Columbia Tower Seattle Columbia Tower Seattle

Privacy & Data Security


Karr Tuttle Campbell’s cross-disciplinary privacy and data security attorneys use their hands-on experience serving tech-sector businesses and heavily regulated industries to counsel companies of all sizes as they manage risks associated with the collection, use, and disclosure of data.

Our attorneys’ extensive subject matter expertise in intellectual property, international law, consumer protection, banking, finance, and healthcare—when combined with a real-world understanding of the actual risks involved with litigation—yields commercially practicable compliance strategies that balance the costs of data security against those of running a profitable business.

Data privacy is an enterprise-wide concern. Over 100 countries and the vast majority of U.S. states promulgate unique rules regulating collection, use, disclosure and security of personal information. A deep understanding of this complex global framework builds trust with business partners and customers. However, the plurality of legislation makes full compliance a daunting task, even for the most experienced businesses.

Karr Tuttle Campbell’s privacy attorneys mitigate risk at every stage of the information lifecycle. Our attorneys partner with general counsel, chief privacy officers, and chief information officers to devise technical and non-technical methods to achieve privacy and data security compliance, including:

  • Compliance counseling for privacy and security issues implicated by mergers and acquisitions, including:
    • Advice on the transfer of a target company’s employee and customer data
    • Integration of the target’s and acquirer’s internal and public-facing privacy policies and data handling procedures
  • Cross-border data transfers
  • Data breach response strategies, including customer notifications
  • Health information privacy strategies
  • Legislative monitoring
  • Privacy policies and data breach notification policies tailored to industry and geography
  • Technology licensing agreements
  • Third-party liability assessments under state, federal, and international privacy laws:
    • Identification of data security vulnerabilities in customer, distributor, supplier, or other business partner agreements
    • Negotiations of vendor contracts and information use and distribution agreements
  • Workplace privacy measures, like acceptable use policies with EU-grade “privacy by design” principles
  • EU General Data Protection Regulation (GDPR) and EU-US Privacy Shield.

We also assist businesses with their efforts to comply with the ever-expanding array of international data protection requirements, including the EU’s General Data Protection Regulation (GDPR) and member state implementations of other EU mandates, such as the EU-US Privacy Shield, model contracts, and binding corporate rules (BCRs).

Our privacy and data security attorneys keep clients apprised of international privacy developments pertinent to their business. In addition, Karr Tuttle Campbell has extensive experience representing Asian and European-based companies, as well as other foreign-based and multi-national companies.

Highly regulated industries.

Our attorneys are sought-after by businesses operating in regulated industries with sector-specific legal issues, such as those implicated by:

  • Children’s Online Privacy Protection Act (COPPA)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
  • Electronic Communication Privacy Act (ECPA)
  • Fair Credit Reporting Act (FCRA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Video Privacy Protection Act (VPPA)