In light of growing concerns about identity theft, personal privacy and data integrity, businesses today are facing an increasing array of legal obligations with regard to their use and handling of personal information.  Communicating with customers; compliance with federal and state privacy and data breach laws; managing employees, independent contractors, and outside vendors; designing an IT infrastructure; transmitting data across borders – these are just some of the examples of core business functions that raise legal issues related to data privacy and security.  Combining expertise in core subject areas such as technology and employee matters with long-term experience in data privacy and security regulation, FisherBroyles’ attorneys are able to help their clients navigate this rapidly-developing area of the law using the careful yet practical approach that FisherBroyles brings to every engagement.  FisherBroyles attorneys have helped clients with widely varying circumstances assess and minimize exposure for data breaches, and have guided clients in effective responses to a data breach. Our expertise includes the following areas:


  • Initial and ongoing guidance for US-based companies in complying with evolving requirements of EU General Data Protection Regulation (“GDPR”)
  • Gramm-Leach-Bliley and Financial Privacy/Safeguards Rule
  • FTC Practice/Unfair and Deceptive Trade Practices
  • HIPAA & HIPAA Business Associates
  • Children’s Online Privacy Protection Act
  • Affiliate Marketing and “Red Flag” Requirements under FCRA and FACTA
  • State Regulation of Online Privacy and Social Security Numbers
  • Pending Federal Legislation
  • Electronic Marketing (CAN SPAM and SMS Marketing)
  • Direct Mail and Telemarketing
  • Data Breach Statutes
  • Contractual and Compliance Issues/Contractual Apportionment of Responsibility
  • GLB Service Provider Obligations
  • Privacy Policies/Terms of Use (Internal and Public – Customers and Vendors)
  • Internet Usage Policies
  • PCI Compliance
  • Data Retention and Destruction Policies


  • EU/US Safe Harbor
  • Data Transfers to and from the U.S. and EU
  • Data Controller Registration Requirements
  • Regulation of Electronic Commerce
  • Employee Data Handling


  • Banking & Financial Services
  • Energy & Utilities
  • Healthcare & Pharmaceuticals
  • Manufacturing
  • Media & Entertainment
  • Online Marketplaces
  • Retail
  • Technology
  • Educational Testing
  • Travel & Hospitality
  • Privacy-Enhancing Technologies