Privacy and Data Security, Nutter McClennen & Fish LLP Photo
Print PDF

Privacy and Data Security


Nutter’s interdisciplinary Privacy and Data Security team has years of experience providing counsel, regulatory advice, and litigation services to businesses and institutions. We work closely with our clients, immersing ourselves in their business so that we can provide the best possible value, and strategic guidance. This approach allows our clients to stay focused on core business activities, minimize potential risks, and respond effectively to security incidents. Our attorneys have an exceptional track record in a broad range of privacy and data security matters ranging from compliance with HIPAA and banking regulations to responses to data security breaches.

Read More

Compliance Counseling and Risk/Security Assessment

Our team routinely addresses and mitigates privacy and data security concerns. We are skilled at asking the right questions, mapping and understanding the flow of sensitive data through an organization, spotting compliance issues, and drafting policies and recommended practices to safeguard data. We help clients develop training programs and website privacy policies, and also represent clients when they face issues involving global compliance, cross-border data transfers, and compliance audits.

Our team specializes in negotiating the terms of vendor services agreements relating to the exchange and protection of personal data (both from the “data controller” and “data processor” perspectives), advising on best practices in the e-commerce context, and managing the complexities inherent in cross-market data transfer compliance obligations and related issues.

Security Breach Response

We are experienced in addressing network intrusions and responding to data breaches. We help clients that have learned of a data breach manage their immediate legal responsibilities and develop a response plan for the affected consumers, clients, employees, or other individuals. Our response team assists clients in coordinating with regulatory authorities, meeting public disclosure requirements, assessing a company’s response to the incident, evaluating remedial measures, and responding to civil litigation or government enforcement actions.

Our team stays abreast of the latest developments in the industry by participating in organizations such as the International Association of Privacy Professionals (“IAPP”). Our Privacy and Data Security team includes attorneys designated by IAPP as Certified Information Privacy Professionals (“CIPP/US”), the preeminent credential in the field. We have the knowledge and experience to help businesses understand and comply with the evolving laws and standards that regulate the collection, use, sharing, and protection of personal data.

The interdisciplinary nature of our team—made up of transactional and litigation attorneys—makes Nutter adept at counseling clients across a broad range of industries on compliance with, and defending against, alleged violations of privacy and data security laws.

View Practice Team

News & Insights

Back to Page