Privacy and Information Security Law

Privacy and data security issues are among the most challenging and rapidly-evolving areas of risk for companies across a wide variety of sectors and industries.  Ward and Smith, P.A.'s Privacy and Information Security Practice Group is comprised of attorneys who have the knowledge and experience to help our clients meet these challenges.

The ability to collect, use, and share customer information has become increasingly important to all kinds of businesses:  In many cases, it is absolutely critical to business success.  Legislation, regulations, and civil lawsuits have collectively resulted in significantly greater compliance obligations and dramatically higher risks associated with handling customer or employee information in recent years.  The members of our Privacy and Information Security Practice Group are dedicated to helping our clients reach practical solutions to their business needs while navigating legal obligations and managing risk. 

Privacy and information security issues arise in a number of contexts with which our team has knowledge and experience, including the following:

  • Electronic signatures and records, including the Electronic Signatures in Global and National Commerce Act (E-SIGN Act) and the Uniform Electronic Transactions Act (UETA);
  • E-commerce requirements, including the Payment Card Industry Data Security Standards (PCI-DSS);
  • Data breach response laws and data disposal laws;
  • Password theft, hacking, and wiretapping, including the Stored Communications Act, the Wiretap Act, and other anti-interception laws;
  • Website privacy policies and practices, including the Children's Online Privacy Protection Act (COPPA);
  • Email marketing, including the CAN-SPAM Act;
  • International privacy compliance, including the European Union safe harbor;
  • Social media policies for employers and employees;
  • Financial privacy, including the Gramm-Leach-Bliley Act, the Financial Privacy Act, the Bank Secrecy Act, and other federal and state financial institutions' laws;
  • Unauthorized transactions and funds transfers, including the Electronic Funds Transfer Act and Regulation E, as well as the Uniform Commercial Code;
  • Financial account takeover statutes and the cases that control the allocation of losses when financial accounts are compromised;
  • Credit reporting laws and other "background check" laws, including the Fair Credit Reporting Act;
  • Identity theft laws, including the North Carolina Identity Theft Protection Act and the Federal Trade Commission's "Red Flags" regulations;
  • Health information privacy, including HIPAA and HITECH;
  • Educational privacy, including the Family Educational Rights and Privacy Act (FERPA);
  • Employment privacy and non-disclosure agreements; and
  • Trade secrets.

The legal issues surrounding privacy and information security form a patchwork of dozens of laws rather than any single, cohesive body of law.  Members of our Privacy and Information Security Practice Group have decades of experience advising financial institutions, healthcare providers, employers, and many other businesses and government entities regarding privacy and security issues, and have authored numerous presentations and papers on these and related topics.  By utilizing a cross disciplinary, team oriented approach, we can draw upon our members' significant experience in various areas of privacy law to deliver pragmatic solutions and advice with the efficiency that our clients have come to appreciate and expect. 

We are your established legal network with offices in Asheville, Greenville, New Bern, Raleigh, and Wilmington, NC.