Our Information Privacy & Security Practice Group has the expertise and experience to help clients navigate the dynamic legal landscape surrounding data privacy and security.
Whether its customer data, consumer data, employee data, or data shared between businesses, Tonkon Torp understands the value of data as an important business asset.
Our team can assist with a variety of data privacy and cybersecurity related issues to mitigate the risk of noncompliance with applicable laws and industry standards that regulate the collection, use, storage, commoditization, disclosure, transfer, protection, and proper disposal of personal data.
Compliance. We assist our clients in complying with laws governing the management and security of business data. We assist clients in:
- Evaluating applicable state, federal, and international privacy and security laws, including laws involving customer data, employee data, children’s information, financial information, and health information.
- Compliance with various industry-specific privacy laws, including but not limited to Reg-SP, Gramm-Leach Bliley, the FTC Safeguards Rule, and HIPPA.
- Auditing internal information security programs and policies.
- Developing programs and policies to internally govern the collection, storage, access, transfer, use, disclosure, and disposal of information in accordance with applicable laws.
- Data mapping to track what data is collected for what purposes.
- Preparing privacy policies, privacy notices, and terms of use for websites, mobile applications, software-as-a-service products, and more.
- Preparing IT policies and procedures.
- Reviewing the data policies and practices of other parties with whom our clients do business and share data to assess compliance with applicable laws.
- Evaluating consumer data rights requests.
- Developing “Red Flags Rule” identity theft prevention programs.
- Working with counsel in other jurisdictions regarding compliance with privacy laws worldwide.
Data Breach Mitigation & Response. We assist our clients in mitigating the risk and of and responding to data breach incidents by:
- Evaluating applicable state, federal, and international data breach laws.
- Managing response action, including advising on required notifications in compliance with applicable laws.
- Developing data management policies, including electronic media and mobile device policies for employee handbooks and compliance manuals.
- Providing training on information privacy and security.
- Referring our clients to data security vendors and information technology forensics vendors.
Data-Driven Marketing & Advertising. We advise on a variety of issues surrounding:
- Promotional text message or SMS communications.
- Targeted or behavioral advertising.
- Email marketing.
- Artificial intelligence tools.
- Promotional or advertising opt-out requirements.
Contractual Obligations and Negotiations. We assist our clients in:
- Preparing and negotiating contracts involving data (including business associate agreements).
- Negotiating confidentiality and non-disclosure agreements that specifically address data security concerns.
- Drafting, evaluating, and negotiating information privacy and security terms in a variety of contracts.
- Advising on information privacy and security issues in corporate transactions.
Litigation. We also represent clients in litigation when necessary. Our experienced litigators assist clients with:
- Consumer protection litigation.
- Electronic discovery matters related to information security and privacy legal requirements.
- Class action data breach litigation.
- Governmental investigation and enforcement actions.
Services + Industries
Department
Bar Admission
Schools
Languages
Representative Matters
Confidentiality and Non-Disclosure Agreements
Represented consumer service provider and retail company in drafting and negotiating a confidentiality and non-disclosure agreement with a vendor engaged in collecting and processing consumer personal information on behalf of governmental or public entities for consumer licensing purposes.
Data Security Breach Response
Assisted clients with evaluating and responding to data breach incidents, including managing forensic investigations, drafting notifications to affected individuals, and monitoring compliance following breach.
Data Security Class Action
Represented locally owned business in response to consumer class action; negotiated and implemented successful resolution.
Data Security Investigation
Represented regional business in response to joint investigations by Oregon Department of Justice and Washington Attorney General following data security incident; negotiated successful resolution for client.
FTC Safeguard Rule Compliance
Advised numerous financial institutions in complying with requirements under FTC Safeguards Rule through work that included the drafting and implementation of written information security programs and related policies.
Directed Marketing and Online Services
Represented nonprofit foundation in auditing and revising an online service provided to consumers, as well as the terms of use, privacy policy, and data collection, data sharing, and marketing practices related to the online service for compliance with various information privacy, security, and consumer protection laws and regulations.
Information Security Program Toolkit Development
Developed and drafted a comprehensive information security program toolkit for use by a financial services company client and its business partners, including business partners in the insurance industry.
Master Professional Services Agreements
Represented consulting company in negotiating master professional services agreements involving the consulting company's handling and analysis of highly sensitive, consumer financial information for its financial institution clients.
Online Advertising and Website Compliance
Represented children’s products retailer in auditing and revising its website, online marketing practices, and website privacy policy and terms of use for compliance with various information privacy, security, and consumer protection laws and regulations, including the Children’s Online Privacy Protection Act (COPPA).
Purchase of Websites and Online Businesses
Represented purchaser in acquiring websites and online businesses with known intellectual property, licensing, and regulatory compliance issues related to information privacy, security, and consumer protection matters; assisted purchaser in correcting such issues post-closing.
Services + Industries
Contact us or sign up for emails on all of our news and events.
We encourage you to contact us if you have further questions about our firm or our experience. For your protection, we cannot represent you until we know that doing so will not create a conflict of interest. Accordingly, please do not send us any confidential or secret information about any matter that may involve you until you receive a written statement from us that we represent you (an engagement letter).
If after browsing this web site you are unsure which lawyer you should contact, please call us at 503.221.1440.