Multidisciplinary Teams for Complex Privacy Matters

Led by top practitioners in privacy, cybersecurity, financial services, fintech, intellectual property, criminal investigations and civil litigation, S&C's Privacy Group has the depth and experience to advise companies on the full range of privacy issues that can arise in complex matters.

S&C has worked with clients subject to wide-ranging privacy and data protection laws and regulations, which include the California Consumer Privacy Act (CCPA) and other comprehensive U.S. state privacy laws, the European Union General Data Protection Regulation (GDPR) and UK GDPR, the Gramm-Leach-Bliley Act (GLB), and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

From start-ups to well-established companies, clients turn to S&C's multi-disciplinary team to collaborate on privacy issues impacting their products and services; compliance with local, state, federal and international privacy laws and regulations; and privacy-focused investigations and litigation. We help clients incorporate privacy-by-design into their products and product lifecycles and conduct data protection impact assessments that evaluate how they collect, use, disclose and dispose of personal information.

In transactions, we strategize closely with our clients to evaluate personal information at the outset of our engagement and develop creative solutions to avoid potential barriers that might limit the use of that information. We conduct privacy due diligence tailored to a company's data collection practices, industry and geographic scope, revise and negotiate agreements and assist clients with post-closing transition services, including data integration or separation.

Areas of focus include:

  • Advising clients on privacy and cybersecurity issues in mergers, acquisitions and joint ventures;
  • Assisting clients with developing privacy compliance programs, including by drafting privacy notices, data subject request policies and procedures and data processing agreements;
  • Providing strategic counseling on data governance and privacy issues associated with new business opportunities or the collection of sensitive categories of personal information;
  • Consumer marketing programs;
  • Developing cross-border data transfer strategies and assisting with compliance with international privacy laws and regulations;
  • Advising on employee privacy issues including employee monitoring, geolocation tracking and the use of ephemeral communications;
  • Assisting clients in responding to and evaluating the impact of federal, state and international privacy investigations and litigation; and
  • Drafting and revising privacy-related disclosures in regulatory filings.

Privacy Rankings
Subscribe to receive our insights.

Recent Insights

View All



  • Kering Eyewear in its acquisition of Hawaiian eyewear brand Maui Jim.
  • Booking Holdings in its $1.2 billion acquisition of Getaroom, a B2B distributor of hotel rooms, from Court Square Capital Partners.
  • Biohaven in its $11.6 billion acquisition by Pfizer.
  • Financial institutions, telecommunications and entertainment companies, manufacturers and others in drafting and negotiating data processing agreements in connection with the provision of transitional services following the closing of complex transactions.

Compliance, Contracting and Strategic Counseling
  • A robotics manufacturer and other companies in drafting privacy notices, terms of use, cookie policies and other online disclosures.
  • A technology licensing company, digital assets provider and other companies in drafting, revising and negotiating data processing agreements and other privacy-related contracts.
  • A currency settlement services provider on privacy compliance issues in connection with contemplated sales, marketing and promotional activities.
  • Various companies on the use of customer information for data analytics purposes, including whether certain uses would comply with federal and state privacy and other laws.
  • An online healthcare platform on privacy compliance obligations associated with a new payment processing initiative.
  • HIPAA-covered entities and business associates on their HIPAA compliance obligations, including drafting, negotiating and executing business associate agreements.

International and Cross-Border
  • A Web 3.0 startup in developing a GDPR compliance program, including for privacy notices, data subject request policies and procedures, data governance and contracting.
  • A research institute in developing a GDPR-compliant privacy policy.
  • A prominent family office on the scope of data subject rights in various data protection laws and regulations across the globe.
  • Various manufacturers on compliance with the Chinese Personal Information Protection Law.
  • An international apparel company on the data protection laws and cross-border data transfer requirements in several Latin American jurisdictions.

Employee Privacy
  • Biopharma companies in revising employee manuals, policies, procedures and codes of conduct addressing privacy and data protection compliance.
  • A large financial institution on conducting global background checks in accordance with applicable data protection laws and regulations.
  • One of Canada’s largest asset managers on employee privacy issues in connection with the opening of a New York office.
  • A large financial institution in connection with extensive requests for employee personal information in connection with the sale of a subsidiary.
  • Various companies on notice requirements in NYC’s new employee monitoring law.

  • A technology platform in obtaining a preliminary injunction preventing the City of New York from implementing a new ordinance intended to collect personal data about the users of short-term rental platforms.
  • Various companies on compliance with the GDPR and data protection laws in Canada, Japan, Brazil and other jurisdictions regarding document collection, review and production and information systems access in regulatory investigations, including advising on consent, notice and data transfer issues.
  • An athletic equipment startup on litigation alleging potential violations of the Illinois Biometric Information Privacy Act.

Corporate Finance
  • Financial institutions, insurers and manufacturers in describing the impact of new privacy laws, regulations and cross-border data transfer restrictions in their SEC disclosures.
  • A prominent financial institution on data privacy issues in connection with various investments in a number of companies in mobile advertising, real estate, insurance and the business services sectors.
  • A multinational mining, metals and petroleum company on privacy matters in connection with its investment in a company engaged in analyzing geolocation data.