SlideShare ist ein Scribd-Unternehmen logo
1 von 26
Downloaden Sie, um offline zu lesen
We’ve been at it from the start…
Strength in numbers
Our practice is one of the few that offers the deep expertise of highly specialized
lawyers in corporate transactions, litigation defense and employment law – all
within the privacy and data security specialization, and in all tiers of seniority.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
1996: Health Insurance Portability and Accountability
Act (HIPAA) was passed by Congress.
1996-1999: Early commercialization of the World Wide Web
and e-Commerce.
In early 1997, 51 million adults were online in the U.S. and
Canada. Of those people, 73% reported that they had
shopped for product information on the World Wide Web.
1996: Our lawyers had already specialized in health
care law for many years, and had been tracking this
legislation through Congress. Upon enactment, they
promptly began advising covered entities, preparing
privacy statements and training materials, counseling
on compliance, and negotiating business associate
agreements.
1996-1999: Our lawyers wrote the first Web site Privacy
Policies for corporations venturing onto the Web.
Legacy Web site Privacy Policies had been written by
marketing professionals, designed to assuage consumers’
fears of transacting online. They made overbroad promises
that could be (and were, eventually) enforced legally.
1996
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
1998: Deadline for EU
countries to enact laws to
comply with European
Union’s Data Protection
Directive.
1998: Our lawyers were quick to identify
clients who had web sites that were targeted
toward children, and helped them to comply
with COPPA, taking advantage of the law’s
exceptions to reduce the impact on business.
In 2013, when the COPPA regulation was
amended, our lawyers did the same, again,
using creative strategies to reduce the
burdensome impact on legitimate, law-
abiding businesses.
1998: Our lawyers prepared
a multi-volume EU Data
Directive compliance
handbook for a German-
based multinational media
company.
1998: FTC action against
Geocities for making deceptive
privacy promises in its online
Privacy Policy. First FTC
action of its kind.
1998: Children’s
Online Privacy
Protection Act
(COPPA) enacted.
1998: Our lawyers began to
track FTC enforcement actions
on privacy promises, and to
design client privacy policies to
be “judgment-proof” against
FTC theories of action.
1998
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2000: Gramm–Leach–Bliley Act
(GLBA) Privacy Rule and Safeguards
Rule passed.
2000: Our lawyers began advising
financial institutions and their service
providers to prepare privacy
statements, craft compliant data
sharing arrangements and negotiate
compliant agreements, addressing
state mini-GLBA laws too.
2000: The U.S. Department of Commerce and the
European Union agreed to a Safe Harbor
Program to allow personal data to be exported
from Europe to the United States in compliance
with EU data protection law.
2000: Our lawyers began to assist clients to make
use of the Safe Harbor program, as one of the
easiest methods of complying with EU data
protection law with respect to exporting personal
information from Europe.
2000
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2001: European Article 29 Working Party released first model
contract to enable the export of personal information from
Europe to non-European countries whose laws did not afford
adequate data protection in the eyes of the European data
protection authorities.
2001: Our lawyers began to use these model contracts to
facilitate clients’ export of data from Europe.
When additional forms of model contracts were released in
2002, 2004 and 2010, our lawyers continued to evolve with the
landscape and advise clients to leverage their best options
under European data protection law.
2001
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2002-present: Online businesses
seek to monetize the data they
have access to from their
customers for behavioral online
advertising purposes.
2002-present: Our lawyers
represent a national cable and
broadband provider to negotiate
online advertising-related contracts
with key marketplace participants,
including addressing behavioral
advertising issues in contracts and
in implementation.
In 2014, our lawyers represented a
global online behavioral advertising
company to design its programs to
comply with U.S. laws that regulate
online tracking of Internet users.
2002: Our lawyers began to
educate clients, and counsel them
when they suffered data breaches
of sensitive customer or employee
information.
Since this law became effective,
our lawyers have handled dozens
of data breaches per year of all
shapes and sizes.
2002: FTC brought action against Eli Lilly
on data security grounds, deploying the
deceptive trade practices prong of
Section 5 of the FTC Act. This was the
first FTC action of its kind.
2002: California’s Breach
Notification Law was enacted. In
the years there-after, all U.S.
jurisdictions but three have
followed suit.
2002: Our lawyers began to track all
FTC enforcement actions pertaining to
data security, and to craft policies and
procedures for clients that would be
“judgment-proof” against FTC precedent.
2002
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2003: U.S. “CAN-SPAM” Act
was enacted, pre-empting ~50
state laws that varied in their
requirements for commercial
email.
Pre-2003: Our lawyers prepared
compliance programs for clients that
brought about compliance with all laws
for one email campaign.
Pre-2003: With no federal anti-spam
law, almost 50 contradictory state laws
and bills regulated a business’ ability to
send promotional emails to its
customers.
2003: Our lawyers wrote the
leading comprehensive White
Paper on the CAN-SPAM Act,
and began preparing internal
compliance procedures for clients
having the effect of reducing the
statutory damages available for
violations of the Act.
In 2015, our lawyers defended a
company whose business is to
send promotional emails for its
clients against a CAN-SPAM suit
that made novel arguments. The
suit resulted in a nominal
settlement amount.
2003: Our lawyers prepared compliance
memos and tables for all types of direct
marketing: e-mail, fax, telemarketing, text
messaging, instant messaging and postal
marketing.
2003
2003: The Federal Communications
Commission issued a decision that the
Telephone Consumer Protection Act
applies to text messages as “calls,” adding to
the suite of state and federal laws regulating
direct marketing, including email,
telemarketing, faxing and text messaging.
In 2009, the 9th Circuit agreed with the
FCC’s determination in Satterfield v. Simon
& Schuster, leading to a $13M settlement.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2005: FTC action against BJs for failing to protect
consumer data from unauthorized access, where they
had not made a promise to protect data. This was the
first FTC action of its kind.
2005: Kristen Mathews, the head of Proskauer’s
Privacy & Cybersecurity practice, received her
certification as an information privacy professional
by the International Association of Privacy
Professionals. Since then, eight of our lawyers
have received their CIPP credentials over the
years.
2005: Our lawyers continued to track all FTC
enforcement actions pertaining to data security, and to
craft policies and procedures for clients that would be
“judgment-proof” against FTC precedent.
In 2003, the International Association of Privacy
Professionals (IAPP) was formed.
2005
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2006: The legal specialty of “data privacy law” began to
take stride at other law firms, with some firms beginning
to take interest and launch formal practice groups.
2006: Proskauer lawyers authored and edited the first
comprehensive treatise on the topic of privacy and data
protection, Proskauer On Privacy, published by the
Practicing Law Institute and still updated by Proskauer
lawyers and outside authors two times per year.
Proskauer launched its Privacy Law Blog, which was
since selected for inclusion in the Library of Congress
historic collection of Internet materials.
2006: Assisted luxury auto brand to survey
laws in all 50 states to address privacy
issues with collection, use and sharing of
customer and vehicle usage data from
vehicles remotely.
2006: In 2005, states had begun to enact
laws that regulate the collection of vehicle
and driver information from vehicles.
2006
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2007: TJX (of T.J. Max stores) had just
suffered the largest data breach to date, and
cyber insurance policies were in their
infancy, with just a few specialty carriers in
the market.
2007: Our lawyers assisted a specialty
insurance carrier to design its new cyber risk
insurance policy to apply appropriately to the
marketplace.
2007
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2008:
Our lawyers began to identify
the key differences between
traditional outsourcing and
cloud services from a data
protection perspective, and
negotiating agreements for
our clients to address those
new and novel issues.
2008:
Chambers & Partners
added a “Privacy and
Data Security” category
to its annual law firm
rankings publication.
2008-2016:
Proskauer’s Privacy &
Cybersecurity Practice
Group has been
Chambers-ranked
since 2008.
2008
2008-2009:
FTC in heat of enforcement
actions against companies
that have suffered data
breaches.
2008-2009:
Our lawyers defended a
private class action and an
FTC action against an
education company that
suffered a security breach.
A favorable settlement of
the private claim was
reached, and the FTC was
dissuaded from pursuing
an action against the
company.
2008:
Cloud computing began to
replace traditional technology
outsourcing arrangements.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2008: The “Red Flags Rule” was passed by the Federal
Trade Commission and banking regulators, requiring
companies to take measures to detect and take action on
detected ID theft.
2008: Our lawyers wrote A Practical Guide To The Red
Flag Rules, published by the Practicing Law Institute.
Our lawyers worked with creditors and financial
institutions to “brainstorm” the indicators detectable to
them of identity theft on their customer accounts and the
appropriate action to take in light of such indicators, and
to design programs around these frameworks.
2008: Assisted developer of
consumer mobile application to
conduct “privacy-by-design” in
development of application and also
prepared App privacy policy.
2008: Mobile Apps began to replace
Web sites as the preferred means of
interacting with customers online.
2008
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2009: The Federal Trade
Commission took an expansive
interpretation of the scope of
the Red Flags Rule, by
considering businesses that
accepted payment for services
in arrears to be “creditors”
covered by the rule.
2009: Europe’s e-Privacy
Directive amended to require
web sites to obtain user
consent before using cookies.
2009: Proskauer represented
the American Bar Association
to fight the contention that
lawyers are covered by the Red
Flags Rule. The court agreed,
and found that law firms are not
covered by the regulation.
Following that, Congress
amended the Act to carve-out
more business models from its
scope on the same grounds.
2009: Proskauer represented a major
U.S. bank defending claims arising from
the loss of computer back-up tapes. In a
significant win, the defendants’ motions to
dismiss were granted.
Proskauer also represented the bank in
respect of multiple regulatory
investigations, stemming from the same
data loss, including fashioning an
extremely favorable settlement with a
state attorney general.
2009: Our lawyers developed a
framework to inventory and
categorize cookies based on
compliance obligations and risk,
and derived implementation
plans for clients that were
business-friendly and risk-
based.
2009
2009: Some of the earliest data breach
private actions were waged against
companies that suffered data breaches.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2002-2011: After being on the books but unenforced
since 1990, plaintiffs’ class action lawyers began to
enforce California’s Song Beverly Credit Card
Act, which puts burdens on a retailer’s collection of
customer data at the point of sale.
2002-2011: Our lawyers defended several of the first
class action law suits against retailers under the
Song Beverly Act and negotiated favorable
settlements that were leveraged in future cases
against other retailers defended by other counsel.
To protect other clients from similar class actions,
our lawyers identified each of the states with similar
laws and prepared a risk chart that graphically
illustrated the types of PII requests that could and
could not be made in each state and identified
practical work-around solutions for each state law.
2002 2011
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2010: A complex, multi-
party litigation arose
from among the largest
data breaches to date,
suffered by a payment
card processor and
affecting 40M payment
cards. The case was in
the heat of litigation,
approaching settlement.
2010: Proskauer lawyers conducted
“privacy by design” evaluation and
prepared a privacy policy for an online
tool for music, movie, game and other
content distribution service used by
dozens of top technology and
entertainment companies.
2010: Our lawyers represented
a financial services company
against a putative nationwide
consumer class action lawsuit
alleging failure to safeguard
non-public financial
information. The case was
dismissed and the decision
was upheld on appeal.
2010: Private class action law
suits continue to wage against
companies that had suffered
data security breaches.
2010: Regulators from around the world gathered at
the annual assembly of International Data Protection
and Privacy Commissioners in Jerusalem, Israel, and
unanimously passed a resolution recognizing
Privacy by Design as an essential component of
fundamental privacy protection. In 2012, this was
followed by the U.S. Federal Trade Commission’s
recognition of Privacy by Design in its report entitled
Protecting Consumer Privacy in an Era of Rapid
Change – a major validation of its significance.
2010
2010: Proskauer
represented a specialty
cyber security insurance
carrier in overseeing the
defense of its insured
against claims that it
was responsible for one
of the largest payment
card data breaches on
record. The outcome
was a favorable
settlement.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2010: Companies were increasingly being held responsible
by regulators and private claimants for data security
breaches they suffered at the hands of criminal data thieves.
2010: Our lawyers provided comprehensive assessment of
clients’ data security practices, benchmarked findings
against applicable laws, identified practical ways to address
the identified gaps, documented the client’s practices in the
form of written policies and procedures, developed training
materials and conducted a train-the-trainer program to help
the client uniformly communicate the policy.
2010: Plaintiff class action law
suits continue to wage against
companies that have sent text
messages allegedly without
consent in violation of the
Telephone Consumer
Protection Act.
2010: Our lawyers represented a
movie production company in the
defense and settlement of a
putative class action in which the
plaintiff alleged that the company,
through a third-party vendor, sent
nearly 100,000 text messages to
individual consumers without
consent. We reached a favorable
settlement with the plaintiff class,
which the federal district approved.
2010
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2010-2016: In 2010, our lawyers
assisted one of the first media
conglomerates to develop a policy
and plan of action to allow employees
to use their personal devices for work
purposes.
In 2012, we assisted a mobile device
management (MDM) solution provider
to create a “state-of-the-art” template
“bring your own device” policy for use
by its customers.
Assisted many companies thereafter
with BYOD policies, as legal analysis
has changed by virtue of the desire to
make BYOD mandatory as a cost-
saving method.
2010: After the term “big data” was coined in 2005 by Roger
Mougalas from O’Reilly Media, corporate America
increasingly looked for ways they could leverage the large
data sets they had accumulated in the ordinary course of their
business.
2010: Our lawyers assisted a nonprofit financial institution in student loan-guaranteeing
business to survey its rights under numerous agreements with students, other lenders and
federal student loan agencies, as well as applicable federal and state laws, to reuse and
disclose student loan information to serve a separate for-profit product offering to schools.
Following that, in 2011, our lawyers assisted a global publisher of business information to
determine the scope of its rights to use information received from auto dealerships about
vehicle sales to create a licensed product containing aggregate sales information without
personally identifiable information, and negotiated agreement with industry group representing
auto dealers to receive necessary rights to data in order to create and sell product.
In 2013-14, our lawyers assisted a global financial institution in the insurance industry to
determine its rights under applicable contracts and federal and state laws to use insurance
policy information received from insurance carriers and their counterparts to provide aggregate
information to all participating carriers, and prepared agreements for use with participants to
procure necessary rights.
2010
2010-2016: In 2010, companies
just began to acquiesce to
employee demands to use their
personally owned devices (instead
of company-issued blackberries)
to access their corporate email
and calendar (BYOD).
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2011: Our lawyers
began to carefully craft
disclosures for publicly
traded companies that
accurately reflect risk
and are at par with
disclosures of similarly
situated companies.
2011
2011: Electoral organizations
begin to explore the viability
of online voting in political
elections.
2011: Our lawyers assisted a
not-for-profit organization
with addressing privacy,
data security and online
authentication issues with
regard to an online voting
portal where it was essential
that voters be reliably
authenticated.
2011: SEC releases
guidance for publicly
traded companies to
disclose cybersecurity
risks and breaches on
SEC filings.
2011-2012: Google continues to assume dominance in the
marketplace, to push the boundaries of data protection laws
globally, and to defend numerous privacy-related law suits
and governmental investigations.
2011-2012: Advised global investment firm having large
investment in Google as to Google’s financial exposure under
privacy laws as well as the likelihood of Google suffering a
financial loss under each of the many privacy legal
challenges they faced at the time.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2012: After being on the books but unenforced since 2005, plaintiffs’
class action lawyers began to experiment with California’s Shine the
Light Act, hoping it would be as lucrative for them as some other
privacy laws that provide for statutory damages.
2012: Our lawyers defended among the first of these cases brought,
and using creative arguments and strategy, led the case to dismissal.
Although many class action suits were filed under this law around the
same time against several entities by the same plaintiffs’ counsel, this
was the first substantive ruling by any court and had a pivotal effect
on other pending litigation.
Those cases achieved dismissal too, and no new class action under
this law has been brought since.
2012
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2012: Our lawyers prepared comprehensive data breach incident response plan for
national publicly traded car retailer and conducted tabletop incident response exercise for
whole incident response team including presentation of final report to the board.
Since then, our lawyers have presented several cybersecurity tabletop exercises per year,
for companies including an insurance company, a retailer, a residential services provider,
a national health care provider, and a television network.
2012: Companies began to use “tabletop” data breach exercises to train to handle an
actual data breach.
2012
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2013-2014: A second wave of data breaches hit retailers
nationwide, targeting point of sale card processing
equipment.
2013-2015: Our lawyers defended a
HIPAA-covered entity in connection
with an inquiry by the Department of
Health and Human Services relating to
a security breach of Protected Health
Information. Ultimately, the OCR was
persuaded not to pursue the action.
2013-2014: Our lawyers assisted one of these retailers to
respond to the breach in compliance with applicable laws
and to mitigate exposure to reputational loss and legal
damages. Managed the client’s response to the data
security breach, including identifying the full nature and
scope of the incident, engaging vendors to provide computer
forensic and credit monitoring services, preparing
notification letters in full compliance with the 46+ state
information security breach laws, and interfacing with state
attorneys general and other government agencies.
2013-14
2013-2015: The Department of Health
and Human Services’ Office of Civil
Rights has ramped up its efforts to
enforce the HIPAA Security Rule
against health care providers that have
suffered data security breaches.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2013-2016: Our lawyers assisted a
global cruise company in crafting an
agreement with a European law
enforcement body to share passenger
information in accordance with
European data protection law.
2013: Our lawyers worked with the
American Civil Liberties Union
(ACLU) in Clapper v. Amnesty
International, a case brought before
the United States Supreme Court
challenging 2008 amendments
made to the Foreign Intelligence
Surveillance Act which essentially
allows the National Security Agency
(NSA) to monitor Americans’
international communications.
2013-2015
2013: Corporations increasingly
leverage technologies that
allow them to track the physical
whereabouts of their personnel
in fleet vehicles and using
smart phones and tablets.
2013-2016: Anti-terrorism law
enforcement bodies worldwide
increasingly seek to receive data from
private companies that help them
track the whereabouts of individuals
on watch lists.
2013: Our lawyers conducted a
50-state survey of laws that
require consent to track the
geographic location of people
using various technologies.
2013: Ed Snowden copied and
leaked classified information from
the National Security Agency
(NSA) revealing the extent of the
U.S. government’s surveillance on
communications of U.S. citizens.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2014
2014:
The International Association
of Privacy Professionals
expands its presence in
Europe. 2014:
SEC released Risk Alert warning
broker dealers and investment
advisors that they will be expected to
have a robust cybersecurity program
in place.
2014:
Electricity companies begin to
explore “smart meters” as a
way to conserve energy.
2014:
Cecile Martin, Special
International Counsel in our
Paris office, was appointed
Chair of the International
Association of Privacy
Professionals KnowledgeNet
for France.
2014:
Our lawyers assisted a
national solar power company
to establish a privacy
program, including customer-
facing privacy notices, to
address privacy issues raised
by collecting highly granular
information about household
occupancy and habits from
residential smart meters.
2014:
Our lawyers immediately
began to counsel broker dealers,
investment advisors, hedge funds,
and private equity firms about the
SEC’s cybersecurity mandate and
how they can prepare to meet the
SEC’s expectations of them with
regard to cybersecurity.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2015: An increasing
trend evolved of so-
called data security
consultants detecting
security vulnerabilities
in technology products
and reporting them to
the company and to
government
authorities.
2015: Our lawyers
represented a medical
software company in
an investigation by the
Federal Trade
Commission against a
doctor practice
management software
vendor relating to an
alleged security
vulnerability in its
software product.
2015: Proskauer represented
T-Mobile in connection with the
widely-publicized data breach of
millions of its customers’
information housed by its vendor,
Experian.
2015
2015: Our lawyers
successfully defended a
high end fashion house in a
Fair and Accurate Credit
Transactions Act (FACTA)
litigation alleging that the
retailer failed to redact credit
card expiration dates from
customer receipts. Our
motion to dismiss the case
was granted.
2015: Our lawyers
immediately began to
assist clients to decide
upon and put in place
alternative means to
export and receive
personal information from
Europe.
2015: After years of enforce-
ment by plaintiffs class
action lawyers reaping the
benefit of statutory
damages, plaintiffs’ counsel
are still suing retailers under
FACTA for including too
much payment card
information on printed sales
receipts.
2015: Increasingly over the 10+
years since data breaches have
been reported publicly, data
breaches are being caused by
service providers who are hired
by a company to serve a back-
end function.
2015: A European court
invalidated the Safe
Harbor program, which
has allowed personal
data to be transferred
from Europe to the United
States for the last 15
years.
How Proskauer addressed itHow Proskauer addressed it
How Proskauer addressed it
Historical Development of Privacy and Data Protection Law
We’ve been at it from the start…
1995 20162000 2005 2010
2016:
Europe passed its new General Data Protection
Regulation (GDPR) which will replace its twenty-
year-old Data Protection Directive and be directly
effective on companies worldwide by 2018.
2016:
Our lawyers began to counsel clients on the
changes they would need to make in order to
become compliant with the new regulation by 2018.
2016

Weitere ähnliche Inhalte

Was ist angesagt?

Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...Dr. Oliver Massmann
 
Privacy_Issues_Overview
Privacy_Issues_OverviewPrivacy_Issues_Overview
Privacy_Issues_OverviewBrian Berger
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands legalandgeneral
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...DDMA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
The International Comparative Legal Guide to: Data Protection 2014
The International Comparative Legal Guide to: Data Protection 2014The International Comparative Legal Guide to: Data Protection 2014
The International Comparative Legal Guide to: Data Protection 2014Hogan Lovells BSTL
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...Kenneth Riley
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
GDPR - The new era of data protection
GDPR - The new era of data protectionGDPR - The new era of data protection
GDPR - The new era of data protectionInterlogica
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy   Now!What You Need To Know About Privacy   Now!
What You Need To Know About Privacy Now!catherinecoulter
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 

Was ist angesagt? (19)

Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
Lawyer in Vietnam Dr. Oliver Massmann COMPLIANCE and CLEAR CONSENT - New EU G...
 
Privacy_Issues_Overview
Privacy_Issues_OverviewPrivacy_Issues_Overview
Privacy_Issues_Overview
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
The International Comparative Legal Guide to: Data Protection 2014
The International Comparative Legal Guide to: Data Protection 2014The International Comparative Legal Guide to: Data Protection 2014
The International Comparative Legal Guide to: Data Protection 2014
 
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
[Title Redacted for Privacy Purposes]: How Internal Audit Can Help Drive Priv...
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
GDPR - The new era of data protection
GDPR - The new era of data protectionGDPR - The new era of data protection
GDPR - The new era of data protection
 
PL&B _UK_80
PL&B _UK_80PL&B _UK_80
PL&B _UK_80
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORT
 
What You Need To Know About Privacy Now!
What You Need To Know About Privacy   Now!What You Need To Know About Privacy   Now!
What You Need To Know About Privacy Now!
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 

Ähnlich wie Proskauer on Privacy

Chp10 public policy
Chp10 public policyChp10 public policy
Chp10 public policyEngr Razaque
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...
LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...
LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...VALLOYD
 
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Tom Meagher
 
Privacy In The Information Age
Privacy In The Information AgePrivacy In The Information Age
Privacy In The Information AgeDeb Birch
 
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation   ncsl - mobile privacy enforcement 130502 (as presented)Presentation   ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Jason Haislmaier
 
The Immigration Reform And Immigrant Responsibility Act Of...
The Immigration Reform And Immigrant Responsibility Act Of...The Immigration Reform And Immigrant Responsibility Act Of...
The Immigration Reform And Immigrant Responsibility Act Of...Kimberly Jones
 
SIM - Mc leod ch10
SIM - Mc leod ch10SIM - Mc leod ch10
SIM - Mc leod ch10Welly Tjoe
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
Cyber law and introduction for undergrad
Cyber law and introduction for undergradCyber law and introduction for undergrad
Cyber law and introduction for undergradAzmawati Lazim
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxNargis Parveen
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in EuropeMartyn Ripley
 
EC2017 United Kingdom
EC2017  United KingdomEC2017  United Kingdom
EC2017 United KingdomRobert Bond
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Richik Sarkar
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kate Chan
 

Ähnlich wie Proskauer on Privacy (20)

Chp10 public policy
Chp10 public policyChp10 public policy
Chp10 public policy
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your Data
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...
LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...
LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Deve...
 
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
 
Privacy In The Information Age
Privacy In The Information AgePrivacy In The Information Age
Privacy In The Information Age
 
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
Presentation   ncsl - mobile privacy enforcement 130502 (as presented)Presentation   ncsl - mobile privacy enforcement 130502 (as presented)
Presentation ncsl - mobile privacy enforcement 130502 (as presented)
 
Cyber law
Cyber lawCyber law
Cyber law
 
MIS chap # 10..
MIS chap # 10..MIS chap # 10..
MIS chap # 10..
 
The Immigration Reform And Immigrant Responsibility Act Of...
The Immigration Reform And Immigrant Responsibility Act Of...The Immigration Reform And Immigrant Responsibility Act Of...
The Immigration Reform And Immigrant Responsibility Act Of...
 
SIM - Mc leod ch10
SIM - Mc leod ch10SIM - Mc leod ch10
SIM - Mc leod ch10
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing?
 
Cyber law and introduction for undergrad
Cyber law and introduction for undergradCyber law and introduction for undergrad
Cyber law and introduction for undergrad
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in Europe
 
EC2017 United Kingdom
EC2017  United KingdomEC2017  United Kingdom
EC2017 United Kingdom
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016
 

Kürzlich hochgeladen

An introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha PanditAn introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha PanditSHRADDHA PANDIT
 
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdfIslamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdfNo One
 
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...Anadi Tewari
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Dr. Oliver Massmann
 
The Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a TemplateThe Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a TemplateBTL Law P.C.
 
Classification of Contracts in Business Regulations
Classification of Contracts in Business RegulationsClassification of Contracts in Business Regulations
Classification of Contracts in Business RegulationsSyedaAyeshaTabassum1
 
xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.mike689707
 
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...SHRADDHA PANDIT
 
Patents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future SolutionsPatents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future SolutionsAurora Consulting
 

Kürzlich hochgeladen (10)

An introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha PanditAn introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha Pandit
 
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdfIslamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
 
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
The Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a TemplateThe Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a Template
 
Classification of Contracts in Business Regulations
Classification of Contracts in Business RegulationsClassification of Contracts in Business Regulations
Classification of Contracts in Business Regulations
 
xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.
 
Criminalizing Disabilities & False Confessions
Criminalizing Disabilities & False ConfessionsCriminalizing Disabilities & False Confessions
Criminalizing Disabilities & False Confessions
 
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
 
Patents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future SolutionsPatents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future Solutions
 

Proskauer on Privacy

  • 1. We’ve been at it from the start…
  • 2. Strength in numbers Our practice is one of the few that offers the deep expertise of highly specialized lawyers in corporate transactions, litigation defense and employment law – all within the privacy and data security specialization, and in all tiers of seniority.
  • 3. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 1996: Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress. 1996-1999: Early commercialization of the World Wide Web and e-Commerce. In early 1997, 51 million adults were online in the U.S. and Canada. Of those people, 73% reported that they had shopped for product information on the World Wide Web. 1996: Our lawyers had already specialized in health care law for many years, and had been tracking this legislation through Congress. Upon enactment, they promptly began advising covered entities, preparing privacy statements and training materials, counseling on compliance, and negotiating business associate agreements. 1996-1999: Our lawyers wrote the first Web site Privacy Policies for corporations venturing onto the Web. Legacy Web site Privacy Policies had been written by marketing professionals, designed to assuage consumers’ fears of transacting online. They made overbroad promises that could be (and were, eventually) enforced legally. 1996
  • 4. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 1998: Deadline for EU countries to enact laws to comply with European Union’s Data Protection Directive. 1998: Our lawyers were quick to identify clients who had web sites that were targeted toward children, and helped them to comply with COPPA, taking advantage of the law’s exceptions to reduce the impact on business. In 2013, when the COPPA regulation was amended, our lawyers did the same, again, using creative strategies to reduce the burdensome impact on legitimate, law- abiding businesses. 1998: Our lawyers prepared a multi-volume EU Data Directive compliance handbook for a German- based multinational media company. 1998: FTC action against Geocities for making deceptive privacy promises in its online Privacy Policy. First FTC action of its kind. 1998: Children’s Online Privacy Protection Act (COPPA) enacted. 1998: Our lawyers began to track FTC enforcement actions on privacy promises, and to design client privacy policies to be “judgment-proof” against FTC theories of action. 1998
  • 5. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2000: Gramm–Leach–Bliley Act (GLBA) Privacy Rule and Safeguards Rule passed. 2000: Our lawyers began advising financial institutions and their service providers to prepare privacy statements, craft compliant data sharing arrangements and negotiate compliant agreements, addressing state mini-GLBA laws too. 2000: The U.S. Department of Commerce and the European Union agreed to a Safe Harbor Program to allow personal data to be exported from Europe to the United States in compliance with EU data protection law. 2000: Our lawyers began to assist clients to make use of the Safe Harbor program, as one of the easiest methods of complying with EU data protection law with respect to exporting personal information from Europe. 2000
  • 6. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2001: European Article 29 Working Party released first model contract to enable the export of personal information from Europe to non-European countries whose laws did not afford adequate data protection in the eyes of the European data protection authorities. 2001: Our lawyers began to use these model contracts to facilitate clients’ export of data from Europe. When additional forms of model contracts were released in 2002, 2004 and 2010, our lawyers continued to evolve with the landscape and advise clients to leverage their best options under European data protection law. 2001
  • 7. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2002-present: Online businesses seek to monetize the data they have access to from their customers for behavioral online advertising purposes. 2002-present: Our lawyers represent a national cable and broadband provider to negotiate online advertising-related contracts with key marketplace participants, including addressing behavioral advertising issues in contracts and in implementation. In 2014, our lawyers represented a global online behavioral advertising company to design its programs to comply with U.S. laws that regulate online tracking of Internet users. 2002: Our lawyers began to educate clients, and counsel them when they suffered data breaches of sensitive customer or employee information. Since this law became effective, our lawyers have handled dozens of data breaches per year of all shapes and sizes. 2002: FTC brought action against Eli Lilly on data security grounds, deploying the deceptive trade practices prong of Section 5 of the FTC Act. This was the first FTC action of its kind. 2002: California’s Breach Notification Law was enacted. In the years there-after, all U.S. jurisdictions but three have followed suit. 2002: Our lawyers began to track all FTC enforcement actions pertaining to data security, and to craft policies and procedures for clients that would be “judgment-proof” against FTC precedent. 2002
  • 8. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2003: U.S. “CAN-SPAM” Act was enacted, pre-empting ~50 state laws that varied in their requirements for commercial email. Pre-2003: Our lawyers prepared compliance programs for clients that brought about compliance with all laws for one email campaign. Pre-2003: With no federal anti-spam law, almost 50 contradictory state laws and bills regulated a business’ ability to send promotional emails to its customers. 2003: Our lawyers wrote the leading comprehensive White Paper on the CAN-SPAM Act, and began preparing internal compliance procedures for clients having the effect of reducing the statutory damages available for violations of the Act. In 2015, our lawyers defended a company whose business is to send promotional emails for its clients against a CAN-SPAM suit that made novel arguments. The suit resulted in a nominal settlement amount. 2003: Our lawyers prepared compliance memos and tables for all types of direct marketing: e-mail, fax, telemarketing, text messaging, instant messaging and postal marketing. 2003 2003: The Federal Communications Commission issued a decision that the Telephone Consumer Protection Act applies to text messages as “calls,” adding to the suite of state and federal laws regulating direct marketing, including email, telemarketing, faxing and text messaging. In 2009, the 9th Circuit agreed with the FCC’s determination in Satterfield v. Simon & Schuster, leading to a $13M settlement.
  • 9. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2005: FTC action against BJs for failing to protect consumer data from unauthorized access, where they had not made a promise to protect data. This was the first FTC action of its kind. 2005: Kristen Mathews, the head of Proskauer’s Privacy & Cybersecurity practice, received her certification as an information privacy professional by the International Association of Privacy Professionals. Since then, eight of our lawyers have received their CIPP credentials over the years. 2005: Our lawyers continued to track all FTC enforcement actions pertaining to data security, and to craft policies and procedures for clients that would be “judgment-proof” against FTC precedent. In 2003, the International Association of Privacy Professionals (IAPP) was formed. 2005
  • 10. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2006: The legal specialty of “data privacy law” began to take stride at other law firms, with some firms beginning to take interest and launch formal practice groups. 2006: Proskauer lawyers authored and edited the first comprehensive treatise on the topic of privacy and data protection, Proskauer On Privacy, published by the Practicing Law Institute and still updated by Proskauer lawyers and outside authors two times per year. Proskauer launched its Privacy Law Blog, which was since selected for inclusion in the Library of Congress historic collection of Internet materials. 2006: Assisted luxury auto brand to survey laws in all 50 states to address privacy issues with collection, use and sharing of customer and vehicle usage data from vehicles remotely. 2006: In 2005, states had begun to enact laws that regulate the collection of vehicle and driver information from vehicles. 2006
  • 11. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2007: TJX (of T.J. Max stores) had just suffered the largest data breach to date, and cyber insurance policies were in their infancy, with just a few specialty carriers in the market. 2007: Our lawyers assisted a specialty insurance carrier to design its new cyber risk insurance policy to apply appropriately to the marketplace. 2007
  • 12. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2008: Our lawyers began to identify the key differences between traditional outsourcing and cloud services from a data protection perspective, and negotiating agreements for our clients to address those new and novel issues. 2008: Chambers & Partners added a “Privacy and Data Security” category to its annual law firm rankings publication. 2008-2016: Proskauer’s Privacy & Cybersecurity Practice Group has been Chambers-ranked since 2008. 2008 2008-2009: FTC in heat of enforcement actions against companies that have suffered data breaches. 2008-2009: Our lawyers defended a private class action and an FTC action against an education company that suffered a security breach. A favorable settlement of the private claim was reached, and the FTC was dissuaded from pursuing an action against the company. 2008: Cloud computing began to replace traditional technology outsourcing arrangements.
  • 13. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2008: The “Red Flags Rule” was passed by the Federal Trade Commission and banking regulators, requiring companies to take measures to detect and take action on detected ID theft. 2008: Our lawyers wrote A Practical Guide To The Red Flag Rules, published by the Practicing Law Institute. Our lawyers worked with creditors and financial institutions to “brainstorm” the indicators detectable to them of identity theft on their customer accounts and the appropriate action to take in light of such indicators, and to design programs around these frameworks. 2008: Assisted developer of consumer mobile application to conduct “privacy-by-design” in development of application and also prepared App privacy policy. 2008: Mobile Apps began to replace Web sites as the preferred means of interacting with customers online. 2008
  • 14. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2009: The Federal Trade Commission took an expansive interpretation of the scope of the Red Flags Rule, by considering businesses that accepted payment for services in arrears to be “creditors” covered by the rule. 2009: Europe’s e-Privacy Directive amended to require web sites to obtain user consent before using cookies. 2009: Proskauer represented the American Bar Association to fight the contention that lawyers are covered by the Red Flags Rule. The court agreed, and found that law firms are not covered by the regulation. Following that, Congress amended the Act to carve-out more business models from its scope on the same grounds. 2009: Proskauer represented a major U.S. bank defending claims arising from the loss of computer back-up tapes. In a significant win, the defendants’ motions to dismiss were granted. Proskauer also represented the bank in respect of multiple regulatory investigations, stemming from the same data loss, including fashioning an extremely favorable settlement with a state attorney general. 2009: Our lawyers developed a framework to inventory and categorize cookies based on compliance obligations and risk, and derived implementation plans for clients that were business-friendly and risk- based. 2009 2009: Some of the earliest data breach private actions were waged against companies that suffered data breaches.
  • 15. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2002-2011: After being on the books but unenforced since 1990, plaintiffs’ class action lawyers began to enforce California’s Song Beverly Credit Card Act, which puts burdens on a retailer’s collection of customer data at the point of sale. 2002-2011: Our lawyers defended several of the first class action law suits against retailers under the Song Beverly Act and negotiated favorable settlements that were leveraged in future cases against other retailers defended by other counsel. To protect other clients from similar class actions, our lawyers identified each of the states with similar laws and prepared a risk chart that graphically illustrated the types of PII requests that could and could not be made in each state and identified practical work-around solutions for each state law. 2002 2011
  • 16. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2010: A complex, multi- party litigation arose from among the largest data breaches to date, suffered by a payment card processor and affecting 40M payment cards. The case was in the heat of litigation, approaching settlement. 2010: Proskauer lawyers conducted “privacy by design” evaluation and prepared a privacy policy for an online tool for music, movie, game and other content distribution service used by dozens of top technology and entertainment companies. 2010: Our lawyers represented a financial services company against a putative nationwide consumer class action lawsuit alleging failure to safeguard non-public financial information. The case was dismissed and the decision was upheld on appeal. 2010: Private class action law suits continue to wage against companies that had suffered data security breaches. 2010: Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. In 2012, this was followed by the U.S. Federal Trade Commission’s recognition of Privacy by Design in its report entitled Protecting Consumer Privacy in an Era of Rapid Change – a major validation of its significance. 2010 2010: Proskauer represented a specialty cyber security insurance carrier in overseeing the defense of its insured against claims that it was responsible for one of the largest payment card data breaches on record. The outcome was a favorable settlement.
  • 17. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2010: Companies were increasingly being held responsible by regulators and private claimants for data security breaches they suffered at the hands of criminal data thieves. 2010: Our lawyers provided comprehensive assessment of clients’ data security practices, benchmarked findings against applicable laws, identified practical ways to address the identified gaps, documented the client’s practices in the form of written policies and procedures, developed training materials and conducted a train-the-trainer program to help the client uniformly communicate the policy. 2010: Plaintiff class action law suits continue to wage against companies that have sent text messages allegedly without consent in violation of the Telephone Consumer Protection Act. 2010: Our lawyers represented a movie production company in the defense and settlement of a putative class action in which the plaintiff alleged that the company, through a third-party vendor, sent nearly 100,000 text messages to individual consumers without consent. We reached a favorable settlement with the plaintiff class, which the federal district approved. 2010
  • 18. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2010-2016: In 2010, our lawyers assisted one of the first media conglomerates to develop a policy and plan of action to allow employees to use their personal devices for work purposes. In 2012, we assisted a mobile device management (MDM) solution provider to create a “state-of-the-art” template “bring your own device” policy for use by its customers. Assisted many companies thereafter with BYOD policies, as legal analysis has changed by virtue of the desire to make BYOD mandatory as a cost- saving method. 2010: After the term “big data” was coined in 2005 by Roger Mougalas from O’Reilly Media, corporate America increasingly looked for ways they could leverage the large data sets they had accumulated in the ordinary course of their business. 2010: Our lawyers assisted a nonprofit financial institution in student loan-guaranteeing business to survey its rights under numerous agreements with students, other lenders and federal student loan agencies, as well as applicable federal and state laws, to reuse and disclose student loan information to serve a separate for-profit product offering to schools. Following that, in 2011, our lawyers assisted a global publisher of business information to determine the scope of its rights to use information received from auto dealerships about vehicle sales to create a licensed product containing aggregate sales information without personally identifiable information, and negotiated agreement with industry group representing auto dealers to receive necessary rights to data in order to create and sell product. In 2013-14, our lawyers assisted a global financial institution in the insurance industry to determine its rights under applicable contracts and federal and state laws to use insurance policy information received from insurance carriers and their counterparts to provide aggregate information to all participating carriers, and prepared agreements for use with participants to procure necessary rights. 2010 2010-2016: In 2010, companies just began to acquiesce to employee demands to use their personally owned devices (instead of company-issued blackberries) to access their corporate email and calendar (BYOD).
  • 19. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2011: Our lawyers began to carefully craft disclosures for publicly traded companies that accurately reflect risk and are at par with disclosures of similarly situated companies. 2011 2011: Electoral organizations begin to explore the viability of online voting in political elections. 2011: Our lawyers assisted a not-for-profit organization with addressing privacy, data security and online authentication issues with regard to an online voting portal where it was essential that voters be reliably authenticated. 2011: SEC releases guidance for publicly traded companies to disclose cybersecurity risks and breaches on SEC filings. 2011-2012: Google continues to assume dominance in the marketplace, to push the boundaries of data protection laws globally, and to defend numerous privacy-related law suits and governmental investigations. 2011-2012: Advised global investment firm having large investment in Google as to Google’s financial exposure under privacy laws as well as the likelihood of Google suffering a financial loss under each of the many privacy legal challenges they faced at the time.
  • 20. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2012: After being on the books but unenforced since 2005, plaintiffs’ class action lawyers began to experiment with California’s Shine the Light Act, hoping it would be as lucrative for them as some other privacy laws that provide for statutory damages. 2012: Our lawyers defended among the first of these cases brought, and using creative arguments and strategy, led the case to dismissal. Although many class action suits were filed under this law around the same time against several entities by the same plaintiffs’ counsel, this was the first substantive ruling by any court and had a pivotal effect on other pending litigation. Those cases achieved dismissal too, and no new class action under this law has been brought since. 2012
  • 21. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2012: Our lawyers prepared comprehensive data breach incident response plan for national publicly traded car retailer and conducted tabletop incident response exercise for whole incident response team including presentation of final report to the board. Since then, our lawyers have presented several cybersecurity tabletop exercises per year, for companies including an insurance company, a retailer, a residential services provider, a national health care provider, and a television network. 2012: Companies began to use “tabletop” data breach exercises to train to handle an actual data breach. 2012
  • 22. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2013-2014: A second wave of data breaches hit retailers nationwide, targeting point of sale card processing equipment. 2013-2015: Our lawyers defended a HIPAA-covered entity in connection with an inquiry by the Department of Health and Human Services relating to a security breach of Protected Health Information. Ultimately, the OCR was persuaded not to pursue the action. 2013-2014: Our lawyers assisted one of these retailers to respond to the breach in compliance with applicable laws and to mitigate exposure to reputational loss and legal damages. Managed the client’s response to the data security breach, including identifying the full nature and scope of the incident, engaging vendors to provide computer forensic and credit monitoring services, preparing notification letters in full compliance with the 46+ state information security breach laws, and interfacing with state attorneys general and other government agencies. 2013-14 2013-2015: The Department of Health and Human Services’ Office of Civil Rights has ramped up its efforts to enforce the HIPAA Security Rule against health care providers that have suffered data security breaches.
  • 23. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2013-2016: Our lawyers assisted a global cruise company in crafting an agreement with a European law enforcement body to share passenger information in accordance with European data protection law. 2013: Our lawyers worked with the American Civil Liberties Union (ACLU) in Clapper v. Amnesty International, a case brought before the United States Supreme Court challenging 2008 amendments made to the Foreign Intelligence Surveillance Act which essentially allows the National Security Agency (NSA) to monitor Americans’ international communications. 2013-2015 2013: Corporations increasingly leverage technologies that allow them to track the physical whereabouts of their personnel in fleet vehicles and using smart phones and tablets. 2013-2016: Anti-terrorism law enforcement bodies worldwide increasingly seek to receive data from private companies that help them track the whereabouts of individuals on watch lists. 2013: Our lawyers conducted a 50-state survey of laws that require consent to track the geographic location of people using various technologies. 2013: Ed Snowden copied and leaked classified information from the National Security Agency (NSA) revealing the extent of the U.S. government’s surveillance on communications of U.S. citizens.
  • 24. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2014 2014: The International Association of Privacy Professionals expands its presence in Europe. 2014: SEC released Risk Alert warning broker dealers and investment advisors that they will be expected to have a robust cybersecurity program in place. 2014: Electricity companies begin to explore “smart meters” as a way to conserve energy. 2014: Cecile Martin, Special International Counsel in our Paris office, was appointed Chair of the International Association of Privacy Professionals KnowledgeNet for France. 2014: Our lawyers assisted a national solar power company to establish a privacy program, including customer- facing privacy notices, to address privacy issues raised by collecting highly granular information about household occupancy and habits from residential smart meters. 2014: Our lawyers immediately began to counsel broker dealers, investment advisors, hedge funds, and private equity firms about the SEC’s cybersecurity mandate and how they can prepare to meet the SEC’s expectations of them with regard to cybersecurity.
  • 25. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2015: An increasing trend evolved of so- called data security consultants detecting security vulnerabilities in technology products and reporting them to the company and to government authorities. 2015: Our lawyers represented a medical software company in an investigation by the Federal Trade Commission against a doctor practice management software vendor relating to an alleged security vulnerability in its software product. 2015: Proskauer represented T-Mobile in connection with the widely-publicized data breach of millions of its customers’ information housed by its vendor, Experian. 2015 2015: Our lawyers successfully defended a high end fashion house in a Fair and Accurate Credit Transactions Act (FACTA) litigation alleging that the retailer failed to redact credit card expiration dates from customer receipts. Our motion to dismiss the case was granted. 2015: Our lawyers immediately began to assist clients to decide upon and put in place alternative means to export and receive personal information from Europe. 2015: After years of enforce- ment by plaintiffs class action lawyers reaping the benefit of statutory damages, plaintiffs’ counsel are still suing retailers under FACTA for including too much payment card information on printed sales receipts. 2015: Increasingly over the 10+ years since data breaches have been reported publicly, data breaches are being caused by service providers who are hired by a company to serve a back- end function. 2015: A European court invalidated the Safe Harbor program, which has allowed personal data to be transferred from Europe to the United States for the last 15 years.
  • 26. How Proskauer addressed itHow Proskauer addressed it How Proskauer addressed it Historical Development of Privacy and Data Protection Law We’ve been at it from the start… 1995 20162000 2005 2010 2016: Europe passed its new General Data Protection Regulation (GDPR) which will replace its twenty- year-old Data Protection Directive and be directly effective on companies worldwide by 2018. 2016: Our lawyers began to counsel clients on the changes they would need to make in order to become compliant with the new regulation by 2018. 2016