| 1 | Employer Access to Social Media Accounts State Laws ... A Chart describing state legislation prohibiting private employers from asking employees and job applicants to provide access to their social media accounts and reveal usernames and passwords, with certain exceptions. | Practice note: overview | 15-May-2013 |
| 2 | Overview of EU data protection regime An overview of the nature and scope of data protection and privacy laws in the European Union. | Practice note: overview | Maintained |
| 3 | Overview of image rights A practice note dealing with the developing law on the protection of image rights in the UK, focusing in particular on the protection of commercial personality interests. | Practice note: overview | Maintained |
| 4 | Overview of privacy law This overview provides a high-level summary of the key features of UK privacy law, including the key principles that can be drawn from the cases, and the key legislation. It also includes discussion of the implications of privacy law for businesses. | Practice note: overview | Maintained |
| 5 | Privacy and Data Security Toolkit Resources to assist counsel in creating, implementing and reviewing a company's privacy and data security compliance programs. | Practice note: overview | Maintained |
| 6 | US Privacy and Data Security Law: Overview This Note provides an overview of prominent US privacy and data security laws relating to the collection, use, processing and disclosure of personal information. It summarizes key federal privacy and data security laws, certain state laws, with a focus on California and Massachusetts and the Mobile Marketing Association and Payment Card Industry Data Security Standard, two key industry-specific privacy and data security guidelines and requirements. | Practice note: overview | Maintained |
| 7 | Cloud Computing and HIPAA Privacy and Security This Note addresses the legal and contractual considerations relating to privacy and security under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the context of cloud computing. The Note includes specific contract provisions that should be considered when negotiating or evaluating a contract with a cloud provider. | Practice notes | Maintained |
| 8 | Cookies: UK issues A practice note outlining issues that providers should consider before placing cookies on the terminal equipment of internet users. | Practice notes | Maintained |
| 9 | Corporate whistleblowing hotlines and EU data protection ... A note which describes the data protection and employment issues that arise when European companies listed at US stock exchanges set up corporate compliance (whistleblowing) hotlines in order to fulfil obligations under section 301(4) of the US Sarbanes-Oxley Act 2002. The note also discusses recent regulatory developments in the EU relating to whistleblowing hotlines, and suggests compliance strategies to ensure that hotlines comply with EU data protection laws. | Practice notes | Maintained |
| 10 | Cyber Attacks: Prevention and Proactive Responses This Note discusses common cyber attack scenarios and sets out actions that companies can take to prevent or respond to attacks, including developing a cyber attack response plan. It also addresses the chief compliance officer's role in preventing and containing attacks and law enforcement referrals, and civil and criminal actions companies can pursue against attackers. | Practice notes | Maintained |
| 11 | Data protection aspects of image rights A practice note considering the extent to which "image rights" are protected under the UK data protection regime. | Practice notes | Maintained |
| 12 | Direct Marketing This Note considers the statutes, regulations and voluntary codes of practice that apply to direct marketing activities. | Practice notes | Maintained |
| 13 | E-mail Marketing: CAN-SPAM Act Compliance A Note discussing the federal CAN-SPAM Act's requirements for commercial e-mails, its enforcement and best practices for compliance. | Practice notes | Maintained |
| 14 | Electronic Workplace Monitoring and Surveillance This Note addresses electronic monitoring and surveillance of employees, including laws applicable to a private employer's monitoring of social media (such as Facebook). It discusses key issues private employers should consider, including compliance with wiretapping, privacy, anti-discrimination and labor relations laws. It also includes practical tips for minimizing the related risks. | Practice notes | Maintained |
| 15 | HIPAA Privacy Rule This Practice Note describes the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for protecting the privacy of personal health information. It includes a description of the entities and types of health information covered by the Privacy Rule, an overview of individual privacy rights and a discussion of the permitted and prohibited uses and disclosures of health information. | Practice notes | Maintained |
| 16 | HIPAA Security Rule This Note provides an overview of the requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for protecting the security of electronic protected health information (ePHI). It discusses the types of entities required to comply, the general requirements, guiding principles and related organizational and document requirements. This resource is in the process of being updated for final HIPAA regulations issued in January 2013. | Practice notes | Maintained |
| 17 | Mobile App Privacy: The Hidden Risks A Practice Note discussing privacy considerations in the context of mobile applications (apps), including liability risks associated with mobile app information collection and practices for addressing those risks. This Note provides an overview of how mobile apps use technology to collect information about and track end users, identifying key differences between mobile apps and websites in terms of how they collect and store end-user information and end users' ability to control that collection and storage. It also discusses the legal framework governing mobile app privacy, including FTC rulemaking, guidance and enforcement actions. | Practice notes | Maintained |
| 18 | Personal data security breach management in the public ... This practice note considers UK data protection laws and guidance on personal data security breach management in the public sector. | Practice notes | Maintained |
| 19 | Privacy and Data Security: Breach Notification A Practice Note discussing certain US federal and state data breach notification laws relating to personal information and providing practical tips on how to prepare for and respond to a data security breach. | Practice notes | Maintained |
| 20 | Privacy implications of social-networking sites A practice note on the privacy implications of social-networking sites. | Practice notes | Maintained |
| 21 | Privacy in the Employment Relationship This Note provides an overview of privacy issues in employment, which may arise in various contexts, such as background checks, drug testing, e-mail and other electronic surveillance and tracking by GPS. Invasion of privacy claims are highly fact-intensive and largely dependent on state law. This Note contains information that is general and not jurisdiction-specific. | Practice notes | Maintained |
| 22 | Privacy law: alternative causes of action to claim for misuse of ... This note considers other possible causes of action, apart from a claim for misuse of private information or breach of confidence, that might be relied on to protect privacy. | Practice notes | Maintained |
| 23 | Privacy law: key legislation and cases This note discusses the key legislation relating to privacy law, the key cases, and how the law might develop in the future. | Practice notes | Maintained |
| 24 | Privacy law: key principles derived from the case law This note contains a broad description of the key principles to be derived from the decisions of the UK courts and the European Court of Human Rights in privacy cases. | Practice notes | Maintained |
| 25 | Privacy law: remedies This note considers the main remedies for infringement of privacy, including interim injunctions (now called interim non-disclosure orders), with a detailed discussion of the contentious topic of super-injunctions and anonymised injunctions, and damages. | Practice notes | Maintained |
| 26 | Recording telephone calls and face-to-face meetings This practice note explains when a business can record telephone calls with third parties, such as customers or employees, and also the implications of recording face-to-face meetings. | Practice notes | Maintained |
| 27 | Written Information Security Programs: Compliance with the ... A Note discussing written information security programs (WISPs) under the Massachusetts data security regulation (Mass. Regs. Code tit. 201 § 17.00). The Note also discusses reasons for adopting a WISP, preliminary considerations and enforcement actions by the Massachusetts Attorney General. | Practice notes | Maintained |