Privacy and Data Security

No matter your location or your industry, our experienced global team can help you protect your reputation, safeguard data, comply with privacy laws and successfully implement innovative technologies—all while meeting your business goals.

Privacy and Data Security
privacy security biometric fingerprint reader

Business-Minded Strategy

Privacy and data security have never been more important for employers as they contend with an ever-growing body of privacy-related laws and the rapid adoption of artificial intelligence and other new technologies in the workplace. Multinational and multistate employers need a business-minded strategy for privacy and data security issues. 

We provide practical counsel on the issues that arise at the intersection of proliferating data protection laws, global data transfers and technology-driven workplaces. We partner with C-suite executives on overall compliance strategy and help in-house privacy attorneys, data protection officers, and HR leadership manage the daily flow of complex privacy and data security challenges. We leverage our decades of experience and insight to develop solutions that align with our clients’ business strategies, objectives and risk tolerance.

2 factor authentication laptop phone privacy lock

Practical Solutions

Our team of experienced and business-savvy privacy lawyers provides practical solutions that align with an organization’s broader strategy and risk tolerance.

We take a holistic perspective, accounting for risks associated with a wide array of intersecting laws, including workplace-specific privacy laws that include: laws related to employee monitoring and surveillance and the collection of categories of sensitive personal information; U.S. data protection laws, such as the California Privacy Rights Act (CPRA) and other state data protection laws that apply to employers; and global data protection laws, including the European Union’s GDPR. We provide practical solutions to comply with complex privacy laws, leveraging a range of easy-to-use document templates and sophisticated guidance, including Littler’s CPRA Compliance Suite.

Experience and Impact

Our holistic approach ranges from implementing new technology to advising on a local biometric law and more.

  • International data protection compliance projects, including data transfer agreements, transfer impact assessments, notices, consents, registrations, and policies and procedures

  • Data security incident response, including ransomware

  • Counseling on privacy/security implications of new workplace technologies

  • Biometric Information Privacy Act (BIPA), Genetic Information Privacy Act (GIPA) and other privacy litigation

  • Applicant and employee privacy notices, global and jurisdiction-specific

  • Defending against regulatory enforcement actions 

  • Information security programs and security incident response plans 

  • Monitoring and surveillance compliance programs, including the use of biometric and location data and insider threat detection tools

  • HIPAA and other health law compliance programs, including notices, information security, administrative forms, and policies and procedures 

  • Drafting and negotiating data protection terms for service provider agreements

  • Monitoring and managing employee off-duty conduct, including social media and political activity 

  • Artificial intelligence compliance 

  • Training of managers and line employees on privacy and information security 

Our Experience

  • Comprehensive knowledge

    From the 80+ national data protection laws to U.S. federal and state privacy laws and on to numerous ‘micro laws’ targeting specific technologies or types of data, our ability to navigate this complex landscape is unparalleled.

  • A global practice with a local touch

    Backed by offices in 28 countries, ours is a truly global practice — but with a local touch. Whether day-to-day policy guidance or large-scale technology implementation, we provide counsel with your business goals top-of-mind.

  • Integration with other subject matter areas

    The interrelated risks of today’s workplace require us to work hand-in-hand with practice groups and industry teams across Littler’s global platform, addressing privacy and data security wherever they arise. 

  • Recognized thought leaders

    Our team includes Certified Information Privacy Professionals for the U.S. and Europe, recognized leaders in eDiscovery, professors of privacy and data protection law, and other lawyers with decades of experience in the space. 

  • Shaping the future of workplace policy

    Littler’s Workplace Policy Institute® focuses on shaping and defining policies with critical implications for employers, including those related to privacy and data protection, the gig economy and the use of new technologies like AI. 

Our Impact

  • 50+
    countries in which we have assisted with data protection compliance programs
  • 100+
    BIPA/GIPA lawsuits defended for our clients (Illinois’s Biometric Information Privacy Act or Genetic Information Privac
  • 100s
    of data security incidents responses on which we have advised, including ransomware attacks
Key Capabilities

From guidance on a new policy to a large-scale technology implementation, our team advises on:

  • Compliance

    We construct privacy governance and data security frameworks supported by effective policies and procedures to protect HR information and manage regulatory compliance around the world.

  • Data Protection Initiatives

    We guide and support your data protection initiatives through actionable policies, procedures and trainings to all levels of the organization. We answer day-to-day questions and assist in overcoming practical barriers to compliance.

  • Data Incident Prevention & Response

    We work with companies to reduce their risk, act as emergency responders when a data security incident occurs and negotiate effective contracts should one of their third-party providers fall victim to a breach.

  • Employee Monitoring

    We help develop and implement policies and procedures to allow employers to utilize workplace and remote employee monitoring tools effectively and lawfully while recognizing the importance of maintaining employee morale.

  • New Workforce Technology

    Whether it’s insider threat management software or new AI tools, we help our clients obtain the greatest benefit from the latest technology while minimizing their exposure to litigation and government enforcement actions.

  • Flow of Data

    We help companies satisfy the ever-changing (and often conflicting) requirements of international data protection regimes to guide the lawful collection, use and transfer of information about applicants and employees in a global workforce.

  • Managing Sensitive Employee Data

    Our team helps draft and implement relevant notices and policies to manage sensitive U.S. employee health information, including guiding compliance with HIPAA privacy and security rules, the HITECH Act, and other laws and regulations.

  • Day-to-Day HR Data Management

    We guide clients in mitigating risks associated with managing global HR data through cloud-based service providers and complying with employment laws that address issues like lawful use of background checks and social media policies.

  • Training

    We provide training for HR professionals who handle employee data; procurement teams who must know what to look for in vendor agreements; and tabletop exercises for company leaders to prepare for potential data breaches.

  • Enforcement

    We help employers manage regulatory enforcement inquiries following data breach notifications or a privacy complaint lodged by an employee, and we have extensive experience defending employers against data privacy related class actions.

Related Focus Areas

Let us know how we can help you navigate your workplace privacy and data security legal issues.