Multidisciplinary Teams for Complex Privacy Matters
Led by top practitioners in privacy, cybersecurity, financial services, fintech, intellectual property, criminal investigations and civil litigation, S&C's Privacy Group has the depth and experience to advise companies on the full range of privacy issues that can arise in complex matters.
S&C has worked with clients subject to wide-ranging privacy and data protection laws and regulations, which include the California Consumer Privacy Act (CCPA) and other comprehensive U.S. state privacy laws, the European Union General Data Protection Regulation (GDPR) and UK GDPR, the Gramm-Leach-Bliley Act (GLB), and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
From start-ups to well-established companies, clients turn to S&C's multi-disciplinary team to collaborate on privacy issues impacting their products and services; compliance with local, state, federal and international privacy laws and regulations; and privacy-focused investigations and litigation. We help clients incorporate privacy-by-design into their products and product lifecycles and conduct data protection impact assessments that evaluate how they collect, use, disclose and dispose of personal information.
In transactions, we strategize closely with our clients to evaluate personal information at the outset of our engagement and develop creative solutions to avoid potential barriers that might limit the use of that information. We conduct privacy due diligence tailored to a company's data collection practices, industry and geographic scope, revise and negotiate agreements and assist clients with post-closing transition services, including data integration or separation.
Areas of focus include:
- Advising clients on privacy and cybersecurity issues in mergers, acquisitions and joint ventures;
- Assisting clients with developing privacy compliance programs, including by drafting privacy notices, data subject request policies and procedures and data processing agreements;
- Providing strategic counseling on data governance and privacy issues associated with new business opportunities or the collection of sensitive categories of personal information;
- Consumer marketing programs;
- Developing cross-border data transfer strategies and assisting with compliance with international privacy laws and regulations;
- Advising on employee privacy issues including employee monitoring, geolocation tracking and the use of ephemeral communications;
- Assisting clients in responding to and evaluating the impact of federal, state and international privacy investigations and litigation; and
- Drafting and revising privacy-related disclosures in regulatory filings.
Subscribe to receive our insights.
- Memo: Utah Consumer Privacy Act: Utah Is the Fourth State in the U.S. to Enact Comprehensive Privacy Legislation
- Podcast: S&C Critical Insights – Privacy Considerations When Engaging Vendors in Breach Response
- Memo: The Federal Trade Commission's Updated Safeguards Rule: An Overview
- Memo: Federal Banking Agencies Issue Final Rule Regarding Cyber Incident Notification Requirements
- Podcast: S&C Critical Insights – New DOJ Initiatives Address Nation's Cybersecurity Infrastructure
- Memo: Personal Information Protection Law of the People's Republic of China—Overview
- Podcast: S&C Critical Insights – Recent SEC Cybersecurity Enforcement Actions
- Kering Eyewear in its acquisition of Hawaiian eyewear brand Maui Jim.
- Booking Holdings in its $1.2 billion acquisition of Getaroom, a B2B distributor of hotel rooms, from Court Square Capital Partners.
- Biohaven in its $11.6 billion acquisition by Pfizer.
- Financial institutions, telecommunications and entertainment companies, manufacturers and others in drafting and negotiating data processing agreements in connection with the provision of transitional services following the closing of complex transactions.
Compliance, Contracting and Strategic Counseling
- A technology licensing company, digital assets provider and other companies in drafting, revising and negotiating data processing agreements and other privacy-related contracts.
- A currency settlement services provider on privacy compliance issues in connection with contemplated sales, marketing and promotional activities.
- Various companies on the use of customer information for data analytics purposes, including whether certain uses would comply with federal and state privacy and other laws.
- An online healthcare platform on privacy compliance obligations associated with a new payment processing initiative.
- HIPAA-covered entities and business associates on their HIPAA compliance obligations, including drafting, negotiating and executing business associate agreements.
International and Cross-Border
- A Web 3.0 startup in developing a GDPR compliance program, including for privacy notices, data subject request policies and procedures, data governance and contracting.
- A prominent family office on the scope of data subject rights in various data protection laws and regulations across the globe.
- Various manufacturers on compliance with the Chinese Personal Information Protection Law.
- An international apparel company on the data protection laws and cross-border data transfer requirements in several Latin American jurisdictions.
- Biopharma companies in revising employee manuals, policies, procedures and codes of conduct addressing privacy and data protection compliance.
- A large financial institution on conducting global background checks in accordance with applicable data protection laws and regulations.
- One of Canada’s largest asset managers on employee privacy issues in connection with the opening of a New York office.
- A large financial institution in connection with extensive requests for employee personal information in connection with the sale of a subsidiary.
- Various companies on notice requirements in NYC’s new employee monitoring law.
- A technology platform in obtaining a preliminary injunction preventing the City of New York from implementing a new ordinance intended to collect personal data about the users of short-term rental platforms.
- Various companies on compliance with the GDPR and data protection laws in Canada, Japan, Brazil and other jurisdictions regarding document collection, review and production and information systems access in regulatory investigations, including advising on consent, notice and data transfer issues.
- An athletic equipment startup on litigation alleging potential violations of the Illinois Biometric Information Privacy Act.
- Financial institutions, insurers and manufacturers in describing the impact of new privacy laws, regulations and cross-border data transfer restrictions in their SEC disclosures.
- A prominent financial institution on data privacy issues in connection with various investments in a number of companies in mobile advertising, real estate, insurance and the business services sectors.
- A multinational mining, metals and petroleum company on privacy matters in connection with its investment in a company engaged in analyzing geolocation data.