Privacy and Data Security: Dykema

Dykema’s Privacy and Data Security Practice provides a full suite of services to manage the entire life cycle of a company’s data from its creation to ultimate deletion. Dykema recognizes that privacy and data security concerns will vary greatly by industry due to industry-specific regulation and activity. To address these concerns, Dykema’s Privacy and Data Security Practice is organized by industry group specialty, including attorneys with deep experience in the areas below. Within each of these industries, Dykema lawyers provide a full suite of services to clients including:

Consumer Class Action Defense
Cyber Insurance
Employee Education and Training
Federal and State Regulatory and Compliance Counseling
Incident Response and Data Breach Litigation
International Compliance and Agreements
Mergers, Acquisitions and Vendor/Partner Transactions
Privacy C-Suite Counseling (Privacy Program Creation, Privacy Impact Assessments, “Privacy By Design” and Product Development Counseling)

As information security becomes a critical facet of all businesses and industries and the target of many regulators, it is important to stay apprised of new legal developments. Dykema’s Privacy and Data Security team publishes The Firewall, a blog that provides insightful legal analysis of the emerging issues in data privacy and cybersecurity law to help businesses stay ahead of the curve.

Automotive (Including Connected Cars/Autonomous Vehicles)

In this quickly changing field, privacy and data security play key roles in shaping how vehicles behave and use data. Founded in Detroit and a longtime advisor to the automotive sector, Dykema stands at the forefront of this developing arena. In addition to advising clients on their own product initiatives, Dykema has taken a leading role in various organizations including the University of Michigan’s Mobility Transformation Center and the Connected Vehicle Trade Association.

Education and Student Privacy

While the collection of data involving students has been highly regulated for decades, older laws are being expanded to cover new use cases and states are quickly adopting their own privacy and data security laws. Dykema has experience in the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and many state and local rules that apply to data collected on children and students.

Financial Services and Fintech

Whether a startup new to the regulated environment or a traditional depository institution, Dykema helps clients avoid legal challenges by understanding the full financial data protection landscape, including laws such as the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Federal Trade Commission Act and the roles of state and federal regulators, particularly the Consumer Financial Protection Bureau (CFPB), other bank and credit union regulators and the Federal Trade Commission. Dykema’s team includes former regulators and others who have been involved in developing the financial privacy and data security framework from the beginning, representing traditional financial institutions moving into an “omnichannel” environment, as well as cutting-edge Fintech companies offering new and innovative products and services.

Health Information Privacy and Security

As part of their day to day operations, health care organizations and those with whom they do business have access to massive volumes of patient personal and medical information. The privacy and security of this highly-sensitive information is regulated by federal and state privacy and security laws, including HIPAA. Dykema can assist in developing privacy and security policies and procedures, conducting employee training programs and preparing required documents. Dykema’s team also guides companies through security incidents, data breaches and analysis of required breach notification, representing all types of health care providers, insurers, managed care organizations, employer group health plans and other organizations serving as business associates of entities covered by HIPAA.

International and Cross Border Data Transfers

Today, data flows across international borders and the internet allowing even small companies to serve customers globally. This great opportunity also creates immense challenges as companies grapple with vastly different privacy and data security schemes. Dykema’s skilled privacy and data protection lawyers help companies navigate these complex global issues by developing compliance programs for the European General Data Protection Regulation, cross border data transfers (Privacy Shield, APEC CBPR), Canadian privacy rules and many others.

Retail Mobile Apps, Loyalty, Rewards and Advertising

The lines between brick and mortar stores, online shopping and mobile applications have blurred — and in some cases are gone altogether. Dykema’s privacy team can develop integrated solutions that work across multiple platforms and tackle the major issues that big data and data analytics pose to the retail industry. Dykema’s team has advised clients on compliance with FTC requirements, GLBA, COPPA, the Song-Beverly Credit Card Act, contract law and many other laws and regulations.

Workplace Privacy

The tools now available to employers, including in-depth background checks, instant transfers of sensitive personnel information and pervasive social media activity by employees, require an experienced legal team to help craft compliant policies and take advantage of new technologies. Dykema has the experience to help clients avoid costly civil litigation and government-enforcement actions resulting from privacy-related issues.

Ready to respond to your needs 24/7

Call your Dykema Cyber Response Team for an immediate consultation if you suspect a possible incident.

News

Erin Fonté Praises Banks’ Outreach to Furloughed Government Employees in Law360
January 22, 2019
Erin Fonté Notes Potential of OCC’s Proposed Revision of the Community Reinvestment Act in Law360
January 7, 2019
Erin Fonté Weighs In on FinTech Standoff in Law360 Article
January 1, 2019
Fonté and Owens Blog Post Republished by Asset Finance International
October 29, 2018
Trio of Dykema Attorneys to Speak at Texas Association of Bank Counsel Convention
September 19, 2018
Erin Fonté to Serve as Featured Speaker at ABA Business Law Section Annual Meeting in Austin, Texas
September 14, 2018
Erin Fonté to Serve as Closing Keynote Speaker at 2018 Midwest Strategic Options Conference
September 5, 2018
Fonté and McGee Compare European & U.S. Financial Data Sharing Regs. for Law360
June 29, 2018
Tom Alleman Discusses Lack of Cyberinsurance Coverage in Construction Industry with Law360
May 24, 2018
Dykema Launches New Privacy and Cybersecurity Blog
May 8, 2018
Van Lindberg Interviewed by WOAI News Radio's CyberTalkRadio
February 3, 2018
Erin Fonté Quoted in deBanked Story on Initial Coin Offerings
November 15, 2017
Erin Fonté Quoted in deBanked About Expansion of Texas Fintechs
June 15, 2017
Charfoos and Fonté Co-Author World Data Protection Report Article on EU-U.S. Privacy Agreement Alternatives
December 29, 2016
Aaron Charfoos Quoted Extensively in ALM Legaltech News Article on DCCC Hacking
August 2, 2016
Tom Alleman Quoted in Business Insurance Article about Presidential Campaign Cyber Hacking
July 31, 2016
Tom Alleman Quoted in Business Insurance Article on Cyber Policy Language
July 17, 2016
Steve Tupper Interviewed in Bloomberg Law Podcast on Vehicle Telematics and Privacy
July 15, 2016
Steve Tupper Discusses Vehicle Blackbox Evidence in Automotive News
May 23, 2016
Charfoos, Feld and Tupper Author Article on Data Privacy and Security
April 27, 2016
Elizabeth Khalil to Speak at the ACI Forum on Cyber Security and Data Privacy & Protection
January 21, 2016
Steve Tupper Authors Article on Upcoming EU Data Regulations for Automotive World
May 28, 2015
Steve Tupper to Lead Panel Discussion on Worldwide Data Privacy at Crain’s General and In-House Counsel Summit
May 1, 2014
S. Christopher (Kit) Winter Authors Inside Counsel Article
April 21, 2014
S. Christopher (Kit) Winter Authors Inside Counsel Article on Australia’s New Privacy Protection Laws
March 24, 2014
S. Christopher (Kit) Winter Authors Inside Counsel Article on NIST’s Cybersecurity Framework
March 7, 2014
S. Christopher (Kit) Winter Authors Series of Inside Counsel Articles on Information Privacy, Data Security
February 24, 2014
Stephen Tupper Named Contributor to Huffington Post Technology
December 27, 2013
Janet Stiven To Share Insights on Cloud Computing Legal Issues at Two Industry Conferences
December 3, 2013
Janet Stiven Authors Inside Counsel Article on Confidentiality and Competence When Using Cloud Services
November 25, 2013
Dykema 2013 Mergers & Acquisitions Outlook Survey Cited in Barron’s Article
November 22, 2013
Janet Stiven Writes Second in Series of Inside Counsel Articles on Cloud Technology
November 15, 2013
Janet Stiven Authors Article for Westlaw Journal Computer and Internet
November 8, 2013
Janet Stiven Authors Cloud Technology Column for Inside Counsel
October 28, 2013
Janet Stiven to Present at 2013 Cloud Connect Conference in Chicago
October 15, 2013
Janet Stiven Quoted in Chicago Lawyer Article on Cloud Computing
August 7, 2013
Janet Stiven Comments on Privacy Issues Spawned by Government Seizure of AP Phone Records
May 17, 2013
Janet Stiven Authors Article on Cloud Computing for CFO.com
May 2, 2013
Janet Stiven to be Panelist at World Services Group Latin American Regional Meeting
March 5, 2013
Janet Stiven to Present at National Association of Women Lawyers Mid-Year Meeting
January 23, 2013
Thirty-Four Dykema Attorneys Named “2013 Top Lawyers” by DBusiness Magazine
November 7, 2012
Dykema Attorney Key Presenter at ICLE 5th Annual IT Law Seminar
September 18, 2012
Eleven Dykema Attorneys Named “Lawyers of the Year” by Best Lawyers in America
September 12, 2012
Four of Dykema's Practices Earn Top 100 Ranking by Law360
February 10, 2012
Under Pressure: Annual Outsourcing Survey Shows Continued Growth in Healthcare Services, but with Resistance Among Some Providers
Modernhealthcare.com
September 8, 2011

Press Releases

Cinthia Motley and Rosa Tumialán Honored in Crain’s 2018 Chicago’s Notable Minority Lawyers List
November 19, 2018
Dykema’s Chicago Office Adds Lindsay S. Henry
August 30, 2018
Five Dykema Attorneys Honored on Crain’s Chicago’s Notable Women Lawyers 2018 List
July 2, 2018
Dykema Adds Cinthia Granados Motley to Co-Lead Its Privacy and Data Security Practice Group
February 5, 2018
Dykema’s Sean Griffin Earns DRI G. Duffield Smith Outstanding Publication Award
July 26, 2017
Steve Tupper Named Lead Legal Officer for Michigan Wing of Civil Air Patrol
June 2, 2015
Dykema Announces Results of 10th Annual Mergers & Acquisitions Outlook Survey
October 30, 2014
Dykema Adds Veteran Intellectual Property Trial Lawyer in Chicago
January 28, 2014
Dykema Announces Results of Ninth Annual Mergers and Acquisitions Outlook Survey
October 30, 2013
Dykema Named Top Corporate Law Firm in Detroit
May 23, 2012

Publications

"Treating ICOs and Cryptocurrencies the Same Way is an Expensive Mistake"
PaymentsSource
September 11, 2018
"Balancing Fourth Amendment Expectations in the Electronic Era"
Business Crimes Bulletin – Law Journal Newsletters
July 2018
"How & Why Smart Systems Present New Legal Challenges"
Texas CEO Magazine
December 2, 2017
"Follow the Money: 4 Lessons in Blockchain Lawsuits"
ACC Docket
October 24, 2017
"Lawyers Need to Pay Attention to Ethical Obligations Following a Data Breach”
Legaltech News
August 9, 2017
"The State of Data Breach Litigation and How to Avoid It"
ALM Law Journal Newsletters: Cybersecurity Law & Strategy Vol. 1, No. 2
May 2017
"Interviewing the Privacy/Data Security Candidate: A Guide for the Non-Expert Hiring Manager"
BloombergBNA Privacy and Security Law Report
March 6, 2017
“EU-U.S. Privacy Shield – Recent Challenges: Impact on the U.S. and What Businesses Need to Know”
World Data Protection Report
December 29, 2016
Hacks, Files, and Ethical Gapes: Attorneys' Liability for Data Breaches
For the Defense
November 2016
“Privacy Shield Update: Companies Are Flocking to New EU-US Data Transfer Agreement”
Point B + Beyond
August 29, 2016
“Automobile Data Recording Is Not An Invasion Of Privacy”
Law360
June 19, 2014
"Pointers to Prevent Departing Employees From Taking Confidential Information"
Inside Counsel
April 4, 2014
"Don't Underestimate Australia's New Privacy Protection Laws"
Inside Counsel
March 21, 2014
"Technology: Dissecting the First Version of the NIST's Cybersecurity Framework"
Inside Counsel
March 7, 2014
"Technology: The Demise of the Reasonable Person"
Inside Counsel
February 21, 2014
"Helping Clients Navigate Uncertain and Rapidly Developing Privacy and Data Security Regulations"
Recent Trends in Privacy and Data Security, Inside the Minds (Aspatore Books)
2013
"Why CFOs Should Oversee Company Cloud Initiatives,"
CFO.com
May 1, 2013

Speaking Engagements

The California Consumer Privacy Act: Why and How It Will Affect Your Business
February 27, 2019
The Illinois Biometric Information Privacy Act (BIPA): Implications in Light of Rosenbach
February 12, 2019
2018 Year in Review: Privacy and Data Security Trends
December 13, 2018
Social Media, Email, Texts and Video Evidence: What to Look For, Where to Find It and How to Get It Admitted
August 28, 2018
The Illinois Biometric Information Privacy Act: Litigation Risks and Best Practices for Employers and Others
March 7, 2018
Key Compliance Issues for 2018
January 24, 2018
GDPR Is Coming – Is Your Company Ready?
October 25, 2017
And Now the Law: Product Liability, Cybersecurity, Privacy, Ethics, Insurance, and Regulatory Compliance, Autonomous Vehicle Safety Regulation World Congress
October 24, 2017
Cybersecurity in Transportation, Federal Bar Association, Transportation and Transportation Security Law Section, Washington, D.C.
September 20, 2017
Ethical Implications of Data Breaches, Association of Transportation Law Professionals Annual Meeting
June 25, 2017
Creating a Culture of Success for the Millennial Generation, DRI Insurance Roundtable
June 16, 2017
What You Don't Know Can Hurt You: Unconscious Bias in Law Practice — How to Recognize and Interrupt It, DRI Diversity for Success Seminar
June 15, 2017
Protecting Your Business and Employees From Data Breaches
May 16, 2017
Cyber Theft (and Regular Theft) of Employee and Company Data
May 5, 2017
Into the Matrix: Cyber/Data Risks and Insurance Issues for Health Care Providers
March 7, 2017
The State of Data Breach Litigation and How to Avoid It
February 21, 2017
Key Compliance Issues for 2017
January 20, 2017
Why Data Privacy Matters: Guarding Against Unwanted Intruders, Carousel of Panels, IASB/IASA/IASBO Joint Annual Conference, Chicago, Illinois
November 19, 2016
Privacy Matters: Advising Companies and Clients on Privacy Matters for the Entertainment and Sports Industries, Black Entertainment and Sports Lawyers Association 36th Annual Conference
October 20, 2016
Post-Data Breach Litigation and Strategies, Mitchell Hamline School of Law
Europe’s General Data Protection Regulation and Privacy Shield, Mitchell Hamline School of Law
Goodbye Safe Harbor, Hello Privacy Shield
July 27, 2016
Protect and Defend: Why Cybersecurity Matters and What You Can Do to Protect Your Organization and Board from Data Breach Risks
April 28, 2016
Key Compliance Issues for 2016
March 16, 2016
Professionals' Liability for Cyber Breach, DRI Professional Liability Seminar, New York, NY
December 4, 2015
Crowdfunding and the IPO On-Ramp
June 5, 2012 (Los Angeles-area)
Crowdfunding and the IPO On-Ramp
May 23, 2012 (Detroit) and May 24, 2012 (Chicago)

Articles & Alerts

Are You at Risk of Having Electronic Data Seized When Traveling Abroad?
December 10, 2018
At Rocket Speed – The California Consumer Privacy Act of 2018 Signed into Law Yesterday
June 29, 2018
“Seismic Shifts in Digital Technology:” Supreme Court Creates Exception to Third-Party Doctrine for Cell-Site Location Information
June 29, 2018
Cayman Islands Seek to Supplement Its Data Protection Law
April 11, 2018
SEC Ratchets Up Cybersecurity Disclosure Requirements
April 5, 2018
W-2 Tax Season Starts Early for Hackers
December 21, 2017
Supreme Court Debates Fourth Amendment Privacy Rights in Carpenter
December 15, 2017
Does the EU’s GDPR Apply to Your Company?
November 2, 2017
Supreme Court to Decide Important Privacy Issue: Is Overseas Data Retrievable Under SCA?
October 20, 2017
Biometric Privacy Litigation on the Rise!
October 5, 2017
Stored Emails and Cell Phone Records: Are They Private?
August 21, 2017
Reducing Ransomware Risks
June 27, 2017
Recent Home Depot Settlement a Reminder of Data Breach Ramifications and Importance of Risk Mitigation Policies and Procedures
March 31, 2017
Phishing Scams on the Rise: How You Can Avoid the Breach
March 2, 2017
The Point of Retrieval or the Point of Disclosure: Federal Magistrate Judge Rules Contrary to Second Circuit’s Microsoft Stored Communications Act Warrant Case
February 23, 2017
DOJ Asks Second Circuit to Reconsider Microsoft Warrant Decision
October 31, 2016
You Can Run, but You Can’t Hide: OCR Announces Increased Investigation of Small HIPAA Breaches
September 9, 2016
Court of Appeal Denies Production of Emails Stored Abroad
July 19, 2016
Cross-Border Data Transfers: Privacy Shield Is About to Go Live
July 14, 2016
SEC’s Focus on Enforcing Data Security Safeguards Continues: Lessons Learned from its $1M Fine of Morgan Stanley
June 15, 2016
Illinois Strengthens Data Breach Notification Statute
June 1, 2016
Three Recent OCR Actions Demonstrate That HIPAA Enforcement Is Alive and Well
March 23, 2016
ASUS Settlement: FTC Continues to Focus on Privacy and Data Security Enforcement
March 2, 2016
The New EU-US Privacy Shield—Still Some Fuzzy Details
February 2, 2016
US/EU Safe Harbor Struck Down: The Game Just Changed for European Data Transfers to the US
October 6, 2015
Location, Location: DOJ Authority to Obtain Emails Stored in Foreign Locations is Affirmed
August 19, 2014
Federal Court Upholds Broad FTC Authority to Regulate Data Security Standards
April 11, 2014
Cybersecurity Framework “Best Practices” Released: What You Need to Know
February 18, 2014
FTC Seeks Broader Cyber-Authority to Impose Civil Penalties
December 19, 2013
Cybersecurity Alert: Proposed Framework Adoption Incentives Leading Way to Cyber Compliance Program
August 14, 2013
Business Law Quarterly—Fall 2012
Business Law Quarterly—First Quarter 2012
Massachusetts Privacy Standards Eliminate Third Party Vendor Personal Information Exemption
March 1, 2012
Business Law Quarterly—Fourth Quarter 2011
Business Law Quarterly—Third Quarter 2011
Business Law Quarterly—First Quarter 2011

Privacy and Data Security

Contacts

Professionals

Related Practices

Related Industries