Spencer Fane LLP Logo

Privacy Policies and Notices

Spencer Fane attorneys help clients across industries create sound privacy policies and notices, allowing business leaders to best protect the privacy of those they serve and avoid unnecessary litigation related to disclosure issues. Whether the organization is a health care provider, insurance company, financial institution, general business, or e-commerce company, our team develops customized policies and notices to comply with applicable requirements.

Our Data Privacy and Cybersecurity team works closely with attorneys in other practice areas including Health Care and Financial Services to best handle a specific need. The firm’s knowledge of both key privacy issues and our clients’ businesses allows us to deliver uniquely tailored policies and notices. With our attorneys’ depth and breadth of experience working within the federal, state, and industry-specific regulations that govern patient and customer privacy, we have experience working within dense laws and other rules to give us the understanding of what they mean for a specific business, and in turn, we understand how to translate those complexities into effective and practical policies.

While some firms try to commoditize privacy work, Spencer Fane emphasizes truly solving the problems related to privacy policies and notices and not just going through a process. There are no one-size-fits-all solutions for privacy needs, and our attorneys help business leaders understand the value of doing what’s best and not just relying on templated policies and notices because it aligns with what other businesses do.

Spencer Fane regularly handles matters in critical privacy areas including HIPAA, 42 CFR Part 2, and Gramm-Leach-Bliley, leading business leaders through the evolving challenges they face to reach compliance.

Representative Experience 

  • Prepared consumer notices for numerous banking institutions under Gramm-Leach-Bliley.
  • Revised Notice of Privacy Practices for health care providers and health plans to comply with requirements under HIPAA and HITECH, including incorporation of 42 CFR Part 2 requirements, where appropriate.
  • Created an organized healthcare arrangement among a group of covered entities, including a Joint Notice of Privacy Practices, to structure a new primary care service model.
  • Drafted privacy notices and terms of use for multiple organizations engaged in online retail and e-commerce.