Mayer Brown - Privacy & Security

Home | Contact | Pro Bono | Diversity

ABOUT MAYER BROWN

INDUSTRIES & PRACTICES

Representative Experience

Drawing from our experienced multidisciplinary team of lawyers, the Privacy & Security practice offers broad-reaching legal advice to all our clients. We regularly work in the financial services regulatory, intellectual property, outsourcing and information technology areas when advising our clients on privacy and security matters in the following main categories:

Privacy and Security Audits
Compliance
Corporate Transactions and Outsourcing
Litigation
Security Breach Response

Privacy and Security Audits
We work with our clients to conduct security and privacy audits on the adequacy of their company's security policies, procedures, information systems, and documentation, taking into account national and local laws and regulations as well as industry best practices with respect to information security, such as ISO Standard 17799. We frequently advise clients on potential exposure for use or misuse of private information and how to properly plan regarding data and security policies. This includes training for employees and vendors regarding privacy compliance. Some representative matters include:

Several companies providing them exposure analysis regarding potential liability for failing to properly monitor or maintain private information
A communications company on the GLBA privacy implications of its marketing and other arrangements with automobile dealers and manufacturers
A leading bank on the redrafting of its security policy for contractors and consultants
A major manufacturing company on the redrafting of its data access and security policies in order to reduce legal risk created by unrealistic policies, contradictory policies and policies establishing standards of care that the company was not intending to meet
A major international credit card company in the organization of PCI SSC, an organization of payment brands with the goal of providing a standardized set of data security specifications. We continue to represent the company in this organization.
Several retailers on their obligations under the Payment Card Industry's Cardholder Information Security Program with respect to the storing of information and possible security breaches
Various users of credit reports and furnishers of information to credit bureaus on their obligations under the Fair Credit Reporting Act
Several UK companies in drafting policies regarding data protection and electronic communications in compliance with EU directives

Compliance
Our clients rely on the skilled US and European lawyers in our practice to interpret the various laws, regulations, EU directives and other legal frameworks to advise them on the best approaches for compliance. Our lawyers are well-prepared to advise on industry specific statutes or compliance programs as well as worldwide jurisdictional labor and employment privacy compliance laws. Our compliance experience includes advising clients in the monitoring of electronic communications by employers, the transfer of employee data and responding to employee requests for access to data. Some representative matters include:

Several financial institutions on their safeguarding and privacy obligations under GLBA and the EU Data Protection Directive in connection with their global outsourcing of consumer data processing and other services
A multi-state mortgage lending company regarding its compliance with state and federal "do not call" and "do not fax" restrictions
A major international credit card company on the transfer of customer information outside the EEA
A major US airline concerning the export of passenger details from the EEA to the US
A major international credit card company in the organization of PCI SSC, an organization of payment brands with the goal of providing a standardized set of data security specifications. We continue to represent the company in this organization.
Several retailers on their obligations under the Payment Card Industry's Cardholder Information Security Program with respect to the storing of information and possible security breaches
Various users of credit reports and furnishers of information to credit bureaus on their obligations under the Fair Credit Reporting Act

Corporate Transactions and Outsourcing
The Sarbanes-Oxley Act and implementing regulations have caused many publicly traded companies to more carefully scrutinize their service provider arrangements, particularly as they bear on internal controls and financial statements. Because many of our clients use outsourcing service providers, whether onshore or offshore, we help them implement a security and privacy process generally, with specific steps that pertain to service providers, and other corporate transaction considerations. Some representative matters include:

Several financial institutions on their safeguarding and privacy obligations under GLBA and the EU Data Protection Directive in connection with their global outsourcing of consumer data processing and other services
A leading bank on the redrafting of its security policy for contractors and consultants
A major manufacturing company on the redrafting of its data access and security policies in order to reduce legal risk created by unrealistic policies, contradictory policies and policies establishing standards of care that the company was not intending to meet
A major international credit card company on the transfer of customer information outside the EEA
A major US airline concerning the export of passenger details from the EEA to the US

Litigation
While companies work toward data protection policies and best practices, accidental disclosure of information or security breaches can still occur. When faced with such privacy issues, our clients rely on the leading litigation and dispute resolution lawyers at Mayer Brown who are versed in privacy and security law and highly experienced in handling the range of cases and litigious scenarios a company might face. Some representative matters include:

A major international credit card company in litigation related to card security and litigation regarding the migration to triple DES in PIN entry devices (PED's)
A large travel stops convenience store chain in a class action suit for allegedly violating the Fair and Accurate Credit Transactions Act and successfully convinced the court to deny certification of the class action. The court further held that a class action was not the superior method of proceeding.
Defended major electronic securities broker in class action litigation arising from a security breach involving customer personal information
Various UK companies on investigations into misuse of electronic communications by employees

Security Breach Response
Security breach action plans have been made necessary by the proliferation of database breach notifications acts. Our practice advises on the drafting, execution and integration of these plans to minimize the risk of future breaches. Some representative matters include:

Various diversified financial services companies in connection with data security breaches and their security breach response plans and procedures including coordinating with media relations efforts

PRIVACY & SECURITY

Representative Experience

People

News & Publications

Related Areas

	© Copyright 2009. Mayer Brown LLP, Mayer Brown International LLP, and/or JSM. All rights reserved. Mayer Brown is a global legal services organization comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP, a limited liability partnership established in the United States; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales; and JSM, a Hong Kong partnership, and its associated entities in Asia. The Mayer Brown Practices are known as Mayer Brown JSM in Asia. "Mayer Brown" and the "Mayer Brown" logo are the trademarks of the individual Mayer Brown Practices in their respective jurisdictions. Legal Notices \| Attorney Advertising \| Contact Webmaster