Banner image

Data Privacy & Security

Now more than ever, companies must be able to both capitalize on – and guard – their assets, including data. Privacy concerns are at the top of regulatory radar screens and even the smallest enterprise can find itself subject to multiple regulatory schemes that grow increasingly complex and often overlap, or worse conflict, with other obligations.

Digital communication is essential to most businesses regardless of size, industry or geographic boundaries. As data breaches and privacy concerns continue to capture headlines, clients face a growing body of laws that address the collection, use, or disclosure of the personal information and emphasize the rights of individual with respect to their personal information.





Thomas & LoCicero lawyers have experience advising clients on liability and/or compliance issues relating to the growing body of privacy and security laws, such as those addressed by the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), the Genetic Information Nondiscrimination Act (GINA), Gramm-Leach Bliley (GLB), the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), Do Not Call regulations and the Telemarketing Sales Rule (TSR), CAN-SPAM, the Electronic Communications Act (ECPA) and their various state counterparts.

We also advise clients on State privacy legislation such as the California Shine the Light Law, the California Online Privacy Protection Act (CalOPPA), and a variety of state data breach notification acts, and other potentially relevant laws, including the Canadian Anti-Spam Legislation (CASL), the recently implemented European Union General Data Protection Regulation (EU GDPR) and others, as well as industry best practices and self-regulation, whether in the form of mobile marketing carrier requirements, Payment Card Industry Security (PCI) Council Standards or others.

Thomas & LoCicero professionals routinely counsel clients on the use of digital and electronic signatures, e-billing, and the applicability of state and federal laws relating to same. We frequently analyze and advise clients on the legal implications of data handling practices including aggregation, combination, de-identification, re-identification, online tracking via cookies, web beacons, locally-stored objects, and other technologies, as well as the legal and third-party liability consequences of the provision of free wi-fi services to customers, make recommendations regarding accompanying security protocols and draft suitable disclosures, user terms and vendor agreements.

In addition, Thomas & LoCicero attorneys assist clients in responding to actual or threatened “phishing” and “spoofing” activities, often directed at a client’s customers by would-be identity thieves impersonating the client in order to capitalize on (and thereby damage) its trusted status.

Thomas & LoCicero lawyers review websites, mobile apps, widgets, and other digital platforms to assist clients with privacy and security-related compliance issues potentially implicated by the clients’ data collection activities or those of their respective vendors, advertisers, partners, or affiliates. We review, prepare and periodically update privacy policies for websites, mobile sites, mobile apps, widgets, interactive plug-ins and cookies.

We regularly recommend additional assurances such as cyber-liability or data breach insurance coverage or auditing of vendors; and prepare strong contractual provisions. Our lawyers frequently advise clients on their data collection practices on their social media platforms and channels, whether assessing their regulatory risk or the likelihood of breaching the social network terms and landing in that platform’s “social network jail” or worse.

Thomas & Locicero attorneys review and draft agreements relating to data collection, use, transfer, storage, security, retention, and disposal with third parties, co-sponsors/co-promoters, endorsers, independent contractors, other content creators, vendors, e-mail list sellers, data aggregators, advertising and media buy agencies, and promotion and fulfillment companies, including negotiating and drafting privacy protection, security safeguards, breach avoidance, auditing mechanisms, indemnity and insurance provisions as well as internal policies designed to educate client staff and ensure internal compliance.

Our legal professionals routinely review advertising and marketing materials for regulatory compliance and recommend and prepare privacy and data-related disclosures in creative materials for campaigns in all types of traditional and emerging media, including print, POS, television and radio broadcast, digital, GPS-enabled, geofenced, filtered, SMS, and in-app, and social media platforms of all sizes.

In addition, Thomas & LoCicero attorneys regularly advise clients on other privacy issues in advertising and marketing materials, whether under statutory commercial misappropriation prohibitions, unfair deceptive trade practices regulations, contractual theories based on existing website terms, or common law theories of invasion of privacy based on rights of publicity, disclosure of private facts or intrusion via electronic surveillance.

In conjunction with promotions, contests, and sweepstakes, as well as podcasts, webcasts, vlogs, conferences and other cooperative events, our lawyers routinely prepare privacy-related documents for participants, collaborators, and guests including publicity releases and consents, to outline any rights to use name, likeness, interview content or details, or other information in marketing.

Often the needs of a client are best served through arbitration or mediation rather than the pursuit of a courtroom trial.  At TLo, Gregg D. Thomas is a certified federal and state court mediator who combines wide-ranging litigation experience with realistic assessments of the strengths and weaknesses of parties' claims and defenses. As Gregg has noted, "In almost every case, the parties stand to gain by compromising. If they continue to litigate, they are more likely to lose time, money, and peace of mind."

Gregg recognizes that the parties – not the mediator – settle cases. But he also believes that as a mediator he can provide the parties with an impartial and realistic perspective on their case, and a chance to put litigation behind them.  Gregg's approach to mediation derives from more than 30 years as a civil and commercial litigator, and from having clerked for two federal district court judges. 

Thomas & LoCicero frequently arbitrates cases before the American Arbitration Association (AAA), the National Arbitration Forum (NAF) and the World Intellectual Property Organization (WIPO). In arbitration we seek to achieve the optimal result in an efficient and economical manner.

Defamation law, invasion of privacy, and constitutional claims are the areas in which he is best known, but Gregg also has extensive real-world experience in many other fields, including business torts, contracts, deceptive and unfair trade practices, non-competition agreements, trade secrets, RICO, and Section 1983 actions.