- February 15, 2017
- Former Department of Homeland Security Deputy General Counsel Jonathan Meyer Joins Sheppard Mullin Washington, D.C.New Partner Expands Firm’s Government Contracts and Cybersecurity PracticesSeptember 20, 2016
- Laura Jehl Joins Sheppard Mullin Washington, D.C. Office as Partner and Co-Leader of Firm's Privacy & Cybersecurity PracticeFebruary 16, 2016
Areas of Experience
- Brian Anderson
- Rena Andoh
- Tyler Baker
- Elizabeth Berman Barcohana
- Melinda Biancuzzo
- Christopher Bosch
- Jeryl Bowers
- Lawrence Braun
- Craig Cardon
- James Chadwick
- Paul Cowie
- Guylyn Cummins
- Eric DiIulio
- Garen Dodge
- Dana Dunwoody
- Adam Ettinger
- James Gatto
- J. Aaron George
- Gardner Gillespie
- Shon Glusky
- Megan Grant
- Oliver Heinisch
- Rachel Hudson
- Laura Jehl
- Kristi Kung
- Jonathan Meyer
- Lynsey Mitchel
- Evan Mix
- Brian Pass
- Shannon Petersen
- Justine Phillips
- David Poell
- Fred Puglisi
- Robert Rose
- Julie Rubash
- Mukund Sharma
- Martin Smith
- Douglas Svor
- Dave Thomas
- Amber Thomson
- Louis Victorino
- Brian Weimer
- Paul Werner
- Ken Yood
According to the U.S. Chamber of Commerce, 90% of all data in existence was created in the last two years. However, the global regulatory landscape for data is a patchwork of overlapping and often conflicting rules and concepts. Helping businesses negotiate this continuously evolving landscape is what we do. We recognize that data – and the technology to store, process, analyze and execute on it – is a valuable intellectual property asset that companies can develop, acquire, protect, license, sell and otherwise commercialize and exploit.
Our Privacy and Cybersecurity Team helps businesses unlock the value of data, while ensuring compliance with U.S. and non-U.S. laws and standards that regulate the collection, use, sharing and protection of data.
Third Party and Customer Data Use
We advise many of the world’s largest retailers, consumer brands and technology providers on the collection, use, sharing and commercialization of third party and customer data. This includes negotiating and drafting data sharing and co-op agreements and data security clauses in broader third party vendor agreements, as well as conducting unique data regulatory compliance and data integrity due diligence in strategic transactions.
Advice on Cross Border Data Transfers
We counsel clients on cross-border data transfers, including compliance with EU, Canada, and other international data privacy laws. We help clients achieve certification under the new US-EU Privacy Shield, and routinely handle EU standard contractual clauses and US-Swiss Privacy certifications for clients. With offices in London, Brussels, Shanghai, Beijing, and Seoul, we have local expertise in privacy and data security matters in the UK, EU and its member states, China, and Korea, and are closely monitoring any developments in data protection and privacy law that may arise as a result of Brexit.
European General Data Protection Regulation (GDPR)
Our European experts advise clients on all steps required to ensure compliance with the incoming European Data Protection Regulation. We build entirely new processes and compliance policies, we advise on IT requirements and architecture to ensure that companies are able to discharge of their newly imposed obligations under the GDPR as well as to deal effectively with rights of individuals. We also advise companies on how to efficiently change existing policies in the most cost-effective way to bring them in line with the GDRP. The wide jurisdictional scope and the increased risk of fines, investigations and litigation has made this a high-priority area for most companies that handle consumer and human resource data of individuals in the European Union.
Data Loss and External Notification
Our attorneys handle complex and high profile data security breach incidents, including advising clients regarding internal investigations, public relations strategies and responses, indemnification and other rights and remedies under vendor agreements, and compliance with state and federal security breach notification laws. We prepare and help implement internal Data Security Breach Response Plans for clients. As data becomes more entwined with the enterprise value of businesses, we handle data due diligence and data loss issues in connection with M&A and other corporate and strategic transactions.
As the prevalence of data use increases along with its value to businesses, privacy litigation is now a part of every large business’s lexicon. We represent some of the best known brands and businesses in the world in defending against the surge of privacy class actions in state and federal courts around the country. We have handled landmark cases involving constitutional privacy rights, state law claims such as California’s Song-Beverly and Shine the Light Acts, penal code wiretapping and call recording claims, the federal Telephone Consumer Protection Act, as well as related vendor indemnification actions. Some of our recent victories include halting the expansion of certain privacy claims to new technologies or new jurisdictions. We don’t just react when you are sued -- we devote time to thinking about what may come next and how to protect you from being surprised by percolating regulation and developing legal theories.
Internal Privacy Policies
We advise clients on internal privacy policies and procedures relating to both consumer and human resources data.
Public-facing Privacy Policies
Regulatory Advocacy and Relationships
As an outgrowth of our extensive representation of online and brick-and-mortar retailers, we have worked closely with trade associations such as the California Retailers Association (CRA) and the Direct Marketing Association (DMA) on drafting and advocating passage of privacy legislation. We have also assisted these and other trade associations with evaluating proposed privacy legislation and crafting arguments to highlight the faults in those proposed laws.
External Privacy Investigations & Audits
We represent companies, including large children’s media focused companies, in connection with regulatory inquiries and proceedings in related to privacy issues, particularly in connection with the federal Children’s Online Privacy Protection Act (COPPA).
Privacy in the Workplace
Legal requirements around the world keep changing and placing increased restrictions on what employers can and can’t do. These changes impact background checks, drug testing, employee data retention and/or transfer, workplace data breach, and maintenance of employee health related information. Our international employment and mobility law attorneys counsel employers on issues related to compliance with workplace privacy. They offer a virtual one stop shop in terms of what U.S. and other countries require.
Regulated Highly Sensitive Data
We have specialized knowledge and experience helping clients with regulated highly sensitive data, including the various laws and regulations that govern health data (HIPAA) and financial data (Gramm–Leach–Bliley Act).
Health care privacy is a critical business function for health care organizations. We represent some of the nation's largest and most respected health plans, hospital organizations, contract research organizations, pharmaceutical companies and medical device manufacturers. We assist healthcare businesses to develop and implement HIPAA privacy compliance programs, establish data sharing programs and protocols and prepare consent and contractual documentation of the same. And because policies need training to be most effective, we offer employee HIPPA's compliance training. We strongly believe that health care providers must take a proactive approach to ensure continued compliance with HIPAA's privacy standards. When allegations of non-compliance are made, we are there to assist too.
In the area of financial institutions, we structure Gramm–Leach–Bliley Act Financial Privacy Rule (GLB) compliance programs, as well as compliance with other laws affecting financial institution opt-out notice provisions, restrictions on the re-use and re-disclosure of consumer information, security guidelines, and federal preemption of state and local privacy restrictions.
Internal Privacy Investigations & Audits
We lead internal data privacy audits as part of US-EU Privacy Safe Harbor and US-Swiss Privacy Safe Harbor certifications and annual re-certifications for clients.
Social Media Usage in the Workplace
We regularly advise companies regarding use of social media in the workplace, and the growing practice employees or contractors devote to promoting and managing a company’s social media presence. The firm publishes a well-read blog on legal issues concerning social media: http://www.lawofthelevel.com/. We have drafted internal social media policies for numerous clients that, among other things, address compliance with FTC endorsements and testimonials rules for social media.
- Legal 500 US 2016 Recognizes Sheppard Mullin Partners and Practice Groups Among the Best in the CountryLegal 500 US, June 15, 2016
- Daily Journal, May 18, 2016
- Law360, November 16, 2015
- Legal 500 US 2015 Recognizes Sheppard Mullin Partners and Practice Groups Among the Best in the CountryLegal 500 US, June 3, 2015
- Best Lawyers "Women in the Law" Spring Business Edition, March 31, 2017
- DC Circ.'s Delay On Net Neutrality Points To Wider HoldupLaw360, March 15, 2017
- Companies Await D.C. Circuit’s Robocall Autodialer DeﬁnitionBloomberg Law, March 7, 2017
- Telco Transformation, March 6, 2017
- Law360, February 24, 2017
- Achieving Cyber-Fitness In 2017: Part 2—Looking Beyond The FAR And DFARS—Other Safeguarding And Reporting RequirementsThe Government Contractor, February 22, 2017
- Cyber Spies: In-House Legal Fights Back Against CyberespionageLegaltech News, February 9, 2017
- Bloomberg BNA, February 2017
- Facing Evolving Cyberthreats and Crippled by Ransomware Attacks, Can Hospitals Ever Really Be PreparedLorman, January 2017
- Bloomberg BNA Privacy Law Watch Bulletin, January 6, 2017
- Privacy Cases To Watch In 2017Law360, January 2, 2017
- Retail Legislation And Regulation To Watch In 2017Law360, January 2, 2017
- Privacy Legislation And Regulation To Watch In 2017Law360, January 2, 2017
- Corporate Counsel, December 2016
- Law360, December 20, 2016
- Facing Evolving Cyberthreats and Crippled by Ransomware Attacks, Can Hospitals Ever Really Be Prepared?Metropolitan Corporate Counsel, December 7, 2016
- What the Election Results Mean for Congressional Oversight of Corporate AmericaEntrepreneur, December 6, 2016
- Law360, November 17, 2016
- Law360, November 14, 2016
- Law360, October 6, 2016
- Law360, October 4, 2016
- Law360, September 13, 2016
- "Hospitality's Move to Mobile Raises Legal Risks"HOTELS Magazine, September 13, 2016
- Law360, August 30, 2016
- Law360, August 11, 2016
- Bloomberg BNA, July 15, 2016
- Law360, June 28, 2016
- Bloomberg BNA: Privacy Law Watch, June 24, 2016
- Variety, June 17, 2016
- Cnet, June 15, 2016
- Law360, June 15, 2016
- Law360, June 14, 2016
- Bloomberg BNA, June 14, 2016
- ALM Media, June 6, 2016
- Law360, June 30, 2015
- Law360, October 3, 2014
- The Metropolitan Corporate Counsel, March 17, 2014
- Law360, November 27, 2013
- Law360, October 11, 2013
- Law360, August 26, 2013
- Law360, August 20, 2013
- Law360, August 1, 2013
- Bloomberg BNA, February 11, 2013
- The Metropolitan Corporate Counsel, February 2013
- Bloomberg BNA, July 19, 2012
- The Metropolitan Corporate Counsel, September 2011
- Law360, June 23, 2011
- The Metropolitan Corporate Counsel, June 2011
- Patchwork of state laws adds complexity.The National Law Journal, June 8, 2009