Information Privacy & Security
Tonkon Torp advises businesses on the management and security of personal data in compliance with domestic and international laws. We help our clients navigate the digital age of business and technology, taking measures to protect against loss or unauthorized access to sensitive information.

Our information privacy and security group has the expertise and experience to help clients understand and comply with the laws and industry standards that regulate the collection, use, sharing, protection and proper disposal of personal data.

We counsel clients regarding:
  • Development of programs and policies governing storage, access, transfer, use, disclosure and disposal of information subject to state or federal privacy and security laws
  • Audits of information security programs and policies
  • Preparation of website privacy policies and terms of use
  • Data breach response and notifications, including compliance with applicable state and federal laws
  • Online and email advertising and behavioral marketing
  • Guidance on foreign privacy law requirements
  • Development of "Red Flags Rule" identity theft prevention programs
  • Preparation and negotiation of vendor agreements involving personal information (including business associate agreements)
  • Negotiation of confidentiality and non-disclosure agreements
  • Information privacy and security issues and contract terms in corporate transactions
  • Matters involving children's information and privacy
  • Matters involving financial information and privacy
  • Matters involving health information and privacy
  • Preparation of privacy notices to consumers
  • Development of electronic media and mobile device policies (for employee handbooks and compliance manuals)
  • Training on information privacy and security
  • Review of vendor policies
  • Referrals for data security vendors and information technology forensics vendors

We also represent clients in litigation when necessary. Our experienced litigators assist clients with:
  • Consumer protection litigation
  • Electronic discovery matters related to information security and privacy legal requirements
  • Data breach litigation

Confidentiality and Non-Disclosure Agreements

Represented consumer service provider and retail company in drafting and negotiating a confidentiality and non-disclosure agreement with a vendor engaged in collecting and processing consumer personal information on behalf of governmental or public entities for consumer licensing purposes.

Data Security Breach Response

Assisted businesses with evaluating and responding to data breach, including drafting notifications to affected individuals and monitoring compliance following breach.

Data Security Breach Response (Nonprofit)

Assisted an organization in analyzing a potential data security breach incident and drafted a notification letter in compliance with applicable law whose information may have been affected by the incident.

Directed Marketing and Online Services

Represented non-profit foundation in auditing and revising an online service provided to consumers, as well as the terms of use, privacy policy, and data collection, data sharing and marketing practices related to the online service for compliance with various information privacy, security and consumer protection laws and regulations.

Information Security Program Toolkit Development

Developed and drafted a comprehensive information security program toolkit for use by a financial services company client and its business partners, including business partners in the insurance industry.

Master Professional Services Agreements

Represented consulting company in negotiating master professional services agreements involving the consulting company's handling and analysis of highly sensitive, consumer financial information for its financial institution clients.

Online Advertising and Website Compliance

Represented children's products retailer in auditing and revising its website, online marketing practices, and website privacy policy and terms of use for compliance with various information privacy, security and consumer protection laws and regulations, including the Children's Online Privacy Protection Act ("COPPA").

Purchase of Websites and Online Businesses

Represented purchaser in acquiring websites and online businesses with known intellectual property issues, licensing issues and regulatory compliance issues related to information privacy, security and consumer protection matters, and assisted purchaser in correcting such issues post-closing.

Parna  Mehrbani
Practice Area Co-Chair

Parna Mehrbani


Steven  Wilker
Practice Area Co-Chair

Steven Wilker