Privacy and Data Security

Dykema’s Privacy and Data Security Practice provides a full suite of services to manage the entire life cycle of a company’s data from its creation to ultimate deletion. Dykema recognizes that privacy and data security concerns will vary greatly by industry due to industry-specific regulation and activity. To address these concerns, Dykema’s Privacy and Data Security Practice is organized by industry group specialty, including attorneys with deep experience in the areas below. Within each of these industries, Dykema lawyers provide a full suite of services to clients including:

  • Consumer Class Action Defense
  • Cyber Insurance
  • Employee Education and Training
  • Federal and State Regulatory and Compliance Counseling
  • Incident Response and Data Breach Litigation
  • International Compliance and Agreements
  • Mergers, Acquisitions and Vendor/Partner Transactions
  • Privacy C-Suite Counseling (Privacy Program Creation, Privacy Impact Assessments, “Privacy By Design” and Product Development Counseling)

Automotive (Including Connected Cars/Autonomous Vehicles)

In this quickly changing field, privacy and data security play key roles in shaping how vehicles behave and use data. Founded in Detroit and a longtime advisor to the automotive sector, Dykema stands at the forefront of this developing arena. In addition to advising clients on their own product initiatives, Dykema has taken a leading role in various organizations including the University of Michigan’s Mobility Transformation Center and the Connected Vehicle Trade Association.

Education and Student Privacy

While the collection of data involving students has been highly regulated for decades, older laws are being expanded to cover new use cases and states are quickly adopting their own privacy and data security laws. Dykema has experience in the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and many state and local rules that apply to data collected on children and students.

Financial Services and Fintech

Whether a startup new to the regulated environment or a traditional depository institution, Dykema helps clients avoid legal challenges by understanding the full financial data protection landscape, including laws such as the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Federal Trade Commission Act and the roles of state and federal regulators, particularly the Consumer Financial Protection Bureau (CFPB), other bank and credit union regulators and the Federal Trade Commission. Dykema’s team includes former regulators and others who have been involved in developing the financial privacy and data security framework from the beginning, representing traditional financial institutions moving into an “omnichannel” environment, as well as cutting-edge Fintech companies offering new and innovative products and services.

Health Information Privacy and Security

As part of their day to day operations, health care organizations and those with whom they do business have access to massive volumes of patient personal and medical information. The privacy and security of this highly-sensitive information is regulated by federal and state privacy and security laws, including HIPAA. Dykema can assist in developing privacy and security policies and procedures, conducting employee training programs and preparing required documents. Dykema’s team also guides companies through security incidents, data breaches and analysis of required breach notification, representing all types of health care providers, insurers, managed care organizations, employer group health plans and other organizations serving as business associates of entities covered by HIPAA.

International and Cross Border Data Transfers

Today, data flows across international borders and the internet allowing even small companies to serve customers globally. This great opportunity also creates immense challenges as companies grapple with vastly different privacy and data security schemes. Dykema’s skilled privacy and data protection lawyers help companies navigate these complex global issues by developing compliance programs for the European General Data Protection Regulation, cross border data transfers (Privacy Shield, APEC CBPR), Canadian privacy rules and many others.

Retail Mobile Apps, Loyalty, Rewards and Advertising

The lines between brick and mortar stores, online shopping and mobile applications have blurred — and in some cases are gone altogether. Dykema’s privacy team can develop integrated solutions that work across multiple platforms and tackle the major issues that big data and data analytics pose to the retail industry. Dykema’s team has advised clients on compliance with FTC requirements, GLBA, COPPA, the Song-Beverly Credit Card Act, contract law and many other laws and regulations.

Workplace Privacy

The tools now available to employers, including in-depth background checks, instant transfers of sensitive personnel information and pervasive social media activity by employees, require an experienced legal team to help craft compliant policies and take advantage of new technologies. Dykema has the experience to help clients avoid costly civil litigation and government-enforcement actions resulting from privacy-related issues.

Speaking Engagements