Schiff Hardin assists clients in understanding and complying with the numerous international, federal, state and local laws and regulations that govern the collection, protection and sharing of personal information. Our work in this area includes the following:

  • Preparation and enforcement of privacy policies and procedures
  • Negotiation of appropriate contracts to protect and share personal information
  • Counseling on data security measures, including compliance with Payment Card Industry (PCI) Data Security Standards
  • Advising clients on online data collection and crafting Web site privacy policies
  • Drafting data retention and deletion policies
  • Providing clients with periodic alerts concerning data privacy issues and developments
  • Compliance with industry-specific privacy laws, such as those applicable to medical (HIPAA) and financial (Gramm-Leach-Bliley) data

We provide advice to clients concerning data breaches, such as through hacking, lost laptops or theft of data. We help clients navigate the maze of applicable state laws to craft a response and provide appropriate notification of the data breach to affected persons. We also regularly provide advice on the appropriate use of personal data for commercial e-mail and direct mailings, including compliance with spam laws and sweepstakes rules.

Our work in this area has been for clients of all sizes in a variety of industries, including large manufacturers, multinational corporations, online retailers, nonprofits, and online service providers. We counsel multinational clients concerning compliance with international data privacy regimes, including the EU Privacy Directive and the related Safe Harbor and model data sharing contracts.