Jenner & Block

Data Privacy and Cybersecurity


We offer comprehensive counseling on privacy and data security issues, as well as performing policy audits related to relevant legislation, developing customized compliance programs and, when necessary, providing litigation representation. We have advised various clients on regulatory and compliance matters across the spectrum of privacy laws, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Children's Online Privacy Protection Act, the Electronic Communications Privacy Act, HIPAA, HITECH and the California Consumer Privacy Act.  Representative matters include:

  • Advised and assisted a major online company in organizing its electronic assets, systematizing its use of customer, web, and vendor data, and establishing standardized procedures for the introduction of new products or services.  We assisted in privacy reviews of potential acquisitions, and facilitated the development of new online behavioral advertising expertise.  Additional advice was provided on compliance with payment card industry data security standards (PCI-DSS), Children’s Online Privacy Protection Act, Telephone Consumer Protection Act, California legislation and the European Union Data Protection Directive and cross border data transfers.
  • Advised a large communications and entertainment company in its review and assessment of multiple new online assets, counseled on use of mobile application data, including geolocation and video streaming, and, counseled on establishing company-wide transparency standards.  We reviewed and revised their privacy policy and terms of use.  We also counseled the client in potential data breach scenarios, and reviewed and revised their data breach notification plan.  We provided compliance counseling related to the Children’s Online Privacy Protection Act, the Video Privacy Protection Act and California legislation and we advised the client in its development of internal cybersecurity incident response plans.
  • Assisted a major media and entertainment company in developing and establishing a Data Governance Council to encompass holistic data governance decisions including use of customer data, mobile application data and advertising data.  We continue to counsel the client on how its Council’s decisions can be implemented.  We provided additional advice on compliance with the Children’s Online Privacy Protection Act, Video Privacy Protection Act, California legislation and the European Union Data Protection Directive and US/EU Safe Harbor. 
  • We assisted a global media and entertainment company in a wide range of privacy counseling matters, including assessment of COPPA compliance, compliance with self-regulatory regimes, and evaluations of potential acquisitions.  We assisted in a review of their policies and procedures. We provided in depth counseling on video and audio recording in public places, TCPA, PCI DSS compliance, use of biometric information and the Internet of things. 
  • Counseled a major trade association on cybersecurity vulnerabilities in health care and public health, development of an association-wide educational campaign on cybersecurity and development of standards following the 2013 Executive Order on Cybersecurity.  We also assisted in the development of privacy policy and terms of use for a social media platform and information exchange.  We reviewed and revised policies and procedures on information governance.
  • Advised an electric utility holding company on a wide range of privacy and cybersecurity issues, including reviewing and revising their data breach notification plans, assisting in analyzing potential data breaches, developing a strategy to implement a comprehensive privacy program, and review of potential privacy and cybersecurity regulations.  We also have advised the client on how to obtain effective cyber insurance and reviewed and prioritized options.
  • Provide ongoing advice to an online advertising specialty company regarding data privacy practices in the online advertising sector – specifically with respect to innovative mobile advertising practices.
  • Advised a global gaming industry company regarding multi-faceted international data transfers and the international data protection obligations for those transfers.  We also counseled the client with respect to its internal auditing and testing of its data practices.
  • Assisted a large financial services industry company through a complex data breach involving multiple clients’ data with affected individuals in all 50 states.  We handled all aspects of the breach and mitigation procedures, including liaising with multiple state officials.  We also conducted a thorough review of the client’s data breach and escalation policy.
  • Counseled the parent company and the subsidiaries of a large leisure industry company on a wide range of privacy and data security issues.  We counseled on the collection and use of health-related information and Children’s Online Privacy Protection Act.  In addition, we advised on potential data breaches, and counseled on the privacy considerations related to sale and acquisition of assets.   
  • Defended entertainment industry clients against claims under the Electronic Communications Privacy Act and state laws related to antipiracy investigations.
  • Defended Internet service providers in putative class actions claiming violations of the Electronic Communications Privacy Act and other privacy-related laws in connection with the use of data to provide targeted advertising to ISP customers.
  • Worked closely with transactional lawyers to counsel clients with respect to privacy obligations as part of mergers and other transactions.
  • Provided testimony before the U.S. Congress, California and other state legislatures on privacy-related legislation.
  • Represented a subsidiary of a large utility holding company in connection with a class action arising under the TCPA.
  • Represented one of the largest debt buying companies in the United States, in a multidistrict litigation in the Southern District of California that encompasses multiple TCPA class actions.  The complaints allege that our client violated the TCPA by using an automatic telephone dialing system to place calls to consumers’ cell phones.
  • Represented a mortgage lending company in a TCPA class action pending in federal court in Missouri based on allegations of the unlawful transmission of unsolicited faxes.