Privacy and Data Security

Munger, Tolles & Olson is an established leader in the area of privacy and data security. Our attorneys are therefore well equipped to counsel clients on the latest developments in privacy and data security law, advise clients in responding to data breaches and represent clients in information security and privacy litigation.

Munger Tolles has represented clients in federal and state courts (including the U.S. Supreme Court), as well as in front of government regulatory agencies, in high-profile matters related to consumer privacy and website user data. We have defended companies against claims relating to alleged violations of Internet privacy laws, as well as the theft or disclosure of confidential personal information. Our attorneys have extensive experience with various laws concerning online privacy and information security, including the Electronic Communications Privacy Act, the Children’s Online Privacy Protection Act, the Stored Communications Act, the Video Privacy Protection Act, the Computer Fraud and Abuse Act, and California’s Confidentiality of Medical Information Act.

We have been at the forefront of legal developments in this area, including representing: 

  • The Regents of the University of California in winning a jury verdict in favor of UCLA Health System, which was accused of negligently releasing the plaintiff’s medical records in violation of California’s Confidentiality of Medical Information Act. After a one-week trial, a Los Angeles jury rejected the plaintiff’s claim for more than $1.25 million in damages.
  • Snapchat in a putative class action challenging feature allegedly involving facial recognition scanning as violating the Illinois Biometric Information Privacy Act.
  • LinkedIn in several cases, including a putative class action challenging the importation and use of email addresses from members’ external email accounts as violating California’s right of publicity and unfair competition law, as well as the Wiretap Act and Stored Communications Act; and in an action before the Foreign Intelligence Surveillance Court (FISA) that garnered nationwide attention challenging government restrictions on disclosure of government requests for member data.
  • Facebook in appeals before the U.S. District Court for the Ninth Circuit and U.S. Supreme Court challenging the use of cy pres in privacy class action settlements.
  • ESPN and Disney in two putative class actions involving the WatchESPN and Disney apps for the Roku device alleging violations of the Video Privacy Protection Act.
  • HTC in nationwide class actions alleging that installation and use of Carrier IQ software on smartphone devices violates the federal Wiretap Act, Stored Communications Act, Computer Fraud and Abuse Act and other laws.
  • The University of California in multiple class and individual actions involving unauthorized access to computer networks that contained patients’ confidential medical information or other alleged unauthorized releases of such information. We obtained the first appellate ruling that a claim under California’s Confidentiality of Medical Information Act requires proof that the plaintiff’s confidential information was viewed by an unauthorized person. 
  • Verizon Wireless in a qui tam action brought under the False Claims Act against major wireless carriers alleging overcharging by carriers in provision of wireless surveillance for law enforcement agencies.

Munger Tolles also assists clients with the development of privacy and data-protection compliance programs. For example, our attorneys counsel clients on drafting vendor contracts that require the client’s vendors to maintain robust data-security policies and procedures. We routinely advise companies and nonprofits on cutting-edge privacy policies and practices, including cross-border data-privacy laws and data-mobility issues involving the transfer of user data in a manner consistent with federal and state privacy laws. Munger Tolles also helps clients who experience a data theft with navigating complex data-breach notification and reporting requirements. 

Contact:
Jonathan H. Blavin (415) 512-4011
Grant A. Davis-Denny (213) 683-9225
Bradley S. Phillips (213) 683-9262
Rosemarie T. Ring (415) 512-4008