Information Privacy & Security

Our Information Privacy & Security Practice Group has the expertise and experience to help clients navigate the dynamic legal landscape surrounding data privacy and security.

 

Whether its customer data, consumer data, employee data, or data shared between businesses, Tonkon Torp understands the value of data as an important business asset.

 

 

 

Our team can assist with a variety of data privacy and cybersecurity related issues to mitigate the risk of noncompliance with applicable laws and industry standards that regulate the collection, use, storage, commoditization, disclosure, transfer, protection, and proper disposal of personal data.

Compliance. We assist our clients in complying with laws governing the management and security of business data. We assist clients in:

  • Evaluating applicable state, federal, and international privacy and security laws, including laws involving customer data, employee data, children’s information, financial information, and health information.
  • Compliance with various industry-specific privacy laws, including but not limited to Reg-SP, Gramm-Leach Bliley, the FTC Safeguards Rule, and HIPPA.
  • Auditing internal information security programs and policies.
  • Developing programs and policies to internally govern the collection, storage, access, transfer, use, disclosure, and disposal of information in accordance with applicable laws.
  • Data mapping to track what data is collected for what purposes.
  • Preparing privacy policies, privacy notices, and terms of use for websites, mobile applications, software-as-a-service products, and more.
  • Preparing IT policies and procedures.
  • Reviewing the data policies and practices of other parties with whom our clients do business and share data to assess compliance with applicable laws.
  • Evaluating consumer data rights requests.
  • Developing “Red Flags Rule” identity theft prevention programs.
  • Working with counsel in other jurisdictions regarding compliance with privacy laws worldwide.

Data Breach Mitigation & Response. We assist our clients in mitigating the risk and of and responding to data breach incidents by:

  • Evaluating applicable state, federal, and international data breach laws.
  • Managing response action, including advising on required notifications in compliance with applicable laws.
  • Developing data management policies, including electronic media and mobile device policies for employee handbooks and compliance manuals.
  • Providing training on information privacy and security.
  • Referring our clients to data security vendors and information technology forensics vendors.

Data-Driven Marketing & Advertising. We advise on a variety of issues surrounding:

  • Promotional text message or SMS communications.
  • Targeted or behavioral advertising.
  • Email marketing.
  • Artificial intelligence tools.
  • Promotional or advertising opt-out requirements.

Contractual Obligations and Negotiations. We assist our clients in:

  • Preparing and negotiating contracts involving data (including business associate agreements).
  • Negotiating confidentiality and non-disclosure agreements that specifically address data security concerns.
  • Drafting, evaluating, and negotiating information privacy and security terms in a variety of contracts.
  • Advising on information privacy and security issues in corporate transactions.

Litigation. We also represent clients in litigation when necessary. Our experienced litigators assist clients with:

  • Consumer protection litigation.
  • Electronic discovery matters related to information security and privacy legal requirements.
  • Class action data breach litigation.
  • Governmental investigation and enforcement actions.

Search Name Keyword
Last Name Alpha Select
  • All
  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W

Services + Industries

Services + Industries

Department

Department

Bar Admission

Bar Admission

Schools

Schools

Languages

Languages
Partner
Alex
Tinker
503.802.5734
alex.tinker@tonkon.com
Litigation Paralegal
Amanda
Ulrich
503.802.2106
amanda.ulrich@tonkon.com
Of Counsel
Joseph
Voboril
503.802.2009
joe.voboril@tonkon.com
Associate
Alexandria
Wagner-Jakubiak
503.802.5748
alexandria.wagner@tonkon.com
Labor & Employment Paralegal
Caryl
Walker
503.802.2105
caryl.walker@tonkon.com
Of Counsel
Michele
Wasson
503.802.2111
michele.wasson@tonkon.com
3549
Partner
Frank
Weiss
503.802.2051
frank.weiss@tonkon.com
3503, 3539, 3541, 3545, 3547, 3551
Partner
Steven
Wilker
503.802.2040
steven.wilker@tonkon.com
Partner
Michael
Willes
503.802.5737
michael.willes@tonkon.com
Associate
Lindsay
Willson
503.802.5751
lindsay.willson@tonkon.com
Partner
Jeffrey
Woodcox
503.802.2039
jeffrey.woodcox@tonkon.com
Partner
Zachary
Wright
503.802.2041
zach.wright@tonkon.com
Immigration Paralegal
Roger
Wykes
503.802.2096
roger.wykes@tonkon.com

Representative Matters

Confidentiality and Non-Disclosure Agreements

Represented consumer service provider and retail company in drafting and negotiating a confidentiality and non-disclosure agreement with a vendor engaged in collecting and processing consumer personal information on behalf of governmental or public entities for consumer licensing purposes.

Data Security Breach Response

Assisted clients with evaluating and responding to data breach incidents, including managing forensic investigations, drafting notifications to affected individuals, and monitoring compliance following breach.

Data Security Class Action

Represented locally owned business in response to consumer class action; negotiated and implemented successful resolution.

Data Security Investigation

Represented regional business in response to joint investigations by Oregon Department of Justice and Washington Attorney General following data security incident; negotiated successful resolution for client.

FTC Safeguard Rule Compliance

Advised numerous financial institutions in complying with requirements under FTC Safeguards Rule through work that included the drafting and implementation of written information security programs and related policies.

Directed Marketing and Online Services

Represented nonprofit foundation in auditing and revising an online service provided to consumers, as well as the terms of use, privacy policy, and data collection, data sharing, and marketing practices related to the online service for compliance with various information privacy, security, and consumer protection laws and regulations.

Information Security Program Toolkit Development

Developed and drafted a comprehensive information security program toolkit for use by a financial services company client and its business partners, including business partners in the insurance industry.

Master Professional Services Agreements

Represented consulting company in negotiating master professional services agreements involving the consulting company's handling and analysis of highly sensitive, consumer financial information for its financial institution clients.

Online Advertising and Website Compliance

Represented children’s products retailer in auditing and revising its website, online marketing practices, and website privacy policy and terms of use for compliance with various information privacy, security, and consumer protection laws and regulations, including the Children’s Online Privacy Protection Act (COPPA).

Purchase of Websites and Online Businesses

Represented purchaser in acquiring websites and online businesses with known intellectual property, licensing, and regulatory compliance issues related to information privacy, security, and consumer protection matters; assisted purchaser in correcting such issues post-closing.

Services + Industries

Services + Industries

Contact us or sign up for emails on all of our news and events.

We encourage you to contact us if you have further questions about our firm or our experience. For your protection, we cannot represent you until we know that doing so will not create a conflict of interest. Accordingly, please do not send us any confidential or secret information about any matter that may involve you until you receive a written statement from us that we represent you (an engagement letter).

If after browsing this web site you are unsure which lawyer you should contact, please call us at 503.221.1440.