The US Privacy and Data Security section covers compliance with a vast array of US federal and state privacy and information management laws. At the federal level, such laws are predominantly sector-specific and include the Gramm-Leach-Bliley Financial Services Modernization Act, the Health Insurance Portability and Accountability Act (HIPAA), the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act and the Children’s Online Privacy Protection Act (COPPA). At the state level, a particularly notable area is advice on data security breaches and on the ramifications and requirements of various state data breach notification laws. Such data security breaches can also attract the attention of various state Attorneys General and federal bodies such as the FTC, which can lead to firms being required to represent clients in investigations, enforcement actions or litigation. Work of an international nature can include advising clients with multinational operations on data security issues relating to cross-border transfers of data, such as in large-scale outsourcing transactions involving several countries, and on global or multi-jurisdictional privacy compliance programmes.
