Morris, Manning & Martin’s Privacy Practice provides a broad spectrum of specialized services which pull from several key practices including Insurance, Healthcare, Financial Services, Technology, and Intellectual Property.  We recognize that the flow of information between businesses, consumers, and third-party vendors is becoming increasingly faster and more difficult to protect.  While the vast array of data presents numerous opportunities and advantages, it also presents tremendous risks and exposure to potential liabilities.

OVERVIEW

The means by which we communicate information has exploded in the past few decades and as each channel becomes available, the rules for protecting them must be created and the exposures they reveal must be examined.  Clients need experienced, responsive counsel to help make sense of the opportunities and issues these channels present, as well as provide an understanding of the different rules associated with each, developing appropriate policies, and handling potential data breaches.

MMM’s Privacy Practice assists businesses of all sizes and types with:

• Comprehending relevant privacy and data security issues
• Assisting with regulatory examinations and audits 
• Developing policies and procedures to comply with state and federal consumer privacy and data security laws
• Drafting and negotiating privacy and data security provisions in service provider contracts and other such agreements 
• Evaluating new products and programs to ensure compliance with consumer privacy and data security laws 
• Performing regulatory due diligence for mergers and acquisitions
• Responding to security incidents involving personal information
• Reviewing the use of consumer information for marketing purposes for compliance with applicable law
• Addressing privacy and data security obligations and liabilities in contracts with third-party vendors
• Appropriately utilizing social media and other web and telecommunications-based marketing channels
• Implementing compliant document management and data retention plans
• Handling data breaches, privacy complaints, and litigation
• Responding to government subpoenas and wiretap requests
• Defending regulatory enforcement actions by the Federal Trade Commission (FTC), Federal Communications Commission (FCC), and various state Attorneys General

Our lawyers regularly analyze and apply the following laws to specific industries and circumstances: the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Fair & Accurate Credit Transactions Act (FACTA), the Health Insurance Portability & Accountability Act (HIPAA), the Health Information Technology for Economic & Clinical Health Act (HITECH), the CAN-SPAM Act (controlling unsolicited pornography and marketing messages sent to computers and wireless devices), the Drivers Privacy and Protection Act, the Telephone Consumer Protection Act, and the Genetic Information Nondiscrimination Act.  We also routinely advise clients with regard to state security breach notification laws and other state laws dealing with the privacy and security of personal information.

Areas in which MMM provides specific advice pertaining to privacy include:

PRIVACY OF CONSUMER INFORMATION

Businesses must be hyper-cognizant of regulations concerning the protection of consumers’ personally identifiable information (PII), particularly those within the healthcare and insurance industries.  Those that collect, use, and store PII – such as names, addresses, phone numbers, account numbers, credit information, and social security numbers – are subject to an increasing number of state and federal laws and regulations that require privacy notices to consumers, patients, employees, and the rigorous protection of PII. Noncompliance with these requirements, as well as data breaches resulting in sensitive information being released to unauthorized persons, can result in substantial fines, penalties and other legal liability, as well as public relations concerns.

Businesses are also subject to a plethora of regulations concerning marketing practices.  We regularly counsel clients on the CAN-SPAM Act, Do Not Call and Telemarketing Sales laws, among others, analyzing whether existing and prospective advertising campaigns and promotions are fully compliant.  MMM’s lawyers are also experienced with the unique issues presented by new media outlets such as social networking sites, blogs, and mobile advertising, and we advise businesses on how to protect themselves while taking advantage of powerful, new communication tools.

PRIVACY OF HEALTHCARE INFORMATION

We regularly counsel clients on healthcare-related privacy regulations, such as those mandated by the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH provisions of the American Reinvestment and Recovery Act of 2009, which imposes civil and criminal penalties for mishandling medical records upon healthcare providers and the many businesses that support them.

PRIVACY OF FINANCIAL INFORMATION

MMM counsels clients regarding the rapidly evolving body of regulations aimed at protecting financial information.  Under FTC regulations adopted pursuant to the Gramm-Leach-Bliley Act, companies that offer financial products or services to individuals (consumer lending, tax preparation, financial advice or credit counseling, residential real estate settlement, and consumer debt collection) must comply with the Financial Privacy Rule, Safeguards Rule, and antipretexting provisions.  The FTC’s “Red Flags Rule” requires virtually every business that extends credit to consumers to develop and implement written identity theft prevention programs.  We are experienced in helping businesses understand their obligations and developing practical compliance methods.

WORKPLACE PRIVACY

Our Privacy Practice is experienced with analyzing the internal practices of large and small employers, and the steps taken to maintain privacy compliance in the workplace.  We advise employers on the development of systematic and consistent data protection policies across various company functions, such as the implementation of effective staff training to increase sensitivity to data privacy concerns and the maintenance of physical and technological safeguards for sensitive data, such as passwords, encryption, and data retention/destruction policies.  Equally important, we advise employers regarding workplace monitoring and searches, the handling of medical records, employees’ personal use of office technology (e-mail, computers, phones), and social media.

BREACH MANAGEMENT AND LITIGATION

The evolution of privacy regulations has been paralleled by a significant increase in the penalties associated with breaches of privacy.  The price of a compromise of confidential information is steep – it can result in fines reaching millions of dollars along with significant public relations and customer service challenges.  The lawyers in our Privacy Practice offer a wealth of experience guiding clients through such situations, managing them in the most effective way possible to minimize damages, and correcting mistakes to ensure future compliance.

REPRESENTATIVE CLIENT MATTERS

MMM lawyers have advised clients on a wide variety of privacy and data security matters, including the following:

• Advised employers with respect to the effect of HIPAA privacy rules on their health plans, including drafting notices, policies, procedures, and plan amendments and reviewing and negotiating business associate contracts
• Prepared privacy policies, website terms of use, blog terms of use, and customer terms and conditions for multiple website operators
• Advised multiple clients regarding compliance with the FTC’s “Red Flags Rule” 
• Counseled numerous clients on changes to telemarketing campaigns (telephone and text messaging) to comply with federal telemarketing laws, including the Do Not Call, Telemarketing Sales and “robocalls” rules
• Drafted employment policies regarding workplace monitoring and searches, medical records, data protection, technology (e-mail, computers, phones), and social media
• Drafted and litigated disputes arising under confidentiality and nondisclosure agreements
• Advised regarding employment-related rights and obligations under the Fair Credit Reporting Act
• Advised multiple Internet service providers regarding behavioral advertising and FTC consumer privacy rules
• Served as regulatory counsel for privacy and data security issues to well-known broadband providers
• Developed and reviewed Customer Proprietary Network Information (CPNI)-compliant privacy policies and procedures for multiple regulated telephone and VoIP providers, including preparing call center scripts, customer notices, and annual compliance certifications
• Developed CALEA SSI (Communications Assistance for Law Enforcement Act) manuals addressing federal wiretap requests and counseled on subpoena compliance for numerous telecommunications, Internet, and VoIP providers
• Advised on federal and state call monitoring/recording requirements for client call centers and telemarketing
• Counseled clients on federal and state privacy law compliance in responding to government requests for consumer documents and information
• Defended clients in Do Not Call investigations by state and federal government agencies
• Advised telecommunications companies on the use of Automatic Number Identification (ANI), Calling Party Number (CPN), Calling Party Name, and Billing Name and Address (BNA) in compliance with federal regulations