Privacy, Data Security, and Data Breaches

The world is becoming smaller at an alarming pace.  Thanks to incredible technological advances, we can store and access information on an infinite number of subjects in the blink of an eye.  We have made nearly every aspect of our lives accessible from anywhere, giving us increased freedom – and increased responsibility.

The law surrounding privacy and freedom of information is just now beginning to catch up to the technology.   Business owners, service providers, and government officials are having to balance the exciting opportunities that metadata collection and cloud accessibility provide with the responsibility to protect the privacy of individual businesses and citizens. Brooks Pierce has eagerly jumped into this ever-changing area of law.  Our attorneys are heavily sought-after thought leaders and speakers on data privacy, privacy breaches, and new technologies. 

Providing cutting-edge counsel.  Our attorneys remaining on the leading edge of privacy regulations.  We counsel executives and businesses in a wide variety of industries on developing privacy policies, staying compliant to state and federal regulations, and consumer protections.  Some of the industries we counsel include:

  • IT – advice regarding the growth of technology, network privacy and security
  • Healthcare – advice regarding HIPAA law, the use of patient information, and the protection of electronic Protected Health Information (PHI)
  • Media – advice regarding freedom of information issues, wiretapping, advertising and content creation
  • Financial services – advice regarding the Right to Financial Privacy Act and other financial privacy regulations, and best practices to ensure consumer information security
  • E-commerce – advice regarding commercial emails, consumer information security, the Children’s Online Privacy Protection Act, and other issues
  • UAS – advice regarding the increasing use of Unmanned Aerial Vehicles (or “drones”) and related privacy issues

Here are some examples of digital media and privacy issues that companies may face in the life of their digital operations:

Data Collection and Privacy Policies.  Many different federal and state laws govern how businesses collect, use, share and store online data.  Many of these laws address specific types of consumer data—including children’s data (the Children’s Online Privacy Protection Act), financial information (Graham-Leach-Bliley Act and the Fair Credit Reporting Act) and personal health information (HIPAA).  The Federal Trade Commission and various state agencies also regulate data collection, security and disposal.  Your terms and conditions—and especially your privacy policies—need to be consistent with these laws and they also need to be conspicuously posted on all of your digital platforms.   

Online Advertising and Marketing Laws.  The Federal Trade Commission regulates online advertisements just as it regulates traditional advertising.  But understanding how to include the required advertising disclosures can be a challenge for space-constrained ads on social media platforms and for “native advertising” that is often integrated with editorial content (for example, “sponsored content” or recommendation widgets).  The Federal Communications Commission also imposes significant restrictions on text message marketing, and violations of these rules can lead to significant legal exposure.  Additionally, the FTC regulates product endorsements and testimonials across online and “non-traditional” media platforms. Online contests and sweepstakes are governed by state and federal laws, as well as by a new category of “private laws” established by social media platforms like Facebook, Twitter, and Tumbler when you host contests utilizing those tools.  Preparing the right rules and disclosures for your contests requires knowledge of each of these public and private laws.  

Using Digital Images, Videos and Celebrity Likenesses.  The Internet has become the new frontier for copyright infringement, and tracking images has never been easier.  Any copyright holder can input its photo or video into Google Images and immediately track which sites are using it.  Businesses that use images and video to market or promote their goods or services must be careful not to post music or video without first obtaining the required licenses (which can be several when dealing with music videos).  The same issues arise when using the name, image or likeness or a famous person to market or promote your product.  Celebrities are increasingly aggressive about raising right of publicity or false endorsement claims when brands use their name, image or likeness alongside their product.

Insurance and Vendor Agreements.  Given the legal risks with online marketing and privacy, companies are paying special attention to insurance and indemnification issues.  Insurers are offering data breach policies, but you need to be sure that they are sufficient to cover your potential risk points.  Advertising or marketing service agreements must clearly identify which party is responsible for obtaining clearances for content and for complying with specific state and federal laws regarding advertising disclosures, contests, promotions or industry-specific advertising requirements.  

Data Breach Response.  When data breaches occur (and they will occur), business may have a host of obligations to consumers, vendors, and state and federal regulators.  Forty seven (47) states have data breach notification laws, not to mention HIPAA and the Graham-Leach-Bliley rules.  Class action lawyers also have brought suits against businesses for not sufficiently guarding against—and not sufficiently responding to—a data breach.  Leaving aside the costs of litigation, the costs of complying with notification laws, repairing the data breach, and restoring the reputation of your business’s brand can be enormous.  Having counsel engaged before a breach happens is the best way to mitigate those costs when problems do arise.  

How can we help your business provide responsible security?

Digital Media and Data Privacy Law Blog