Information Privacy & Security
Tonkon Torp advises businesses on the management and security of personal data in compliance with domestic and international laws. We help our clients navigate the digital age of business and technology, taking measures to protect against loss or unauthorized access to sensitive information.

Our information privacy and security group has the expertise and experience to help clients understand and comply with the laws and industry standards that regulate the collection, use, sharing, protection and proper disposal of personal data.

We counsel clients regarding:
  • Development of programs and policies governing storage, access, transfer, use, disclosure and disposal of information subject to state or federal privacy and security laws
  • Audits of information security programs and policies
  • Preparation of website privacy policies and terms of use
  • Data breach response and notifications, including compliance with applicable state and federal laws
  • Online and email advertising and behavioral marketing
  • Guidance on foreign privacy law requirements
  • Development of "Red Flags Rule" identity theft prevention programs
  • Preparation and negotiation of vendor agreements involving personal information (including business associate agreements)
  • Negotiation of confidentiality and non-disclosure agreements
  • Information privacy and security issues and contract terms in corporate transactions
  • Matters involving children's information and privacy
  • Matters involving financial information and privacy
  • Matters involving health information and privacy
  • Preparation of privacy notices to consumers
  • Development of electronic media and mobile device policies (for employee handbooks and compliance manuals)
  • Training on information privacy and security
  • Review of vendor policies
  • Referrals for data security vendors and information technology forensics vendors

We also represent clients in litigation when necessary. Our experienced litigators assist clients with:
  • Consumer protection litigation
  • Electronic discovery matters related to information security and privacy legal requirements
  • Data breach litigation

Confidentiality and Non-Disclosure Agreements

Represented consumer service provider and retail company in drafting and negotiating a confidentiality and non-disclosure agreement with a vendor engaged in collecting and processing consumer personal information on behalf of governmental or public entities for consumer licensing purposes.

Data Security Breach Response

Assisted businesses with evaluating and responding to data breach, including drafting notifications to affected individuals and monitoring compliance following breach.

Data Security Breach Response (Nonprofit)

Assisted an organization in analyzing a potential data security breach incident and drafted a notification letter in compliance with applicable law whose information may have been affected by the incident.

Directed Marketing and Online Services

Represented non-profit foundation in auditing and revising an online service provided to consumers, as well as the terms of use, privacy policy, and data collection, data sharing and marketing practices related to the online service for compliance with various information privacy, security and consumer protection laws and regulations.

Information Security Program Toolkit Development

Developed and drafted a comprehensive information security program toolkit for use by a financial services company client and its business partners, including business partners in the insurance industry.

Master Professional Services Agreements

Represented consulting company in negotiating master professional services agreements involving the consulting company's handling and analysis of highly sensitive, consumer financial information for its financial institution clients.

Online Advertising and Website Compliance

Represented children's products retailer in auditing and revising its website, online marketing practices, and website privacy policy and terms of use for compliance with various information privacy, security and consumer protection laws and regulations, including the Children's Online Privacy Protection Act ("COPPA").

Purchase of Websites and Online Businesses

Represented purchaser in acquiring websites and online businesses with known intellectual property issues, licensing issues and regulatory compliance issues related to information privacy, security and consumer protection matters, and assisted purchaser in correcting such issues post-closing.

Privacy Law Review

Join our Information Privacy Group on Thursday, December 17, 12:00 PM, for an update on the ever-changing privacy law landscape. As laws continue to change and new ones are implemented, it is important for your business to stay in the know and…
Read More

Parna Mehrbani Delivers Keynote to Law Students at OLIO Event

Tonkon Torp partner Parna Mehrbani was a keynote speaker at the Opportunities for Law in Oregon (OLIO) August 7 virtual event hosted by the Oregon State Bar.
Read More

Parna Mehrbani Presents the Case for a Diverse Workforce

Partner Parna Mehrbani was the closing speaker at Tonkon Torp’s Annual Labor & Employment Event, held virtually on June 9. Parna focused her talk on recommendations for what employers can do to encourage inclusiveness and retain employees of color.
Read More

Parna Mehrbani Honored with Multnomah Bar Association Diversity Award

On May 19, Tonkon Torp partner Parna Mehrbani was honored with the 2021 Multnomah Bar Association (MBA) Diversity Award in recognition of her commitment to fostering and promoting diversity, equity, and inclusion (DEI) in the legal profession.
Read More

Parna Mehrbani Speaks about Imposter Syndrome on Mentally Together Podcast

Tonkon Torp attorney Parna Mehrbani was the featured guest on Episode 13 of Mentally Together, a podcast hosted by Portland media personality Cassidy Quinn.
Read More

Parna Mehrbani Leads Discussion Series on Imposter Syndrome for Lawyers and Law Students

Tonkon Torp partner Parna Mehrbani facilitated another four-part discussion series on Imposter Syndrome hosted by Oregon Women Lawyers.
Read More

Parna Mehrbani Hosts Privacy Law Briefing

On December 17, Tonkon Torp partner Parna Mehrbani hosted a comprehensive review of Privacy Law in 2020, which included a look ahead to pending legislation.
Read More

Tonkon Torp Attorneys Host Briefing for Greater Portland Compliance Association

Tonkon Torp hosted a virtual informational session for the Greater Portland Compliance Association (GPCA). Attorneys from Tonkon Torp’s Financial Services & Investment Management and Information Privacy & Security groups provided a comprehensive…
Read More

Parna Mehrbani Named Woman of Vision by Daily Journal of Commerce

Tonkon Torp attorney Parna Mehrbani has been named by the Daily Journal of Commerce as a 2019 Woman of Vision. Parna was honored among 44 women, from such industries as architecture, engineering, construction, and fields related to building.
Read More

Parna Mehrbani Covers Professionalism with the Deschutes County Bar Association

Tonkon Torp partner Parna Mehrbani spoke to members of the Deschutes County Bar Association on the topic of professionalism.
Read More

Parna Mehrbani and Eric Beach Brief Businesses on California Consumer Privacy Act

Tonkon Torp attorneys Parna Mehrbani and Eric Beach continued their series of briefings to introduce the California Consumer Privacy Act (CCPA) to the Portland business community. The CCPA is a sweeping consumer privacy law that goes into effect on…
Read More


Read More
Parna  Mehrbani
Practice Area Co-Chair

Parna Mehrbani


Steven  Wilker
Practice Area Co-Chair

Steven Wilker