Privacy & Cybersecurity for Educational Institutions

Crowell & Moring’s Privacy & Cybersecurity Group guides colleges, universities, academic medical centers, research institutes and those who service them through the myriad federal and other laws governing the collection, use, and protection of data. Our goal is to help our higher education clients further their unique role in facilitating the flow and use of information, while ensuring its utmost security.

Our approach is holistic and draws from experience across the firm. We integrate our understanding of intellectual property, trade secrets, health care, government contracts, corporate, and white collar law to address the most pressing privacy and cybersecurity issues facing educational institutions. Our cross-disciplinary team is devoted to innovative, cost-effective, and sustainable solutions, in partnership with each institution, tailored to its needs.  

On the front end, we counsel and train institutions on how to strengthen their security, develop and implement privacy and data protection programs, and comply with applicable laws. On the back end, we have extensive experience managing the crises that can arise in the event of a breach, including those involving personal information, trade secrets, and other proprietary information at the heart of university research. We are on the ground from initial internal investigations to notifications, and we routinely interface with federal and state enforcement agencies and defend against class actions. Data infiltration need not spell catastrophe.  Rather, proper crisis management, including timely remedial action and accurate assessments of harm, can mitigate and even salvage a breach crisis. We counsel our clients through every step, all while appreciating the exceptional issues raised by the multitude of academic stakeholders.

In addition to our extensive experience with U.S. federal and state privacy laws, we have a wealth of experience regarding global privacy issues that aids our educational clients who are looking to capitalize their assets by venturing into the global market. Our European practice is focused on current and proposed EU privacy laws, and is experienced in conducting data protection audits and dealing with government authorities to implement and maintain annual registrations of data practices. We also work closely with our affiliate, C&M International, which is deeply involved with the privacy laws of Pacific Rim nations, including South Korea and China. 

Experience

We have counseled and defended clients regarding issues in the following areas:

  • Family Educational Rights and Privacy Act (FERPA)
  • HIPAA
  • COPPA
  • Fair Credit Reporting Act
  • Computer Fraud and Abuse Act
  • CAN-SPAM Act
  • Telephone Consumer Protection Act (TCPA)
  • Fair and Accurate Credit Transactions Act (including Red Flags Rule)
  • Federal Trade Commission Act
  • State notification and encryption laws
  • Global privacy policies and procedures
  • EU Data Protection Directive
  • EU E-Commerce Directive
  • Internet privacy statements
  • Data management
  • Compliance audits
  • Contracts for cross-border transfers of data
  • Safe Harbor Program certifications
  • FISMA and NIST standards
  • SAFETY Act
  • Cloud computing
  • Trade secrets protection and litigation
  • Intellectual property (IP) security
  • Federal and state law coordination

Click here to view representative engagements.