Privacy and Data Security

No matter your location or your industry, our experienced global team can help you protect your reputation, safeguard data, comply with privacy laws and successfully implement innovative technologies—all while meeting your business goals.

Request Information Meet The Team

We seamlessly coordinate counsel, integrating advice from across Littler’s global platform to address clients’ multijurisdictional and multifaceted challenges.

privacy security biometric fingerprint reader

Business-Minded Strategy

Privacy and data security have never been more important for employers as they contend with an ever-growing body of privacy-related laws and the rapid adoption of artificial intelligence and other new technologies in the workplace. Multinational and multistate employers need a business-minded strategy for privacy and data security issues.

We provide practical counsel on the issues that arise at the intersection of proliferating data protection laws, global data transfers and technology-driven workplaces. We partner with C-suite executives on overall compliance strategy and help in-house privacy attorneys, data protection officers, and HR leadership manage the daily flow of complex privacy and data security challenges. We leverage our decades of experience and insight to develop solutions that align with our clients’ business strategies, objectives and risk tolerance.

Practical Solutions

Our team of experienced and business-savvy privacy lawyers provides practical solutions that align with an organization’s broader strategy and risk tolerance.

We take a holistic perspective, accounting for risks associated with a wide array of intersecting laws, including workplace-specific privacy laws that include: laws related to employee monitoring and surveillance and the collection of categories of sensitive personal information; U.S. data protection laws, such as the California Privacy Rights Act (CPRA) and other state data protection laws that apply to employers; and global data protection laws, including the European Union’s GDPR. We provide practical solutions to comply with complex privacy laws, leveraging a range of easy-to-use document templates and sophisticated guidance, including Littler’s CPRA Compliance Suite.

International data protection compliance projects, including data transfer agreements, transfer impact assessments, notices, consents, registrations, and policies and procedures
Data security incident response, including ransomware
Counseling on privacy/security implications of new workplace technologies
Biometric Information Privacy Act (BIPA), Genetic Information Privacy Act (GIPA) and other privacy litigation
Applicant and employee privacy notices, global and jurisdiction-specific
Defending against regulatory enforcement actions
Information security programs and security incident response plans
Monitoring and surveillance compliance programs, including the use of biometric and location data and insider threat detection tools
HIPAA and other health law compliance programs, including notices, information security, administrative forms, and policies and procedures
Drafting and negotiating data protection terms for service provider agreements
Monitoring and managing employee off-duty conduct, including social media and political activity
Artificial intelligence compliance
Training of managers and line employees on privacy and information security

Comprehensive knowledge

From the 80+ national data protection laws to U.S. federal and state privacy laws and on to numerous ‘micro laws’ targeting specific technologies or types of data, our ability to navigate this complex landscape is unparalleled.
A global practice with a local touch

Backed by offices in 28 countries, ours is a truly global practice — but with a local touch. Whether day-to-day policy guidance or large-scale technology implementation, we provide counsel with your business goals top-of-mind.
Integration with other subject matter areas

The interrelated risks of today’s workplace require us to work hand-in-hand with practice groups and industry teams across Littler’s global platform, addressing privacy and data security wherever they arise.
Recognized thought leaders

Our team includes Certified Information Privacy Professionals for the U.S. and Europe, recognized leaders in eDiscovery, professors of privacy and data protection law, and other lawyers with decades of experience in the space.
Shaping the future of workplace policy

Littler’s Workplace Policy Institute® focuses on shaping and defining policies with critical implications for employers, including those related to privacy and data protection, the gig economy and the use of new technologies like AI.

50+

countries in which we have assisted with data protection compliance programs
100+

BIPA/GIPA lawsuits defended for our clients (Illinois’s Biometric Information Privacy Act or Genetic Information Privac
100s

of data security incidents responses on which we have advised, including ransomware attacks

Compliance

We construct privacy governance and data security frameworks supported by effective policies and procedures to protect HR information and manage regulatory compliance around the world.
Data Protection Initiatives

We guide and support your data protection initiatives through actionable policies, procedures and trainings to all levels of the organization. We answer day-to-day questions and assist in overcoming practical barriers to compliance.
Data Incident Prevention & Response

We work with companies to reduce their risk, act as emergency responders when a data security incident occurs and negotiate effective contracts should one of their third-party providers fall victim to a breach.
Employee Monitoring

We help develop and implement policies and procedures to allow employers to utilize workplace and remote employee monitoring tools effectively and lawfully while recognizing the importance of maintaining employee morale.
New Workforce Technology

Whether it’s insider threat management software or new AI tools, we help our clients obtain the greatest benefit from the latest technology while minimizing their exposure to litigation and government enforcement actions.
Flow of Data

We help companies satisfy the ever-changing (and often conflicting) requirements of international data protection regimes to guide the lawful collection, use and transfer of information about applicants and employees in a global workforce.
Managing Sensitive Employee Data

Our team helps draft and implement relevant notices and policies to manage sensitive U.S. employee health information, including guiding compliance with HIPAA privacy and security rules, the HITECH Act, and other laws and regulations.
Day-to-Day HR Data Management

We guide clients in mitigating risks associated with managing global HR data through cloud-based service providers and complying with employment laws that address issues like lawful use of background checks and social media policies.
Training

We provide training for HR professionals who handle employee data; procurement teams who must know what to look for in vendor agreements; and tabletop exercises for company leaders to prepare for potential data breaches.
Enforcement

We help employers manage regulatory enforcement inquiries following data breach notifications or a privacy complaint lodged by an employee, and we have extensive experience defending employers against data privacy related class actions.