Noel Allen

Data Privacy & Security

Allen & Pinnix, P.A. advises corporations, government agencies, and nonprofit organizations on compliance with state, federal, and foreign data privacy and protection laws. Legal obligations regarding data protection vary widely by jurisdiction in the United States and elsewhere. These obligations are of particular importance to organizations operating across multiple jurisdictions, or transferring information across jurisdictions.

Data privacy and protection regulation encompasses cyber security legislation, laws establishing the "right to be forgotten" online, and privacy and disclosure obligations for businesses, governments, and nonprofit organizations collecting and transferring personal data online. This area of the law is rapidly evolving, with new and expanded data protection obligations on the horizon in the European Union as well as an ever-changing patchwork of data protection laws across U.S. jurisdictions.

Our Areas of Expertise

Two of our attorneys, Nathan Standley and Brenner Allen,* are Certified Information Privacy Professionals (CIPP/US). Our firm is experienced assisting clients with data privacy and data security, including:

• Drafting and implementing privacy policies for use in e-commerce
• Designing data protection, retention, and destruction policies
• Advising health care providers and related entities regarding Health Insurance Portability and Accountability Act (HIPAA) compliance
• Drafting informed consent documents for consumer and business-to-business use
• Assisting clients that do business internationally on compliance with European Union data protection and data transfer law, including safe harbor arrangements
• Advising clients on complying with the Fair and Accurate Credit Transactions Act (FACTA) Red Flags regulation
• Helping clients understand and navigate state unfair and deceptive acts and practices laws
• Ensuring compliance with other state and federal laws, including the Gramm-Leach-Bliley Act, the Electronic Communications Privacy Act, the Fair Credit Reporting Act, the Children’s Online Privacy Protection Act, the Telephone Consumer Protection Act, and FACTA

Responding To a Breach or an Investigation

It is vital that your organization respond appropriately when informed of an investigation into your data practices.  Failure to do so could jeopardize your customers’ and partners’ confidence in your business and paralyze your ability to continue operation.  Allen & Pinnix, P.A. can assist you in each step of the investigation and help you avoid costly litigation.

Even if a government investigation is not imminent, you may have significant obligations as a result of a potential or actual breach of your customers’ personal information.  There are extensive federal and state laws and regulations that may be implicated when personal information is accessed in a security breach. While the best strategy is prevention through education and effective security measures, responding to a breach should not be undertaken without turning to experienced counsel.