Sullivan & Cromwell LLP Logo
  • Home
  • Lawyers
  • Practices
  • Insights
  • About
  • Careers
  • Alumni
  • Client
© 2023 Sullivan & Cromwell LLP
    Home /  Practices /  Privacy

    Privacy

    Related Lawyers

    Led by top practitioners in privacy, cybersecurity, financial services, fintech, intellectual property, criminal investigations and civil litigation, S&C’s Privacy Group has the depth and experience to advise companies on the full range of privacy issues that can arise in complex matters.

    S&C works with global clients subject to wide-ranging privacy and data protection laws and regulations, which include the California Consumer Privacy Act (CCPA) and other comprehensive U.S. state privacy laws, the European Union General Data Protection Regulation (GDPR) and UK GDPR, the Illinois Biometric Information Privacy Act (BIPA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Children’s Online Privacy Protection Act (COPPA).

    From startups to well-established companies, clients turn to S&C’s multi-disciplinary team to collaborate on privacy issues impacting their products and services; compliance with local, state, federal and international privacy laws and regulations; and privacy-focused investigations and litigation. We help clients incorporate privacy-by-design into their products, services, websites , mobile apps and back-end infrastructure and conduct data protection impact assessments that evaluate how they collect, use, disclose and dispose of personal information.

    In transactions, we strategize closely with our clients to evaluate personal information at the outset of our engagement and develop creative solutions to avoid potential barriers that might limit the use of that information. We conduct privacy due diligence tailored to a company’s data collection practices, industry and geographic scope, revise and negotiate agreements and assist clients with post-closing transition services, including data integration or separation.

    Areas of focus include:

    • Advising clients on privacy and cybersecurity issues in mergers, acquisitions, joint ventures and other business combinations;
    • Drafting and negotiating data sharing, processing and transfer agreements and assisting with third-party vendor management programs;
    • Assisting clients with developing privacy compliance programs, including by drafting privacy notices, consent forms and data subject request policies and procedures;
    • Advising on privacy considerations associated with processing personal data using artificial intelligence;
    • Providing strategic counseling on data governance and privacy issues associated with new business opportunities, consumer marketing programs or the collection of sensitive categories of personal information, including biometric information;
    • Developing cross-border data transfer strategies and assisting with compliance with international privacy laws and regulations;
    • Advising on employee privacy issues including employee monitoring, geolocation tracking and the use of ephemeral communications;
    • Assisting clients in responding to and evaluating the impact of federal, state and international privacy investigations and litigation; and
    • Drafting and revising privacy-related disclosures in regulatory filings.

    Recognized by:

    • Global Data Review’s GDR 100 2022
    • U.S. News & World Report 2022 for Privacy & Data Security Law

    Subscribe to receive our Insights

    Read More

    Spotlight

    Ranked Tier 1 for Privacy and Data Security Law in New York and San Jose

    – 2022 U.S. News & World Report Best Lawyers Best Law Firms survey
    • Experience
    • Rankings and Recognitions
    • News
    • Publications, Videos and Podcasts
    Experience

    Experience

    Transactions

    • J.P. Morgan in its acquisition of Aumni, a leading investment analytics company that serves clients in the venture capital industry that have invested in more than 17,000 portfolio companies.
    • Mitsubishi UFJ Financial Group in its sale of MUFG Union Bank’s U.S. core regional banking franchise to U.S. Bancorp.
    • Kering Eyewear in its acquisition of Hawaiian eyewear brand Maui Jim.
    • AT&T in the combination of its WarnerMedia business with Discovery, Inc.

    • Booking Holdings in its $1.2 billion acquisition of Getaroom, a B2B distributor of hotel rooms, from Court Square Capital Partners.
    • Biohaven in its $11.6 billion acquisition by Pfizer.
    • Benefitfocus, Inc. in its sale to Voya Financial, Inc.
    • BNY Mellon in its sale of BNY Alcentra Group Holdings to Franklin Templeton
    • LeonardoDRS in its merger with RADA Electronic Industries.

    Compliance, Contracting and Strategic Counseling

    • An NFL analytics company, robotics manufacturer, Class-I railroad and real estate investment trust in drafting privacy notices, terms of use, cookie policies and other online disclosures.
    • A leading artificial intelligence company, hedge fund, technology licensing company and digital assets provider in drafting and negotiating data sharing or data processing agreements.
    • Technology companies in connection with developing and training algorithms in compliance with applicable privacy laws.
    • A currency settlement services provider on privacy compliance issues in connection with contemplated sales, marketing and promotional activities.
    • Various companies on the use of customer information for data analytics purposes, including whether certain contemplated uses would comply with federal and state privacy and other laws.
    • An online healthcare platform on privacy compliance obligations associated with a new payment processing initiative.
    • HIPAA-covered entities and business associates on their HIPAA compliance obligations, including drafting, negotiating and executing business associate agreements.

    International and Cross-Border

    • A Web 3.0 startup, research institute and other various companies in developing GDPR compliance programs, including data subject request policies and procedures, data protection charters and data governance materials.
    • A prominent family office on the scope of data subject rights in various data protection laws and regulations across the globe.
    • Various manufacturers on compliance with the Chinese Personal Information Protection Law.
    • An international apparel company on the data protection laws and cross-border data transfer requirements in several Latin American jurisdictions.

    Employee Privacy

    • Biopharma companies in revising employee manuals, policies, procedures and codes of conduct addressing privacy and data protection compliance.
    • A large financial institution on conducting global background checks in accordance with applicable data protection laws and regulations.
    • Multinational pharmaceutical manufacturers, healthcare companies and financial institutions in the disclosure of employee personal data and integration planning.
    • One of Canada’s largest asset managers on employee privacy issues in connection with the opening of a New York office.
    • Various companies on notice requirements in NYC’s new employee monitoring law.

    Litigation/Investigations

    • Various financial institutions on privacy and data protection law considerations in government investigations, including data transfer issues and redaction issues.
    • Privacy aspects associated with bankruptcy and restructuring.
    • A technology platform in obtaining a preliminary injunction preventing the City of New York from implementing a new ordinance intended to collect personal data about the users of short-term rental platforms.
    • Various companies on compliance with the GDPR and data protection laws in Canada, Japan, Brazil and other jurisdictions regarding document collection, review and production and information systems access in regulatory investigations, including advising on consent, notice and data transfer issues.
    • An athletic equipment startup on litigation alleging potential violations of the Illinois Biometric Information Privacy Act.

    Corporate Finance

    • Stripe in connection with its $6.5 billion Series I preferred stock private placement, which valued the company at over $50 billion and marked one of the largest private stock sales in U.S. history.
    • Financial institutions, insurers and manufacturers in describing the impact of new privacy laws, regulations and cross-border data transfer restrictions in their SEC disclosures.
    • Various financial institutions and sovereign wealth funds on data privacy issues in connection with various investments in a number of companies in mobile advertising, defense, real estate, insurance and the business services sectors.
    • A multinational mining, metals and petroleum company on privacy matters in connection with its investment in a company engaged in analyzing geolocation data.
    Read More
    Rankings and Recognitions

    Rankings and Recognitions

    • Nicky Friedlander and Tony Lewis Named to Cybersecurity Docket’s “Incident Response 50” for 2023

      April 21, 2023
    • Nicky Friedlander Named to Cybersecurity Docket’s “Incident Response 40”

      April 22, 2022
    Read More
    News

    News

    • S&C Advises on Stripe’s $6.5 Billion Stock Private Placement

      April 12, 2023
    • S&C Advises J.P. Morgan on Acquisition of Aumni

      March 29, 2023
    • S&C Advises Mitsubishi UFJ Financial Group as It Completes Sale of MUFG Union Bank to U.S. Bancorp

      December 8, 2022
    • S&C Advises Kering Eyewear in Acquisition of Eyewear Brand Maui Jim

      March 21, 2022
    • New York State Bar Association Event: The Post-GDPR Compliance Landscape

      October 16, 2018
    Read More
    Publications, Videos and Podcasts

    Publications, Videos and Podcasts

    • Recent Developments in U.S. Privacy Law at the State Level

      Podcasts  |  June 1, 2022
    • New California Privacy Requirements Effective in 2023

      S&C Memos |  March 16, 2023
    • Delaware Chancery Court Rejects Caremark Liability for Failure to Oversee Cybersecurity Risk

      S&C Memos |  September 19, 2022
    • Utah Consumer Privacy Act

      S&C Memos |  April 27, 2022
    • Privacy Considerations When Engaging Vendors in Breach Response

      Podcasts |  February 4, 2022
    Read More
    Read More
    Sullivan & Cromwell LLP Logo
    • Home
    • Contact Us
    • Sitemap
    • Information Policy Relating to Cookies
    • Privacy Policy
    • California Privacy Policy
    • Web Site Notice
    • Attorney Advertising Notice
    © 2023 Sullivan & Cromwell LLP