Privacy + Data Security

Morrison & Foerster's highly respected global privacy and data security practice group is comprised of more than 60 lawyers in offices in the United States, Europe and Asia.

Over 100 countries now have their own data protection laws regulating the collection, use, disclosure and security of personal information. The complex and sometimes conflicting obligations imposed by these laws can be challenging for companies seeking to comply with their privacy and data security obligations. Our lawyers are able to offer practical advice that helps our clients balance compliance with running a business in a cost-effective manner.

Our straightforward approach has made us the privacy counsel of choice for some of the world’s largest and best-known global enterprises, as well as for a host of smaller organizations. Our skills are particularly valued by companies that operate in highly-regulated sectors (such as financial services, healthcare and pharmaceuticals), those with an online presence, and those operating internationally. Organizations in these areas face multiple layers of regulation and appreciate the timely, knowledgeable and realistic advice that our attorneys provide. We work with our clients on compliance and risk management, establish programs and policies, provide employee training, respond to regulatory inquiries and investigations, and, where necessary, litigate.

We advise on a broad range of privacy and data protection matters, including:  privacy policies and procedures, information handling, security breaches, regulatory investigations, global compliance, cross-border data transfers, training programs, compliance audits, commercial transactions, website privacy policies, email and telemarketing regulation, litigation and legislative advocacy. Learn more about our privacy litigation experience.

We believe clients value our ability to provide practical, commercial advice. We think there are a few key reasons that we are able to do this.

Our multidisciplinary practice.

Our privacy practice includes legal specialties such as corporate, financial services, employment, technology transactions and litigation.

Our technology focus.

A trend driving data protection regulation has been a shift from notice and choice to a focus on data security. Our lawyers advise many of the world’s leading technology businesses as well as major technology users such as governments, banks and financial institutions. Our technology expertise enables us to speak to general counsel, chief privacy officers and chief information officers regarding technical and non-technical means to safeguard information.

Our technical knowledge.

We are among the first full-service law firms to develop a dedicated practice to advise clients on issues pertaining to the privacy and security of information. Many of our lawyers were involved in enacting key pieces of privacy legislation, such as the Fair Credit Reporting Act of 1970. We have been intimately involved in the evolution of privacy laws around the world and have worked with business groups, legislatures, and data protection authorities on the development of privacy laws.

Our big picture view.

We recognize that privacy and data security concerns are implicated in every aspect of the information management life cycle. We also understand that the effective protection and management of information is at the heart of every well-functioning organization.

The resources we offer.

We offer important resources to support our clients in their privacy compliance and data security efforts.

Legal Resources: The privacy team writes extensively on privacy and data security matters, including Global Employee Privacy and Data Security Law, setting out the U.S. and international legal landscape related to workplace privacy and data security; Information Security and Privacy: A Guide to Federal and State Law and Compliance and Information Security and Privacy: A Guide to International Law and Compliance, which compose a 4,300-page, three-volume treatise that examines all aspects of privacy and security laws, published by Thomson-West; and The Law of Financial Privacy, covering the Fair Credit Reporting Act, Financial Privacy Act, Bank Secrecy Act and Internal Revenue Code requirements, including discussions of state financial privacy laws, use of technology, and use and protection of confidential information. The team has also written Health Care Privacy and Security, Corporate Counsel’s Primer on International Privacy and Security and Internet Marketing and Consumer Protection.

Privacy Library: Morrison & Foerster’s Privacy Library is an online resource, providing links to privacy laws, regulations, reports, multilateral agreements, and government authorities for more than 90 countries around the world, including the United States. The Privacy Library is the most comprehensive collection of privacy laws and regulations ever assembled, the result of years of research and experience working with clients around the world.

MoFoNotes: Morrison & Foerster provides content to TrustArc for its MoFoNotes product, a subscription-based database that helps organizations determine local compliance requirements in jurisdictions around the world, spot potential compliance issues and simplify the development of global privacy approaches.

Show More


Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.