Get In Touch

Privacy and Data Security ‎


As privacy and information security emerge as central compliance concerns for businesses worldwide, Schwabe helps clients take strong proactive and responsive measures.

Industry-focused protection

Our team, which includes two lawyers who hold a CIPP certification* (Certified Information Privacy Professional/US), helps employers and businesses meet their regulatory and common law privacy obligations regarding consumer, employee and patient information they collect, process, disclose or store. We understand the unique needs and obligations of businesses in different industries, and develop workable data privacy and security programs as well as specific agreements for confidentiality, nondisclosure, data-hosting and similar issues.

Navigating healthcare compliance regulations

Businesses and individuals that collect, process, disclose and maintain protected health information are subject to some of the nation's strictest privacy and security rules. With a national reputation in HIPAA privacy and security compliance, Schwabe helps clients in the healthcare industry successfully comply with this complex regulatory scheme.

Safety online

To protect intellectual property and e-commerce activity, we prepare website and mobile application privacy notices, terms of use, ‎end-user license ‎agreements and related policies. We also advise clients regarding various ‎mobile application and mobile payment guidelines and data privacy ‎requirements.‎

Data protection in the workplace

Schwabe advises employers on how to meet their privacy obligations regarding employee medical and personal identifying information. In addition, we are at the cutting edge of helping employers address the growing impact of social networking sites on workplace privacy and security. 

Cybersecurity breaches—not “if” but “when”

The likelihood of a cybersecurity breach is a fact of life for most businesses today. As legal counsel and breach coaches, we help businesses minimize damage and move forward quickly following a data breach. 

* RPC 7.4(d):  The Supreme Court of Washington does not recognize certification of specialties in the practice of law and that certificate, award, or recognition is not a requirement to practice law in the state of Washington.


  • Prepared data privacy and security compliance programs for institutions in multiple industries, including education, healthcare, and insurance
  • Drafted contracts involving regulated entities and vendors that handle protected data
  • Drafted and negotiated agreements for collecting, using, and storing student data, financial data, health data, and other types of consumer data
  • Represented clients in data breach investigations conducted by the Office of Civil Rights, the U.S.Department of Justice, and the Federal Bureau of Investigation
  • Advised clients on privacy, confidentiality, and data security terms in vendor contracts
  • Settled disputes involving hosting of consumer data
  • Advised companies regarding security breach notification obligations in a third-party data security breach incident
  • Analyzed and assisted with recovery of funds taken in a fraudulent wire transfer
  • Drafted consent documentation for consumer data collection
  • Analyzed insurance policies for privacy/cyberliability coverage

Related Services

Resources & Ideas

Legal Articles


Search by: