With the explosion in information technology, privacy and information security issues have risen to the forefront of legal developments affecting every business. New and emerging privacy and security laws produce challenges for any business that collects, utilizes, or distributes information about individuals. Wide media attention, tort litigation brought by private parties (often as class actions), and governmental enforcement actions have made privacy a major risk area for businesses. Wiley Rein’s goal is to provide companies with a thorough understanding of the current and potential rules on privacy and security and to provide legal solutions that harmonize businesses’ needs with emerging information access restrictions.

Wiley Rein’s Privacy Practice, named one of the best privacy consultancies by Computerworld magazine and recognized as a national leader in Privacy and Data Security law by Chambers USA, includes more than 20 attorneys who provide experience in more than a dozen substantive areas. The Group is chaired by Kirk J. Nahra, who is ranked among the top tier of attorneys nationwide in Privacy and Data Security by Chambers, and is considered by sources to be in “the top echelon” of data privacy lawyers and “highly knowledgeable and sensitive to both costs and delivering results on time” (2013). The directory notes that the Practice “has expertise in security policy, privacy investigations and data breach management” (2012).

We represent domestic and international businesses, as well as major trade associations, in many industries including communications, Internet, health care and insurance, financial services, online advertising, biometrics, information security, manufacturing, retailing, franchising, and distribution. In recommending the Practice, Chambers reports that sources give us “extremely high marks in all categories” (2013), “rate the group highly for its deep knowledge of the field and high levels of service” (2012), and say that “the firm has great stature and offers sound, practical advice” (2011).

Our experience includes:

  • Conducting privacy audits to assess where clients’ national and international business activities intersect with privacy concerns.
  • Analyzing compliance, risk management, and business strategy issues.
  • Advising on mitigation strategies.
  • Adapting available options for maintaining a free flow of personal information to a company's needs and risk exposure.
  • Developing and implementing privacy and security policies consistent with applicable law and business objectives.
  • Drafting Safe Harbor policies, certifications, and privacy protection contracts.
  • Monitoring developments in privacy law worldwide and advocating policy positions in Congress and key national and international regulatory agencies.
  • Reporting of litigation or enforcement efforts related to privacy requirements.

Additional information about our areas of specialty is detailed below.

Health Care

Chambers USA 2011 again rates Wiley Rein’s Privacy Group in its top tier of groups with a health care specialty, noting that the Team is “widely praised for its expertise in privacy matters relating to the healthcare industry.” The firm has taken a leading role in the representation of health insurers, employers, and other participants in the health care system in connection with federal health care privacy rules. We have one of the broadest Health Insurance Portability and Accountability Act (HIPAA) privacy and security practices in the country, and have been involved in representations covering all components of these rules, including compliance counseling, contract drafting and negotiation, preemption analysis, training of corporate employees (including the boards of directors of several large health insurers), and the full range of legal, operational, and risk management challenges presented by the privacy and security rules. We also represent a wide range of entities on other aspects of HIPAA Administrative Simplification, including standard electronic transactions and compliance with the new health information security rules.


Prompted by recent congressional action granting it special authority under the Children’s Online Privacy Protection Act (COPPA) and the Gramm-Leach-Bliley Act (GLBA), the Federal Trade Commission (FTC) has asserted a broad privacy policy leadership role within the federal government.  The FTC also is applying its traditional advertising and trade practices regulatory authority to emerging e-commerce-related privacy issues.  Wiley Rein attorneys practicing before the FTC have been instrumental in shaping its regulations and enforcement policies. 


Companies that do business across borders—or simply handle data identifying foreign nationals—face an array of international privacy regulations.  Unsettled jurisdictional rules for cyberspace complicate matters further, leaving online businesses unsure about which nations’ privacy laws apply to them.  Finally, in the wake of the September 11, 2001 attacks, governments in the United States and abroad are requiring companies to support more surveillance requests, necessitating a review of privacy, security, and confidentiality policies.

Wiley Rein attorneys have extensive experience helping both multinational firms and high-tech-oriented companies develop and implement corporate and website privacy and security policies.  We have helped companies identify solutions to the challenges raised by cross-border data flows.  Among other projects, we have:

  • Crafted alternatives for telecommunications common carriers ineligible to join the US/European Union (EU) Safe Harbor Program.
  • Advised startups and leading e-commerce companies on the emerging risk of EU privacy regulation of the global Internet and proposed steps to reduce the risk of business disruptions.
  • Assisted both Fortune 500 and startup firms in conducting privacy self-assessments and gauging the suitability of the US/EU Safe Harbor Program.
  • Helped a worldwide insurance provider navigate through the inconsistent implementation of privacy laws among the EU member states and develop a common, business-responsive solution.
  • Negotiated with European privacy regulators agreements to keep trans-Atlantic data flows open for multinational financial services and communications companies.
  • Counseled the world’s largest communications firms and Internet service providers concerning privacy and security challenges following September 11, 2001.

Insurance and Financial Services

Insurers and other financial services companies have been at the heart of the public debate on privacy.  These industries face immediate compliance obligations related to GLBA.  The health insurance industry is confronted with complex privacy requirements stemming from HIPAA.  With the advent of e-commerce and the increasing globalization of the insurance marketplace, insurers also must master Internet privacy rules and the increasingly complex international privacy environment. 

We have focused attention on all aspects of the privacy debate as it affects the insurance and financial services industries.  This integrated privacy effort has allowed us to understand and analyze the broad public policy debate on privacy, and to advise our clients on the rules both as they stand today and where they likely will be moving in the future.  Wiley Rein attorneys are:

  • Assisting numerous companies on their immediate compliance obligations under GLBA and HIPAA.
  • Advising on strategic and compliance issues arising from new regulations.
  • Providing risk management and litigation advice.
  • Advising insurers on the future of federal and state privacy legislation and regulation. 

Information Security

We help businesses ensure that (1) privacy policies and confidentiality agreements reflect legal obligations and disclosure authorizations; (2) procedures are in place to respond to court orders within the scope of any liability protections; and (3) disclosures or surveillance can be accomplished without business disruptions.  We also assist companies in all industries meeting new security requirements, whether imposed by law or by industry “best practices.”

We have developed a substantial practice representing health care and financial services companies in connection with security requirements.  We have extensive experience drafting security policies, conducting risk assessments, auditing vendor compliance, and negotiating security contract provisions.

Wiley Rein advises multinational corporations, including all types of communications and Internet companies, about the changing landscape of security and surveillance laws.  Our Team has extensive experience working with the Federal Communications Commission (FCC), the U.S. Department of Justice (DOJ), Congress, and other federal agencies where the complexities of the USA PATRIOT Act, the Communications Assistance for Law Enforcement Act (CALEA), Foreign Intelligence Surveillance Act (FISA), and other surveillance laws continue to evolve.

Our attorneys have:

  • Guided companies through each aspect of CALEA compliance, including assessing the statute’s applicability to a particular business, formulating and filing compliance policies, and petitioning for deadline extensions with the FCC and the Federal Bureau of Investigation (FBI) through the Flexible Deployment Assistance Program.
  • Participated in the ongoing CALEA implementation proceeding before the FCC and continue to conduct negotiations with the FBI CALEA Implementation Section.  We closely monitor law enforcement attempts to erode the information services exemption to CALEA.

Our international security practice advises clients about foreign developments that could result in obligations affecting U.S. communications companies.  We are closely watching the prospect of Senate ratification of the Council of Europe Convention on Cybercrime, which could require U.S. businesses to support foreign law enforcement investigations.  Currently, the head of our International Telecommunications Practice is serving on the U.S. delegation to the Organization for Economic Cooperation Development (OECD) initiative to draft information-technology security guidelines.


Wiley Rein’s Employment & Labor attorneys provide employers with comprehensive counseling and litigation support on issues such as monitoring email, recording telephone or office conversations, searching employee-used equipment or personal property, drug testing, properly retaining employees’ personal information, using credit—and other consumer reports—in employment decisions, and monitoring employee off-duty conduct.

Compliance Investigations

We represent companies in all industries in responding to privacy and security complaints, as well as defending government investigations.  Our recent experience includes a wide range of HIPAA complaints and investigations, defense of numerous Do-Not-Call investigations, and an extensive range of other challenges to privacy and security practices.

Public Policy

We provide lobbying, legislative analysis, and strategic advice related to the many new privacy initiatives on Capitol Hill.  Our work in Congress builds on successful efforts to preserve reasonable information access under GLBA, and on years of experience with the committees exercising jurisdiction over the FTC and other centers of federal privacy regulation.  Our Public Policy Group represents clients in dealings with key agencies including the FTC, U.S. Department of Commerce, and others on policy matters.  Through these activities, Wiley Rein has been active in the debate on critical federal privacy issues.


Many federal and state legislature and regulatory initiatives designed to increase legal protection for the privacy of personal information make specific provisions for private rights of action, as well as enforcement by governmental authorities.  Wiley Rein litigators are well versed in the policy premises underlying these sources of litigation, as well as in the statutory and constitutional law principles that may affect their enforceability.  We also are well grounded in common law and traditional statutory bases for potential privacy liability.  These perspectives, when combined with our depth of experience in litigating large, complex cases, make our firm an excellent choice for privacy litigation. 

Freedom of Information Shielding

For years, the need to provide the government sensitive business information to secure licenses or ward off enforcement, as well as the need to provide business partners access to confidential information, have created the risks that such information could be disclosed, either voluntarily or pursuant to demands under the federal Freedom of Information Act or its state counterparts.  Through focused contracting and negotiation in terms of statutes such as the Federal Trade Secrets Act and the Privacy Act, as well as through supportive reverse Freedom of Information litigation, Wiley Rein attorneys can help keep your sensitive information confidential.


Our leadership in communications law and regulation has produced comprehensive counseling, transactional, administrative, and litigation expertise applicable to privacy-related issues arising among FCC-regulated entities, businesses, services, and products.  Current issues involve the management and transfer of customer databases, the appropriate uses of position-location technology, and special statutes such as the Cable Television Consumer Protection and Competition Act governing cable subscriber information or under the Communications Assistance to Law Enforcement Act establishing technical facilities cooperation responsibilities.

Contact Us

Kirk J. Nahra
202.719.7335 |

Our People

News & Insights

News & Insights