Privacy and Data Security
No matter your location or your industry, our experienced global team can help you protect your reputation, safeguard data, comply with privacy laws and successfully implement innovative technologies—all while meeting your business goals.

We seamlessly coordinate counsel, integrating advice from across Littler’s global platform to address clients’ multijurisdictional and multifaceted challenges.

Business-Minded Strategy
Privacy and data security have never been more important for employers as they contend with an ever-growing body of privacy-related laws and the rapid adoption of artificial intelligence and other new technologies in the workplace. Multinational and multistate employers need a business-minded strategy for privacy and data security issues.
We provide practical counsel on the issues that arise at the intersection of proliferating data protection laws, global data transfers and technology-driven workplaces. We partner with C-suite executives on overall compliance strategy and help in-house privacy attorneys, data protection officers, and HR leadership manage the daily flow of complex privacy and data security challenges. We leverage our decades of experience and insight to develop solutions that align with our clients’ business strategies, objectives and risk tolerance.

Practical Solutions
Our team of experienced and business-savvy privacy lawyers provides practical solutions that align with an organization’s broader strategy and risk tolerance.
We take a holistic perspective, accounting for risks associated with a wide array of intersecting laws, including workplace-specific privacy laws that include: laws related to employee monitoring and surveillance and the collection of categories of sensitive personal information; U.S. data protection laws, such as the California Privacy Rights Act (CPRA) and other state data protection laws that apply to employers; and global data protection laws, including the European Union’s GDPR. We provide practical solutions to comply with complex privacy laws, leveraging a range of easy-to-use document templates and sophisticated guidance, including Littler’s CPRA Compliance Suite.
Our holistic approach ranges from implementing new technology to advising on a local biometric law and more.
Our holistic approach ranges from implementing new technology to advising on a local biometric law and more.
-
International data protection compliance projects, including data transfer agreements, transfer impact assessments, notices, consents, registrations, and policies and procedures
-
Data security incident response, including ransomware
-
Counseling on privacy/security implications of new workplace technologies
-
Biometric Information Privacy Act (BIPA), Genetic Information Privacy Act (GIPA) and other privacy litigation
-
Applicant and employee privacy notices, global and jurisdiction-specific
-
Defending against regulatory enforcement actions
-
Information security programs and security incident response plans
-
Monitoring and surveillance compliance programs, including the use of biometric and location data and insider threat detection tools
-
HIPAA and other health law compliance programs, including notices, information security, administrative forms, and policies and procedures
-
Drafting and negotiating data protection terms for service provider agreements
-
Monitoring and managing employee off-duty conduct, including social media and political activity
-
Artificial intelligence compliance
-
Training of managers and line employees on privacy and information security
Our Experience
Our Experience
-
Comprehensive knowledge
From the 80+ national data protection laws to U.S. federal and state privacy laws and on to numerous ‘micro laws’ targeting specific technologies or types of data, our ability to navigate this complex landscape is unparalleled.
-
A global practice with a local touch
Backed by offices in 28 countries, ours is a truly global practice — but with a local touch. Whether day-to-day policy guidance or large-scale technology implementation, we provide counsel with your business goals top-of-mind.
-
Integration with other subject matter areas
The interrelated risks of today’s workplace require us to work hand-in-hand with practice groups and industry teams across Littler’s global platform, addressing privacy and data security wherever they arise.
-
Recognized thought leaders
Our team includes Certified Information Privacy Professionals for the U.S. and Europe, recognized leaders in eDiscovery, professors of privacy and data protection law, and other lawyers with decades of experience in the space.
-
Shaping the future of workplace policy
Littler’s Workplace Policy Institute® focuses on shaping and defining policies with critical implications for employers, including those related to privacy and data protection, the gig economy and the use of new technologies like AI.
Our Impact
Our Impact
-
50+countries in which we have assisted with data protection compliance programs
-
100+BIPA/GIPA lawsuits defended for our clients (Illinois’s Biometric Information Privacy Act or Genetic Information Privac
-
100sof data security incidents responses on which we have advised, including ransomware attacks
From guidance on a new policy to a large-scale technology implementation, our team advises on:
From guidance on a new policy to a large-scale technology implementation, our team advises on:
-
Compliance
We construct privacy governance and data security frameworks supported by effective policies and procedures to protect HR information and manage regulatory compliance around the world.
-
Data Protection Initiatives
We guide and support your data protection initiatives through actionable policies, procedures and trainings to all levels of the organization. We answer day-to-day questions and assist in overcoming practical barriers to compliance.
-
Data Incident Prevention & Response
We work with companies to reduce their risk, act as emergency responders when a data security incident occurs and negotiate effective contracts should one of their third-party providers fall victim to a breach.
-
Employee Monitoring
We help develop and implement policies and procedures to allow employers to utilize workplace and remote employee monitoring tools effectively and lawfully while recognizing the importance of maintaining employee morale.
-
New Workforce Technology
Whether it’s insider threat management software or new AI tools, we help our clients obtain the greatest benefit from the latest technology while minimizing their exposure to litigation and government enforcement actions.
-
Flow of Data
We help companies satisfy the ever-changing (and often conflicting) requirements of international data protection regimes to guide the lawful collection, use and transfer of information about applicants and employees in a global workforce.
-
Managing Sensitive Employee Data
Our team helps draft and implement relevant notices and policies to manage sensitive U.S. employee health information, including guiding compliance with HIPAA privacy and security rules, the HITECH Act, and other laws and regulations.
-
Day-to-Day HR Data Management
We guide clients in mitigating risks associated with managing global HR data through cloud-based service providers and complying with employment laws that address issues like lawful use of background checks and social media policies.
-
Training
We provide training for HR professionals who handle employee data; procurement teams who must know what to look for in vendor agreements; and tabletop exercises for company leaders to prepare for potential data breaches.
-
Enforcement
We help employers manage regulatory enforcement inquiries following data breach notifications or a privacy complaint lodged by an employee, and we have extensive experience defending employers against data privacy related class actions.
Key Contacts
Related Insights
Related Focus Areas