in Federal Trade Commission inquiries concerning their privacy practices.

We have also advised on telemarketing regulatory schemes internationally, including the U.S. national do-not-call rule, corporate do-not-call lists, the CAN-SPAM Act, SEC regulation through NASD Rule 2212, state privacy rules, banking rules and other privacy matters.

In Europe, we advise on the operation of the European directive on data protection, as well as the anti-spam rules arising out of the privacy in telecommunications directive and compliance with the supervisory authorities’ guidance on the application of those rules. We also have counseled on best practices to prevent identify theft, using firewalls and other computer security measures.

Healthcare/Pharmaceutical and Life Sciences Industry

With extensive experience in state and federal privacy and related matters, we prepare clients for the often unanticipated effects of Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. We assist healthcare providers, health plans and other entities in assessing their privacy and security practices, implementing practices to safeguard employee data and developing other aspects of HIPAA compliance programs.

Our lawyers are widely regarded leaders in the healthcare/pharmaceutical field, write and speak extensively on HIPAA and other issues related to privacy and security and regularly conduct privacy and security training sessions for clients’ human resources departments.

Compliance with International Requirements

We help multinational businesses ensure that their data collection and storage practices conform with regulatory requirements wherever they do business, advising them on local data protection and privacy laws in the U.S. and Europe, particularly the EU Directive on Data Protection. We advise on legitimate means to smoothly transfer data across borders and, in particular, out of the EU, including through use of model contracts, binding corporate rules or use of the U.S. Commerce Department’s safe harbor. We also advise clients on how their privacy obligations are affected by anti-money laundering obligations and on international transfers of data resulting from outsourcing deals and hosted service solutions. Much of our work is at the pre-litigation stage, with clients posing “what if” scenarios and our lawyers evaluating risks and likely outcomes of various strategies.

Litigation and Enforcement Experience

Dechert’s cybersecurity and data protection lawyers are well versed in representing clients in data privacy litigation and enforcement actions brought by both federal and state regulators. We have handled numerous sensitive data breach response incidents for clients from a broad spectrum of industries. We have also successfully represented clients in FTC investigations arising out of large scale and multi-national data thefts. Moreover, our attorneys achieved a dismissal in a class action involving claims against a major bank in litigation arising out of computer data theft involving millions of credit card numbers.