Whether clients seek to capitalize on the innovative business opportunities that digital technologies present or to manage the accompanying risks, we provide practical legal guidance relating to the challenges of using both established and emerging technologies.

Our lawyers strive to provide a legal framework that supports our clients in meeting their strategic, business, and technology objectives.

Our attorneys routinely advise clients on day-to-day operational issues involving privacy and security matters.

Compliance Counseling and Regulatory Guidance
Privacy and data security are regulated at the international, federal, state, and local levels. Our lawyers provide advice to clients across a spectrum of compliance considerations, ranging from international to local:

  • Section 5 of the Federal Trade Commission Act (FTC Act)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
  • Children's Online Privacy Protection Act (COPPA)
  • European Union Privacy Issues (including GDPR and Privacy Shield framework)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Gramm-Leach-Bliley Act (GLBA)
  • Electronic Communications Privacy Act (ECPA)
  • Telephone Consumer Protection Act (TCPA)
  • Payment Card Industry Data Security Standard (PCI-DSS) and Payment Application Data Security Standard (PA-DSS)

show more

Privacy and Information Security Client Results

Representative Matters
  • Holland & Hart acts as privacy counsel and advises a number of US-based clients in relation to their regulatory and compliance obligations with regard to EU law. Recent examples of advice have included: mechanisms for legal transfer of personal data from the EU to the US the EU/US Privacy Shield program, standard contractual clauses, binding corporate rules and consent; review of online privacy policies to ensure compliance with the laws of multiple jurisdictions; and advice regarding the legality of employee monitoring in the EU.

    The following are examples of the types of privacy and information security work we have done and continue to do for certain of our clients:

    • Provide analysis of GDPR applicability to US organizations across a range of industries, including fraud monitoring, airlines, automotive, online retail and telecommunications; 
    • Advise with respect to territorial reach of GDPR and, in particular, how it applies to US based organizations without an EU presence.
    • Preparation of GDPR specific policies and procedures, data breach response obligations and data subject rights.
    • Counselling and advising on data breach response obligations for both US and international data breaches.
    • Provide guidance and regulatory review of promotional and marketing campaigns involving social media, digital and Internet programs directed to consumers; advise on consumer protection issues and evolving national privacy regulations and best practices; and draft agreements with service providers including interactive advertising agencies, app developers and promotions companies.
    • Advise on data protection issues arising in connection with international multimedia promotions for film properties, including providing strategic counseling on international compliance with online data collection requirements, with particular focus on social media campaigns and websites targeted at children.
    • Work on initiatives including developing international privacy programs and strategies that address the collection, use and processing of personal information of patients, customers, vendors, and business partners; drafting policies, operating procedures and processes that address the use of personal information; preparing training materials for seminars on social media, communications and privacy issues; drafting templates and schedules that address data security and personal information for use with vendors and service providers; providing ongoing counseling on domestic and international privacy matters.
    • Provide guidance and regulatory review of clients' data collection and processing functions and advise on privacy strategy both within the USA and Europe. Advise on the potential impact of proposed USA "do not track" legislation and changes to EU laws arising out of the EU Cookie Directive.
    • Provide comprehensive support for multichannel retailers operating in multiple states in connection with retail stores, catalog sales and online merchandising. Counseling includes consumer protection and privacy issues, implementation of consumer loyalty programs, customer acquisition and business intelligence components, promotional and marketing programs including sweepstakes, product reviews, coupons and gift cards.
    • Provided counseling and advice in relation to employee monitoring in the UK and the transfer of employee data to the USA.
    • Provided counseling and advice in relation to international (including European) regulations and laws applicable to data protection and information security.
    • Provided counseling and advice in relation to the use of Privacy Shield, model contract clauses and other consent models as a means of transferring PII from the EU to the US.

Privacy and Information Security Publications

Experienced and Certified: International Association of Privacy Professionals

Tracy Gray - CIPP/US Certification from IAPP
Craig Stewart - CIPP/US Certification from IAPP
 

200+ Data Breach Incidents: Resolved

Holland & Hart has helped organizations from emerging start-ups to established Fortune 100 companies resolve more than 200 data breach incidents

BTI's Best at Cybersecurity 2017

Recognized as a “strong cybersecurity performer” by Corporate Counsel

DISCLAIMER

Unless you are a current client of Holland & Hart LLP, please do not send any confidential information by email. If you are not a current client and send an email to an individual at Holland & Hart LLP, you acknowledge that we have no obligation to maintain the confidentiality of any information you submit to us, unless we have already agreed to represent you or we later agree to do so. Thus, we may represent a party adverse to you, even if the information you submit to us could be used against you in a matter, and even if you submitted it in a good faith effort to retain us.