• Experienced privacy lawyers who actually handle, on a day-to-day basis, a wide range of privacy, compliance, and data security issues for a diverse client base that includes major multinational companies
  
  
• Internet-savvy lawyers offering advice and transactional services for matters ranging from commercial Internet services agreements and software licensing and development contracts to the world of e commerce, e-marketing, and Internet content issues
  
  
• A multidisciplinary team of attorneys with expertise in Intellectual Property, Employment, Employee Benefits, Financial Institution, Healthcare, and Litigation

Personal information has become a vital corporate asset, and a serious responsibility. Maintaining the privacy and security of financial, healthcare, employee, customer, marketing, and other data is a top concern for companies in virtually all business sectors. Cox Smith's Privacy and Data Security lawyers offer experience and knowledge in this demanding and constantly evolving area of the law, where technology and business models change far faster than statutes and legal precedent can begin to address.

Compliance, Data Breach Responses, E-Commerce and Marketing Advice, and Government Subpoenas and Warrants
In the privacy arena, companies face a fragmented regulatory structure made up of federal laws and regulations as well as laws enacted by the 50 states and Puerto Rico (not to mention the numerous foreign laws that may come into play). We offer advice, training, and policy development where necessary as a result of new legislation and regulations, keeping in mind that state laws typically have a national effect in today's geographically borderless Internet economy. We help companies assess and implement information management systems that address identity theft avoidance, data retention, industry-specific laws, data transfers, and other privacy and data security requirements.

When the need arises, we are ready and able to provide immediate data breach response services and advice. We assist as needed with investigating the incident, and we determine and prepare the required responses, but we also pay particular attention to measures that will minimize disruption and any negative impact on the client's reputation.

We review website agreements and policies for compliance with applicable laws where customer data or other data concerning individuals is concerned, and we counsel clients on permissible marketing and other uses of data as well as the legal obligations associated with such use. Marketing advice often involves consideration of state and federal telemarketing rules and requirements, in addition to those specifically directed to the Internet (such as CAN-SPAM). Our clients regularly call on us for privacy policy drafting and updates and Safe Harbor registration.

We have unique and extensive experience counseling clients on subpoena and search warrant compliance, government investigations, and requests for personnel records. In addition handling the appropriate responses to such requests, we help clients craft their inward-facing and outward-facing policies and practices, as well as their customer agreements, to provide the flexibility clients need to protect their interests.

Privacy-Related Litigation
We have considerable experience with national computer fraud and privacy litigation matters. This includes online impersonation situations, and experience in locating fraudulent Internet users through lawsuits and the use of "John Doe" subpoenas.

Transactional Matters, Product Development, and Related Support 
Our Privacy lawyers can assist in the acquisition, transfer and augmentation of valuable and protected customer, marketing, and other data. When product development or M&A work requires, we help clients (and the business/transaction team) understand and handle risks, obligations, and restrictions applicable to personal data, and the ability to use or transfer acquired customer and marketing information.

We routinely handle commercial agreements (including critical development, support, data risk allocation, distribution, end-user, and business continuity provisions) for major Internet service offerings that involve substantial amounts of customer information. More generally, our attorneys offer valuable input in connection with the information management aspects of vendor and contractor agreements that are a part of virtually all business relationships.

Financial Privacy
Cox Smith is experienced in helping financial institutions comply with all the federal and state laws governing the collection, use and security of personal financial information. That includes federal statutes such as the Gramm Leach Bliley Act (GLBA), the Right to Financial Privacy Act, and the Fair Credit Reporting Act (FCRA), as well as the more generally applicable Electronic Communications Privacy Act (ECPA) and Children's Online Privacy Protection Act (COPPA). As with other industries, we advise our clients on how best to adopt privacy policies and procedures, and we also provide financial privacy-related advice concerning matters such as payment card industry standards, gift/stored value cards, mobile and emerging payment technologies, FACTA requirements, and federal and state banking and financial information privacy laws and regulations.

Protection of the security of financial data is another major focus of our practice. We assist both financial institutions and vendor clients in drafting and negotiating agreements that meet the expectations of the law with regard to security standards, including GLBA and FCRA/FACTA requirements. Further, we assist both financial institutions and vendors in the unfortunate situation when a security breach occurs. Such help includes crafting notices to customers and regulators that are legally compliant while identifying business issues and practical solutions.

Our banking lawyers have long been active in public advocacy efforts in the legislative and executive branches of Texas government so that privacy and consumer protection regulation in Texas is practical as well as effective.

HIPAA - Protected Health Information
With lawyers from the firm’s Benefits group as well as the firm’s Healthcare group, our Privacy and Data Security practice helps employers, health care providers, insurers, and service providers navigate evolving Health Insurance Portability and Accountability Act (HIPAA) requirements, including compliance with all aspects of the Privacy Rule, Security Rule, and the relatively new Breach Notification Rule. Proactive advice, development of user-friendly policies and procedures, and training on all aspects of HIPAA compliance are at the heart of our practice.

For clients with existing HIPAA programs, we often perform gap analysis work to determine the extent of their HIPAA compliance needs and we conduct Security Rule risk assessments of their current Protected Health Information (PHI) security practices. When appropriate, we prepare compliance memoranda to document the successful completion of compliance tasks.

We frequently prepare and negotiate Business Associate Agreements tailored to clients' specific data and business needs. We have also assisted numerous service providers that are Business Associates in their efforts to comply with the full slate of HIPAA requirements as mandated by the HITECH Act.

When data breaches occur, our team works with clients to conduct risk assessments under the new Breach Notification Rule, then to orchestrate the appropriate response. Data breach incidents involving PHI frequently raise issues under other laws, and we work within the broader team of the firm's Privacy lawyers to develop and implement comprehensive strategies and solutions. If warranted, we also provide follow-up training and policy review.