Privacy & Data Security

Steptoe has been at the forefront of the developing legal and regulatory environment for the Internet and e-commerce in the United States and internationally. We represent leading financial services, telecommunications, technology, information services, and insurance firms on the wide array of issues relating to e-commerce regulatory matters, as well as on potential liability to customers and interaction with law enforcement and other government agencies. We continually monitor legal developments affecting client interests in various aspects of e-commerce, privacy, and security.

Security and Privacy
We advise financial institutions and other multinational companies on data protection, computer security, and privacy law, including obligations under the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Electronic Communications Privacy Act (ECPA), CAN-SPAM, the Fair Credit Reporting Act (FCRA), the Federal Trade Commission Act, Sarbanes-Oxley, and other federal and state laws.  

We also regularly advise companies on applicable international laws, including European Union data retention and privacy directives. A significant part of the practice involves advising companies on how to minimize the risk of a data security breach or to respond in the event of a breach, and how to comply with applicable laws regarding breaches.

We also have extensive legal and technical experience in data encryption technology, an essential tool for reliable and confidential e-commerce, often advising credit card associations and issuers on the use of cryptography for commercial applications. 

In addition, we advise numerous companies regarding law enforcement and intelligence access to communications and information under a variety of applicable laws, including Title III, ECPA, the Communications Act, the Stored Communications Act, the Foreign Intelligence Surveillance Act, FCRA, and the USA PATRIOT Act.

Electronic Banking
As technological advances have transformed banking operations and commerce, our attorneys have become experienced in  electronic banking matters. We have handled certification authority and digital signature issues for several major financial institutions, including banks and credit card companies. We are well versed in electronic banking products, services, and delivery systems such as stored value cards, smart cards, digital cash, and PC-based online banking. 

We have represented clients in matters involving stored value cards, multifactor authentication technologies, electronic fund transfers, financial data processing systems, electronic banking and payment system issues, and system security, data encryption, and export control matters.

Success Stories

• Steptoe Wins in DC Circuit Court for ABA

News

• London Office Recommended in Ten Categories of the UK Legal 500

Speaking Engagements

• Maury Shenk Speaks on Security-Related Legal Issues for Internet Telephony
• Maury Shenk Discusses Identity Management on Infosecurity Europe 2007 Panel
• Michael Vatis on US Chamber of Commerce Panel "Minding Your Business: The Future of Privacy"

Publications

• Federal Court: Ban on NSL Notification is Unconstitutional
  November 2007, Data Protection Law & Policy
• Retention and Storage of Temporary User Data
  July 2007, eCommerce Law & Policy
• National Security Letters: Access to Customer Records
  April 2007, eCommerce Law & Policy
• The Globalization of Electronic Evidence Gathering: US Joins Council of Europe Convention on Cybercrime
  B.N.A., Privacy & Security Law Report, Vol. 5, No. 41, pp. 1450-1454
  October 16, 2006