Data Privacy and Security

Constant and rapid changes in technology, a regular flow of new and stricter laws, and increasing press coverage of data breaches and threats to organizations makes data security among the hardest concerns to keep up with and one of the most important issues every business faces in today’s world.

In today’s economy, every institution holds data that is vital to the life and growth of its business. Whether it is employees’ Social Security and bank account information, customer contact lists, sensitive intellectual property, or a wide-range of customer information, governments set privacy and security standards, and individuals and businesses have expectations that your business must meet. Those legal requirements and personal expectations are getting higher, not lower. Staying updated in the ever-changing area of data privacy and security is made even harder by the reality that every company needs policies, practices, and agreements that fit their unique circumstances.

By staying on top of current changes in the technology, law and trends, Bodman’s Data Privacy and Security team leverages the diverse backgrounds and experiences of our group to meet each client — wherever they are in the process and whatever their size or industry — and help them come up-to-speed and reach a place where they can confidently perform their core business knowing they have a partnership that assists in the ongoing process of defending their data.

Services

Our services include:

• Data Breach Investigation, Response, and Notification

• Information Sharing with Governments

• Red Flags Rules

• Advertising and Marketing Privacy

• Data Sharing

• Data Privacy and Security Audits

• Health Privacy (including HIPAA Compliance)

• Financial and Lending Privacy

• Children’s Privacy

• Education and Student Loan Privacy

• Telecommunications Privacy

• Retailer and Point of Sale Privacy

• Payment Card Data Security (including Payment Card Industry [PCI] Compliance)

• International Privacy Laws

• European Union Privacy Laws

• Canadian Privacy Laws

• Social Media Privacy

• Consumer Privacy

• Consumer Protection Litigation

• Buying and Selling Individuals’ Data

• Data Breach Litigation

• State Privacy Laws and Litigation

• Mobile and Geolocational Privacy

• Mobile App and App Store Privacy

• Data Retention Policies

• Data Destruction Policies

• Employee Monitoring and Privacy

• General Privacy and Data Security Compliance

Representative Matters

Our team has assisted both small and large organizations in the creation of preventative policies related to state, federal, and international compliance laws and regulations in addition to guiding them through high-pressure, time-is-of-the-essence, incident response situations.

• Global Technology Joint Venture’s Internal Data Breach Affects 20,000 Individuals

  Represented a multinational silicone-based technology corporation in a data breach that affected 20,000 current and former employees. Assistance included review of the breached data, preparation of letters to the affected individuals, to state governments, the preparation of court filings, and the revision of company privacy policies.

• DOT Medical Certification Process Company Receives HIPAA Compliance Program, from Start to Finish

  Assisted a DOT medical certification process company with the establishment of its corporate records and retention policies, as well as creation of a Health Insurance Portability and Accountability Act (HIPAA) compliance program, including the drafting of its privacy policies, the drafting and negotiation of Business Associate Agreements, the drafting and application of risk assessments, and the drafting of user and employer consent forms.

• Savings Bank Re-Drafts GLBA-Compliant Provisions for Its Vendor Agreements

  Advised the largest publicly-traded savings bank headquartered in the Midwest in the drafting of new Gramm-Leach-Bliley Act (GLBA)-compliant and other privacy and security provisions for its vendor agreements

• Financial Services Company Needs HIPAA Business Associate Agreements Prepared for Various Service Lines

  Counseled a publicly-traded financial services company in the preparation of HIPAA business associate agreements related to lending agreements, treasury management services agreements, consumer banking agreements, and insurance services agreements

• Religious Organization Experiences Data Breach Affecting More Than 10,000 Employees

  Counseled an agency that handles payroll processing and employee benefits for a religious order across the State of Michigan in the remediation of a data breach that affected more than 10,000 employees, helping the agency seek indemnification from its service provider, draft letters to affected individuals, and negotiate agreements to prevent recurrence of the problem

• NFL Team Needs HIPAA Compliance Program & Representation During NFL HIPAA Audit

  Implemented a Health Insurance Portability and Accountability Act (HIPAA) compliance program for a National Football League (NFL) team, including its privacy policies, the drafting and negotiation of Business Associate Agreements, and the drafting and application of risk assessments; represented the football team during NFL’s HIPAA audit

• Lender Experience for GLBA and HIPAA Data Security & Privacy Compliance

  Assisted numerous banks and financial institutions with Gramm-Leach Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA) information security compliance