Privacy and Data Security

"Their knowledge of local law and global processes is excellent. The guidance they give is in-depth, yet to the point.”

Chambers USA 2020

Baker Botts recognizes that data-protection and privacy issues are a concern for all companies that gather, store, or process the sensitive or personal information of their customers, third parties or employees. Privacy regulations around the world change constantly and the growth in technology available to transfer, manipulate, process, and access data shows no sign of abating.

Our lawyers, located around the world, are experienced in all data privacy issues. They regularly advise on compliance, including conducting privacy audits, creating privacy policies and website terms of use, negotiating and mitigating data privacy risk in commercial contracts and corporate transactions, representing clients in regulatory investigations, and in litigations.

Our cross-border team recognizes that privacy and data protection issues are truly international in scope. Data privacy affects all companies, whether based in the U.S. or internationally. Compliance with, and the extra-territorial impact of the new European General Data Protection Regulation ("GDPR") is a particular issue for companies and our team works closely with our clients on all aspects of this ground-breaking legislation. Our lawyers are at the forefront of thought leadership on the topic.

"A very joined up cross-border U.S./UK team. Efficient and technically able and commercially sound."

The Legal 500 UK 2019

Our Experience:

  • Compliance strategies and advising on internal data audits, particularly in a global context involving the cross-border transfer of data
  • The full range of commercial agreements where the handling of personal data is of paramount concern, including cloud services, information technology services, business process services, security services, and vendor contracts
  • Drafting privacy policies and website terms of use
  • Drafting compliant employment contracts
  • Counseling on data privacy laws worldwide, including the EU's GDPR and e-Privacy legislation
  • Regulatory investigations into data handling and breach
  • The preparation of incident response strategies
  • Disputes relating to data handling and data loss, including contractual claims and private rights of action