Areas oF Practice

Information Security & Privacy 

Greensfelder’s Technology Transactions Practice Group provides strategic counsel in the areas of information security and privacy to financial institutions, healthcare providers, educational institutions, data processors, and other organizations that manage customer, employee, and sensitive information. We assist clients in understanding information security and privacy responsibilities, developing policies and procedures, responding to incidents, and effectively managing information security and privacy risks.

The importance of information security and privacy, and the increased attention given to this area by federal and state regulators, the media, private litigants, and consumers, is driven by a number of recent developments, including:

  • Alarmingly frequent reports of data security breaches, including losses attributable to “hacking”, “phishing” and “pretexting”

  • The adoption of new technologies, including wireless networks, handheld computing devices, Internet portals, and other remote access networks.

  • Increased reliance on service providers to manage back-office operations, operate mission-critical systems, and provide data processing services.

  • Business continuity and disaster recovery preparedness concerns in the aftermath of September 11, 2001 and Hurricanes Wilma and Katrina.

Our technology transactions attorneys approach information security and privacy with the following objectives:

  • Implement policies and procedures that draw on legal precedent, regulatory guidance and industry best practices.

  • Translate abstract compliance obligations into discrete compliance tasks, including form agreements, vendor questionnaires and other hands-on tools.

  • Draw on the expertise and participation of our clients’ business, technical, and compliance personnel, on a cross-divisional and coordinated basis.

  • Build on the existing supervisory compliance structures of our clients, and integrate information security and privacy into the client’s day-to-day operations.

Recent examples of our services include:

  • Developing and implementing information security, privacy, and service provider oversight policies and procedures for a number of financial services clients.

  • Advising healthcare institution clients on referring physician Web portals and ASP model software licensing arrangements.

  • Advising educational institution clients on the electronic storage and third party hosting of student records.

For additional information regarding Greensfelder’s information security and privacy services, please contact M. Spencer Garland at (314) 516-2613 or

We Earn Our Reputation from the Companies We Keep®