Advanced Search :: Tips

Practice Contacts

Bruce E. H. Johnson
206.757.8069
brucejohnson@dwt.com

Related Practices

Digital Media

Emerging Payments

Employment & Labor

Employment Litigation

Intellectual Property Litigation

Related Industries

Digital Media

Related Resources

Privacy & Security

Privacy and security issues touch virtually every aspect of an organization’s operations–from online activities to workplace policies to cross-border commerce–and can involve multiple layers of regulatory challenges. To further complicate matters, legal rules and technologies are changing rapidly and profoundly.

We are pioneers in this dynamic arena of law. A core group of our intellectual property, communications, technology and employment lawyers and litigators continue to navigate new territory for our clients and share this knowledge with prospective clients and peers. We help clients not only comply with the law, but also custom-design privacy and security plans to forecast and manage potential legal and regulatory issues germane to their specific workplaces, industries and global technology needs. Our areas of expertise include:

Privacy matters
We provide counsel on all critical privacy issues for media companies, retailers, health care organizations, financial institutions and other clients handling sensitive data–including personally identifiable information. Our lawyers have extensive experience with the privacy requirements of the Cable Act, FTC, state privacy laws, state data security laws, the Children’s Online Privacy Protection Act (COPPA), the CAN SPAM Act, Communications Assistance for Law Enforcement Act (CALEA), the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), HITECH, ECPA, CPNI, DMCA, payment card industry data security standards, self-regulatory regimes, the European Union’s Data Protection and Privacy Directives, and legislative proposals.

We regularly consult on privacy policies, the sale of customer lists and the transfer of data to vendors. And our lawyers are well-versed in the latest resolution strategies should a breach of security involving personally identifiable information occur, having assisted dozens of clients in resolving such situations.

Security advice and consultation
Our attorneys:

Assist with establishing secure private networks
Help negotiate and implement agreements for Internet and network security
Provide counsel on security regulations that apply to immigration and import issues and to doing business overseas
Advise buyers and sellers on U.S. restrictions on exporting software with encryption features
Represent government agencies as they develop and acquire new computer systems
Advise on issues related to the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.
Provide counsel on contracts involving digital signatures
Assist with developing and monitoring records management systems
Consult on the risks involved in sharing information with third parties for marketing or other business purposes
Provide expertise on the legal requirements for destroying personally identifiable information
Advise on compliance with state and federal subpoenas, trap and trace, pen register, and wiretap orders, warrants, and other civil and criminal demands for information

Employer workplace issues
We provide up-to-the minute counsel on changing regulations affecting the workplace, including developing and reviewing policies relating to data security, Internet access, email and voicemail security and privacy, or counseling on protecting trade secrets and other forms of IP during the termination of employment.

Litigation services
We have represented media organizations, hospitals and other health care organizations, technology providers, communications companies, banks and other clients in privacy and security matters involving the following:

Domain name infringement
Theft of trade secrets and customer lists
Invasion of privacy and defamation
Illegal downloading of music and movies
Database security
Spyware
Phishing

International privacy issues
We have substantial experience in all aspects of international privacy issues. We have drafted policies compliant with European Union data protection laws, federal and provincial privacy laws in Canada, and the privacy laws in major Pacific Rim countries. We advise on issues related to transfers of personal information from the EU in connection with outsourcing, commercial transactions, discovery and internal investigations, employee matters and day-to-day operations of multinational organizations. We also help clients navigate restrictions in the USA Patriot Act, revised immigration laws and processes, and various export and import regulations such as the encryption and high-technology provisions of the International Trade in Arms Regulations and the Trading with the Enemy Act. We advise clients on practical approaches for becoming compliant with the new European rules on website cookies and behavioral marketing and on restrictions on the collection and use of geolocation and communications traffic data under European laws. We are closely engaged in ongoing reviews in Europe of the Data Protection Directive (95/46/EC) and the Data Retention Directive (2006/24) and in national implementation of new communications-related privacy laws under the e-Privacy Directive (2002/58/EC).

Selected Experience

Communications data retention for Internet service providers

Advising on European Union legislation revising requirements for Internet services providers to retain communications traffic data for use in law enforcement and national security investigations in Europe. (Ongoing)

European data protection for global business media & events company

Advise on European data protection compliance for client’s marketing communications & lead generation activities, use of website cookies and privacy policies. (Ongoing)

IP video and digital media for various MSOs and vendors

Advice on operational, regulatory, franchising, programming, security, copy protection and interface requirements for delivery of commercial video content to tablets, 'Smart TVs,' IP-enabled devices, and home networks. (Ongoing)

Paul v. Providence Health System

Putative class action alleging that the theft of unencrypted backup tapes and optical discs from the car of an employee was negligent and a violation of the Oregon Unfair Trade Practices Act. Plaintiffs sought to certify the case on behalf of a class of 365,000 current and former patients whose patient information was stored on the stolen material. The court granted a motion to dismiss with prejudice and all claims were dismissed. Dismissal was affirmed by the Oregon Court of Appeals. 237 Or. App. 584, 240 P.3d 1110 (Or. App. 2010). Review is pending in the Oregon Supreme Court. (Ongoing)

Privacy legislation

Counsels clients on developments in federal privacy laws and legislation directed at digital media applications and services involving the collection and use of personal information and behavioral marketing and advertising. (Ongoing)

TruePosition

Advise location information technology licensor TruePosition regarding legal restrictions pertaining to use of cell site location information. (2011)

Cloud based privacy compliance for leading technology company

Advised on compliance obligations under selected European, Asian and Middle Eastern privacy laws with respect to the international launch of cloud-based collaboration services. (2011)

International information security for cloud services providers

Advised several clients on data transfer and information security requirements under Argentinean data protection law related to providing services in and locating servers in Argentina. (2011)

Zango, Inc. v. Kaspersky Lab, Inc.

Summary judgment dismissing lawsuit against distributor of anti-malware products, recognizing 'robust' immunity under 47 U.S.C. § 230(c)(2) enabling consumer access to information about potentially 'objectionable' software. In 2009, the U.S. Court of Appeals for the 9th Circuit affirmed the lower court's 2007 dismissal. WL 1655217 (W.D. Wash., 9th Cir. 2009)

Arcilla v. adidas Promotional Retail Operations, Inc.

Defended two consumer class actions asserting violations of FACTA (credit card privacy act). 488 F. Supp. 2d 965 (C.D. Cal. 2008)

ACLU vs. National Security Agency

Represented the ACLU in a challenge to the president's authority to engage in warrantless wiretapping of U.S. citizens, including an appeal of a summary judgment ruling, first to the 6th Circuit and then to the U.S. Supreme Court. 493 F.3d 644 (6th Cir. 2007), cert. denied, 128 S. Ct. 1334 (2008) (U.S. 2007)

South San Joaquin Irrigation District v. Meridian Pacific, Inc.

Action against political consulting firm for unauthorized entry into governmental agency's computer network. (San Joaquin Cnty. (Cal.) Super. Ct. 2007)

Steinbuch v. Cutler

Obtained dismissal of privacy and related claims against Ana Marie Cox, former author of the blog 'Wonkette,' based on excerpting, linking to and commenting on another blogger's first-hand accounts of her relationship with plaintiff. 1:05CV00970 (D.D.C. 2007)

Cybersecurity for cable MSOs

Consultation with federal security agencies on network and supply chain security.

Search Experience