Privacy & Data Security

Steptoe has been at the forefront of the developing legal and regulatory environment for the Internet and e-commerce in the United States and internationally. We represent leading financial services, telecommunications, technology, information services, and insurance firms on the wide array of issues relating to e-commerce regulatory matters, as well as on potential liability to customers and interaction with law enforcement and other government agencies. We continually monitor legal developments affecting client interests in various aspects of e-commerce, privacy, and security.

Security and Privacy
We advise financial institutions and other multinational companies on data protection, computer security, and privacy law, including obligations under the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Electronic Communications Privacy Act (ECPA), CAN-SPAM, the Fair Credit Reporting Act (FCRA), the Federal Trade Commission Act, Sarbanes-Oxley, and other federal and state laws.  

We also regularly advise companies on applicable international laws, including European Union data retention and privacy directives. A significant part of the practice involves advising companies on how to minimize the risk of a data security breach or to respond in the event of a breach, and how to comply with applicable laws regarding breaches.

We also have extensive legal and technical experience in data encryption technology, an essential tool for reliable and confidential e-commerce, often advising credit card associations and issuers on the use of cryptography for commercial applications. 

In addition, we advise numerous companies regarding law enforcement and intelligence access to communications and information under a variety of applicable laws, including Title III, ECPA, the Communications Act, the Stored Communications Act, the Foreign Intelligence Surveillance Act, FCRA, and the USA PATRIOT Act.

Electronic Banking
As technological advances have transformed banking operations and commerce, our attorneys have become experienced in  electronic banking matters. We have handled certification authority and digital signature issues for several major financial institutions, including banks and credit card companies. We are well versed in electronic banking products, services, and delivery systems such as stored value cards, smart cards, digital cash, and PC-based online banking. 

We have represented clients in matters involving stored value cards, multifactor authentication technologies, electronic fund transfers, financial data processing systems, electronic banking and payment system issues, and system security, data encryption, and export control matters.

Noteworthy

• Ranked, Chambers Global 2013 - Privacy & Data Security (US)

Select News & Events

• HuffPost Live Interviews Michael Vatis on Online Wiretapping
• Reuters Quotes Jason Weinstein on Alleged $45 Billion Cyber Bank Heist
• Media Cover Stewart Baker’s Senate Testimony on Cybersecurity
• Former DOJ Deputy Assistant Attorney General Jason Weinstein Joins Steptoe
• "Technology, Counterfeiting & Piracy: Understanding the Problem and Its Impact"
• The Cybersecurity Threat and Our Changing National Security Landscape
• Legislative and Regulatory Trends in US Privacy and Security Law
• United States-China Relations

More News »

More Seminars & Events »

Publications

• White House Issues Executive Order on Improving Critical Infrastructure Cybersecurity
  February 15, 2013
• Public Safety and Online Privacy—Myth Versus Reality
  Volume 11, Issue 2
  January 2013, Northwestern Journal of Technology and Intellectual Property
• Informationology: A New Framework for Understanding the Roles of Digital Information
  August 13, 2009
• Cyber Security Alert - Major Cyber Security Threat Affecting US Companies
  July 28, 2009

More Publications »