1629 K Street NW  Washington, DC 20006

    (M) 202.204.2256


Privacy, Security and Data Governance


M&W attorneys work closely with our clients to devise strategies, programs and compliance policies to address the increasingly challenging task of protecting data consistent with applicable law. We provide data protection counsel to technology and business leaders in connection with the development and use of emerging technology platforms; to clients in the government and health industries; and to others involved with software development and deployment. M&W has a robust network of outside legislative and public policy specialists that we leverage to ensure our clients are informed of and can appropriately anticipate and respond to developments in privacy legislation and regulation.


Our team advises clients on permissible uses of:


  • Consumer data for purposes of online marketing, enhanced support and product development
  • Machine-readable and log file data for the enhancement of cybersecurity, including with Government agencies
  • Tracking technologies, text messaging, and the use of cookies on websites and third-party platforms
  • Protected information, including sensitive Government data, on cloud and other hosted-provider platforms


For mobile applications and website operators, we assist in drafting online privacy policies and terms of use, taking into account the requirements of laws such as the California Online Privacy Protection Act, and non-US laws for global-facing websites and online applications.


In the healthcare space, we advise clients on medical data, privacy, and security requirements and best practices, including under the Health Insurance Portability and Accountability Act (HIPAA), the federal Human Subjects Protection Regulations, and state law governing healthcare providers, web-based services providers, technology companies and others that access, collect, use, and transfer personal health information as a part of their business functions, support, product refurbishment and warranty replacement processes.


In the data security space, we assist clients in all aspects of their data protection activities, including developing and implementing appropriate cybersecurity standards, drafting data security incident plans, responding to data security breaches by providing necessary notifications, and providing representation in the event of ensuing litigation. For those clients involved in national security-related activities, we assist in matters involving cyber operations, security clearances, and the corresponding security functions of other US government departments and agencies.


Finally, M&W assists clients with the handling of sensitive data in the context of corporate acquisitions.  We help clients:


  • Assess privacy and security data risks of the target company
  • Identify any restrictions on the access, use or disclosure of certain data types
  • Determine what rights our clients will have in the data after closing
  • Evaluate the privacy and security impact of the target company’s sales models
  • Understand how to protect sensitive data in the hands of distributors and channel providers


Copyright © 2018 Marshall and White