Skip to main content

Privacy & Cybersecurity

  • Worked with key technical, policy, and operations personnel of a confidential telecommunications service provider to craft data security strategy and associated policies — affecting many thousands of employees and contractors — on the use of mobile-related devices on a companywide level.
  • Regularly advise new and growing Accountable Care Organizations (ACOs), such as health care providers, physician-hospital organizations, and management services organizations, on the structure and implementation of HIPAA privacy and security programs with the goals of regulatory compliance, administrative simplicity and overlapping ACO regulations.
  • Provided Privacy Shield certification advice, guidance on global privacy issues, including the development and roll-out of the company’s compliance program for the European Union’s General Data Protection Regulation, and advice on general privacy issues (including PCI-DSS) to a multinational diagnostics and IT solutions provider with 15 locations.
  • Regularly advise on the regulatory and legal issues involved in the development of registries and data warehouses to support data analytics for research and commercial purposes.
  • Provided HIPAA counsel to a retail pharmacy for a large, federal-state research collaboration involving Medicare pharmacy claims data — providing strategic planning to support exchanges of massive amounts of Medicare claims data.
  • Represented the purchaser of a heath care tech company in an M&A deal where approximately half of the agreement consisted of warranties and representations for privacy, data security and HIPAA — requiring a full understanding of the technology and the client’s data architecture to craft the best reps & warranties and mitigate purchaser risk effectively.
  • Regularly advise clients on complex data transfer issues, particularly with respect to cross-border transfers and M&A transactions, including developing and assisting over 100 clients (both US and multinational) to operationalize compliance programs under the new European Union General Data Protection Regulation.
  • Managed and responded to a major, multimillion-record data breach for a leading global marketplace processing nearly 100 million activity and event registrations and more than $3 billion in payments annually.  
  • Represented a media company in its loss of 200,000 subscribers’ personal data. We negotiated a multistate FTC resolution, helped to set up call centers and prepare breach notices and avoided regulatory and enforcement action.
  • Provided privacy and security representation to a major e-commerce platform provider.
  • Counsel to Comcast, the nation’s largest cable system operator, on cybersecurity policy issues affecting its cable and broadband services. In this regard, the firm assists Comcast in analyzing and responding to Congressional and agency initiatives on cybersecurity policy matters.
Mintz Advises Digital Health Company in Chronic Care Management Space Case Study

Mintz has advised a digital therapeutics company focused on the management of chronic conditions on complex state and federal regulatory landscape, key contracts, FDA rules, and privacy and data security issues.

Managing the Unusual Data Security Incident Case Study
When data belonging to one of the client's large customers was exposed, Mintz helped the client develop a timely response and limit its exposure. The firm's Certified Privacy Professionals have helped companies manage data security incidents for over 15 years.
American Newspaper Avoids Enforcement in Data Breach Case Study
A Mintz attorney advised the publisher of a major American newspaper regarding a data breach involving 200,000 subscribers' personal information. Mintz helped the client set up call centers, notify subscribers, and negotiate a multistate and Federal Trade Commission resolution without enforcement actions.
Fortune 500 Company Avoids Legal Action in Investigation Case Study
A Mintz attorney assisted a Fortune 500 company with a multistate investigation of a data breach involving credit, debit card, and check information. The client avoided government enforcement action and obtained complete dismissal of a class action. Mintz counseled the company on risk management and response.
Hospital Data Breach Affects 800,000 Case Study
Mintz defended a major Massachusetts hospital against federal and state regulatory enforcement actions and class actions following a breach that affected 800,000 people. Mintz also litigated against companies responsible for the loss of data and managed risk assessments under HIPAA and HITECH.
Maximizing Data as an Asset in M&A Transactions Case Study
Mintz's Certified Privacy Professionals have been helping clients maximize the value of their data for more than 15 years. During transactions and M&A deals, Mintz attorneys advise sellers and buyers on data privacy and security risks and help them maximize the value of their data.