In today's digital economy, information has become a powerful asset to companies across industry. At the same time, however, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information regarding their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today's economy.
Hunton & Williams' global privacy and cybersecurity practice helps companies manage data at every step of the information life cycle. The firm is a leader in its field and has been ranked by Computerworld magazine as the top law firm globally for privacy and data security in each of its four surveys. Chambers and Partners also rated Hunton & Williams the top privacy and data security practice in its Chambers Global, Chambers USA and Chambers UK guides.
The Centre for Information Policy Leadership at Hunton & Williams LLP, a privacy think tank associated with the law firm, augments our privacy and cybersecurity practice. The Centre provides strategic consulting services and helps clients develop global privacy and data security strategies for today’s digital economy. With nearly 40 members, the Centre also provides clients with a forum for developing privacy solutions and brings together companies, consumer leaders and senior policymakers to develop next-generation privacy principles to facilitate global digital information flows.
The firm's privacy and cybersecurity practice has authored a 1,400-page treatise, entitled Privacy and Data Security Law Deskbook (Aspen Publishers, Wolters Kluwer). The deskbook provides a detailed overview of all US and international information privacy and data security laws relevant to US businesses operating in the global arena. In addition, the book contains a collection of sample documents, charts, checklists and other compliance-enabling tools.
Who We Are
Hunton & Williams' privacy and cybersecurity practice members understand information-use business models and how information flows generate revenue for our clients. Our lawyers, led by Lisa J. Sotto, who was named among The National Law Journal's "100 Most Influential Lawyers," have extensive underlying subject matter experience in technology, banking and finance, consumer protection, international law, intellectual property, health care and litigation. In addition, our lawyers have hands-on business experience that enables us to provide strategic business consulting on all aspects of information policy, including privacy, cybersecurity, data breach and records management.
We represent a diverse group of clients, including retailers, consumer goods companies, health care providers, direct marketers, telecommunications and Internet service providers, banks, insurance providers, government agencies, electronic publishers, reference services, consumer and business credit reporting agencies and risk management specialists.
The common link among our clients is information — growth of our clients' businesses is fueled by the appropriate use of consumer and business information. To achieve maximum return on the investment that each client places in its global information assets, we provide clients with an understanding of the current legal environment, assistance on developing an appropriate values-based corporate information policy and guidance on implementing and communicating those values. We craft timely, cost-efficient solutions that balance each company’s internal and external needs. Our goal is to provide high-quality, total-solution services with an entrepreneurial spirit to all our privacy and cybersecurity clients.
Areas of Experience
Hunton & Williams' global privacy and cybersecurity practice group focuses on providing legal services in the following areas:
- Compliance with all US federal and state privacy and information management requirements, including the Gramm-Leach-Bliley Act, HIPAA, the Children's Online Privacy Protection Act, the Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act of 2003, the Driver's Privacy Protection Act, CAN-SPAM, state and federal security breach notification laws, state Social Security laws, the Payment Card Industry Data Security Standard and other federal and state requirements;
- Compliance with all international data protection laws, including the EU Data Protection and Telecommunications Privacy Directives and member state implementations thereof (including US Safe Harbor requirements, model contracts and binding corporate rules) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA);
- Comprehensive assistance with significant information security breaches, including network intrusion investigations, customer notification, state and federal regulatory negotiations, discussions with payment card issuers, as well as public relations, call center and investor relations communications and training;
- Preventing and managing cyber events, from security planning and prevention of cyber intrusions, to incident response and handling of litigation and disputes arising from such events;
- Performance of comprehensive privacy and information management assessments, including preparation of data flow maps and privacy policies and procedures;
- Development and implementation of privacy and data use policies and procedures that comply with applicable laws and generate consumer and business partner confidence, revenue and flexibility;
- Development and implementation of programs to protect global information assets, including legislative and regulatory advocacy;
- Assistance with information product life cycle issues, including product promotion, customer profiling, targeted marketing, channel definition and expansion, franchising, branding, advertising, warranties and pricing;
- Drafting and negotiation of vendor contracts and information use and distribution agreements; and,
- Assistance with dispute resolution, management of consumer concerns, response to allegations of misuse of data, state and federal investigations (including actions and requests for information from state attorneys general and the Federal Trade Commission) and litigation.