As an individual or a business, it’s difficult to anticipate all the ways your electronic data might be vulnerable. Employees with portable storage devices, criminal hackers, third-party vendors, former business partners, and social media stalkers are only the most obvious concerns. At Hinckley Allen, our focused group of attorneys can help you navigate the intricacies of cyberspace to manage sensitive data confidently. The attorneys in our Privacy and Data Security group blend advanced IT understanding with deep insight into particular areas of law and business such as health care, banking/finance, labor & employment, nonprofits, and trusts & estates.

Protecting your critical electronic assets.

As never before, we use and depend on vast stores of sensitive personal data, including financial, legal, and medical information. Safeguarding these assets is essential for risk management, regulatory compliance, and business assurance. From protecting data to developing privacy policies and dealing with security breaches, we can help you understand and implement best practices to manage sensitive data in your business, family, and personal lives.


Privacy and data security issues touch nearly every aspect of our business and personal lives today. Our specialized team provides services in the following areas:

Corporate Policies and Practices

  • Negotiation of agreements regarding confidential information
  • Development of data security practices and policies
  • Written Information Security Policies (WISPs)
  • Due diligence for privacy/data security
  • Insurance
    • Cybersecurity requirements/policies
  • International/cross-border privacy law
    • Canadian privacy law
    • EU/US safe harbor and privacy shield
  • Mobile privacy
  • Online data tracking
    • browsers, cookies, plug-ins


  • Class action lawsuits
    • Merchants’ duty of care
  • Litigation of claims under HIPAA, state privacy, and security data breach
  • Laws and related common law
  • Hacking and forensic data analysis
  • Identity theft
  • Invasion of privacy
  • Trade secret misappropriation


  • Data breach notification laws (state and federal)
  • Discovery/eDiscovery in civil and criminal litigation
  • Federal privacy and security legislation
    • CAN-SPAM Act
    • COPPA
    • FERPA
    • NIST (IT security aspects)

Health Care Privacy and Security Law

  • HIPAA/HITECH compliance
  • State-level privacy/data security pre-emption analysis
  • HIPAA breaches
  • State law privacy and security law breaches

Banking and Finance

  • Compliance
    • PATRIOT Act
    • Gramm-Leach Bliley Act
    • Fair Credit Reporting Act
    • Financial Privacy Act
    • Bank Secrecy Act
    • Payment Card Industry Data Security Standard (PCI DSS)
    • Legislation – drafting and lobbying

Labor and Employment

  • Employee policies
  • Workforce training and consulting

Trust and Estates

  • Estate-related digital assets and privacy issues
    • HIPAA waivers to allow health care proxies access to individual health information
    • Planning for electronic password storage and retrieval
    • Post-mortem access to private data

News & Insight


New Standard Contractual Clauses Introduced For GDPR – Effective September 27, 2021

September 27, 2021

The European Commission has issued new “Standard Contractual Clauses” – or SCCs – for the transfer of personal data outside of the European Economic Area (including transfers to the United States) after September 27, 2021. Any existing contracts th…


Are There Privacy Laws that Apply to Your (Small) Business?

May 24, 2021

Most people are aware of the General Data Protection Regulation (GDPR) in effect in the European Union and many are aware that the United States does not have a comparable federal law. The US has some industry-specific laws, such as the Health Insurance Po…

See all Publications