Privacy and Data Security in Outsourcing

(710 Ratings)

Produced on: May 26, 2015

Course Format On Demand Audio

Taught by


Course Description

Time 66 minutes
Difficulty Intermediate

In this session, partners Dan Mummery, Karl Nelson, and Alex Southwell from Gibson, Dunn & Crutcher’s outsourcing practice discuss the privacy and data security issues that may arise in outsourcing transactions and best practices to address these issues. They explore the laws and standards applicable to privacy and data security, identify the contract provisions necessary to protect against the legal, compliance and reputation risks that can be caused by data breaches, and examine the legal and business risks to consider when negotiating data security standards, notice requirements, audits and allocation of costs.


Learning Objectives:

I.   Identify privacy and data security issues arising in outsourcing transactions 

II.  Summarize laws and standards applicable to privacy and data security

III. Discover business risks when negotiating data security standards, notice requirements, audits, and allocation of costs


Daniel R. Mummery

Gibson, Dunn & Crutcher

Dan Mummery is a partner in the Palo Alto office of Gibson, Dunn & Crutcher and is Co-Chair of the firm's Strategic Sourcing and Technology Transactions Group.

Mr. Mummery's practice encompasses a wide range of technology transactions and sourcing matters, with a particular emphasis on complex on-shore and off-shore information technology and business process outsourcing transactions, including outsourcing renegotiations and restructurings, shared services, business transformation, licensing, and contract manufacturing arrangements. Mr. Mummery's ITO experience includes infrastructure, ADM, IT security, end-user computing, help desk, call center and managed network transactions. His BPO experience includes HR, finance and accounting, procurement and supply chain management, claims processing, facilities management, clinical programs, fulfillment and logistics transactions.

Mr. Mummery has worked with a broad range of clients in major sourcing engagements and technology transaction matters, including some of the largest automotive, communications, energy, financial services, healthcare, manufacturing, media, technology and transportation companies in the world, as well as emerging growth companies and private equity and venture capital investors. He has represented such clients as American Express, AT&T, BellSouth, British Telecommunications, Cable & Wireless, Charles Schwab, Chevron, Clorox Company, Continental Airlines, Con-way, DuPont, Gateway, General Motors, KPMG, Levi Strauss & Co., McGraw-Hill, Miller Brewing Company, NetApp, Ryder, Symantec, Tenet Healthcare and United Air Lines.

Mr. Mummery is ranked by Chambers & Partners as one of the very best outsourcing lawyers in the world. Chambers USA Guide (2014) and Chambers Global Guide (2013) have awarded him their highest rankings in the categories of Outsourcing (USA, Band 1), IT & Outsourcing (California, Star Individual) and Outsourcing (Nationwide, Band 1). According to Chambers, Mr. Mummery is “an absolutely incredible outsourcing lawyer”, with a "wonderful negotiating style" who “fiercely protects client interests and provides high-value, strategic business and legal advice.”

Mr. Mummery is also included in Practical Law Company'sCross-border Outsourcing Handbook (2011-2012), The Best Lawyers in America 2013, The Lawdragon 500 (New Stars, New Worlds), Global Counsel 3000 and Mondaq Business Briefing, Survey of Leading E-Commerce Lawyers and is a member of the Advisory Board of Global E-Commerce Law and Business Report. He has been recognized as a "Leading Lawyer" in the Legal 500 US (Media, Technology & Telecoms, Technology – Outsourcing) for his outstanding outsourcing and technology transactions practice for many years.

Mr. Mummery's work in structuring, negotiating and implementing outsourcing transactions has been featured inThe Recorder, The Daily Deal and Business Finance. He is a frequent lecturer on outsourcing topics including, most recently, at ITO, BPO and offshoring programs organized byBusinessWeek, Gartner, Sourcing Interests Group and The Conference Board.

Mr. Mummery received his J.D. from Fordham University School of Law in 1988, where he served as editor-in-chief of the Fordham Urban Law Journal, and his A.B. from Bowdoin College in 1981. He is admitted to practice law in California and New York.

Karl G. Nelson

Gibson, Dunn & Crutcher

Karl Nelson is a partner in Gibson, Dunn & Crutcher's Dallas office and a member of the firm's Labor and Employment, Employee Benefits, Executive Compensation, and Class Action Litigation Practice Groups. He is also a founding member of the firm's Information Technology and Data Privacy Practice Group. 

Recognized as one of The Best Lawyers in America® for Labor & Employment Litigation (2012-2015), Mr. Nelson counsels and represents clients in all aspects of federal and state employment regulation, labor relations, and compensation and benefits law. He has extensive experience defending complex labor and benefit matters, including class and collective actions under Title VII of the Civil Rights Act, the Employee Retirement Income Security Act, the Worker Adjustment and Retraining Notification Act, the Age Discrimination in Employment Act, and the Texas Commission on Human Rights Act. He has successfully defended clients against claims of age, race, disability and gender discrimination, sexual harassment, "whistle-blower" retaliation, and wrongful discharge under state common law, and he regularly advises and represents clients in connection with trade secret, competition, and employee-raiding issues. 

Mr. Nelson also has extensive experience representing clients before federal and state administrative agencies. He has successfully represented employers before the Department of Labor in complex wage and hour and pension benefits investigations and in Sarbanes-Oxley whistleblower retaliation cases, as well as before the EEOC in connection with charges of individual and class-wide discrimination. Mr. Nelson also frequently assists clients in conducting internal investigations of high-risk and high-profile matters such as those involving potential misconduct by senior executives and corporate officers and allegations of whistle-blowing under the Sarbanes-Oxley Act and similar laws. Given the sensitive and high-profile nature of the matters he regularly handles, Mr. Nelson frequently works closely with in-house and outside resources to coordinate legal, investor relations, and media strategies and messaging.

Representative areas in which Mr. Nelson practices include:

  • Class and Collective Discrimination Actions – Mr. Nelson has successfully represented employers in industries including retail sales, manufacturing, defense, and transportation in class and collective actions alleging discrimination in pay, promotion opportunities, and job assignments on the basis of race, sex, age, and disability. Recently, he participated as a core member of the team that redefined the legal standard for class certification in the U.S. Supreme Court’s watershed decision in Dukes, et al. v. Wal-Mart Stores, Inc.
  • Employee Benefits Litigation – Mr. Nelson has successfully defended clients in a variety of industries, including transportation, manufacturing, and defense in connection with both individual and class action claims alleging violation of fiduciary standards and other requirement of the Employee Retirement Income Security Act as well as violation of federal and state wage and hour laws. He was among the first to argue successfully for dismissal at the pleading stage of fiduciary breach and self-dealing claims in connection with ERISA “stock-drop” litigation. E.g., Lalonde v. Textron, Inc., 270 F. Supp.2d 272 (D.R.I. June 24, 2003), aff'd in part, 369 F.3d 1 (1st Cir. 2004).
  • Other Class and Collective Employment Litigation –Mr. Nelson has also successfully defended clients in class and collective (as well as individual) actions alleging violation of wage and hour laws, including uncompensated work time and improper pay at termination, and violation of the Workers’ Adjustment and Retraining Notification Act.
  • Administrative Proceedings and Investigations – Mr. Nelson has represented leading corporations in industries including financial products, retail, and consumer products when responding to high profile investigations by the Department of Labor, the National Labor Relations Board, and the Equal Employment Opportunity Commission. Engagements have included coordinating a leading retailer’s response to the Occupational Safety and Health Administration and local law enforcement in connection with the crowd-trampling death of an employee, leading the response to an investigation by the DOL’s Employee Benefit and Security Administration into pension losses resulting from the financial collapse of a major U.S. conglomerate, and counseling one of the nation’s largest private employers in connection with an EEOC investigation calling into question the structure of its hourly pay plan.
  • Sensitive Internal Investigations – Mr. Nelson has represented clients across a wide variety of industries, including aviation, retail, building products, manufacturing, and hospitality, in sensitive internal investigations of possible misconduct such as employee theft of confidential information, whistle-blowing, sexual harassment, bribery, and corruption. In addition, he has led teams responding to sensitive investigations in a variety of non-employment contexts, including in response to investigations by the National Collegiate Athletic Association and to a high-profile outbreak of salmonella affecting the guests and staff of a major hotel.
  • Trade Secrets and Competition – Mr. Nelson frequently counsels and represents employers in connection with the protection of proprietary, confidential, and trade secret information and enforcement of restrictive covenants limiting post-employment competition, solicitation, and employee raiding. He has successfully litigated such matters to final judgments for clients in a variety of industries, including building products, manufacturing, restaurants and hospitality, healthcare, and financial management.
  • Statistical Workforce Analysis – Mr. Nelson has extensive experience assisting clients with the statistical analyses that are frequently at the heart of complex employment issues, including class discrimination claims, affirmative action policy and testing, and anticipating potential adverse impact patterns that may result from critical employment decisions.
  • As a founding member of the firm's Information Technology and Data Privacy Practice Group, Mr. Nelson also regularly assists clients in anticipating and responding to privacy issues in a broad range of contexts. He has counseled and represented major companies in the retail, energy, data processing and storage, and hospitality businesses in connection with potential breaches of electronic systems and the loss of sensitive employment, consumer, and third-party data. He also regularly advises clients in connection with the use of sensitive and private information in the employment context, including monitoring and use of employee communications via company-provided electronic systems, use of background investigations and other investigative tools in hiring decisions and investigations of job misconduct, compliance with international privacy and data protection standards, the design of data breach response programs, and implementation of comprehensive records management plans that integrate the retention, secure storage, and destruction of sensitive employment and other data.

Mr. Nelson regularly writes and speaks on employment, benefits, litigation, and data security topics. He has served as an adjunct instructor in Human Resource Law and co-authored a software package for human resource professionals. He is an active member of the American Bar Association's Section of Labor and Employment Law and the American Employment Law Council. Mr. Nelson is a member of the State Bar of Texas and is admitted to practice before the Supreme Court of the United States, the First, Fifth, and Ninth Circuit Courts of Appeals and numerous federal district courts.

Mr. Nelson received his law degree from Duke University School of Law in 1991, graduating with high honors, and his B.B.A. in economics and business administration from the University of Wisconsin - Eau Claire, graduating summa cum laude from the University Honors Program.

Alexander H. Southwell

Gibson, Dunn & Crutcher


Alexander H. Southwell is a partner in Gibson, Dunn & Crutcher’s New York office. His practice focuses in two main areas: first, white-collar criminal and regulatory enforcement defense, internal investigations, compliance monitoring, and complex civil litigation; and, second, information technology and data privacy-related investigations, counseling, and litigation. Mr. Southwell is a Co-Chair of Gibson Dunn’s Information Technology and Data Privacy Practice Group and is also a member of the White Collar Defense and Investigations, Crisis Management, Securities Enforcement, and Litigation Practice Groups. Prior to joining Gibson Dunn, Mr. Southwell served as an Assistant United States Attorney in the United States Attorney’s Office for the Southern District of New York.


Mr. Southwell is an experienced trial and appellate attorney and regularly represents corporate executives and individuals in connection with white-collar criminal investigations and prosecutions by federal and state prosecutors as well as related civil investigations by a wide range of regulators. Mr. Southwell also regularly represents companies and boards in these types of matters and has significant experience in conducting internal corporate investigations and compliance monitoring. Substantively, his areas of expertise include securities and accounting fraud, economic sanctions violations, money laundering and Bank Secrecy Act violations, tax fraud, the False Claims Act and contracting fraud, health care fraud and compliance, the Computer Fraud and Abuse Act, the Foreign Corrupt Practices Act, the Economic Espionage Act, and public corruption, among others. Additionally, Mr. Southwell counsels a variety of clients on privacy, information technology, data breach, theft of trade secrets and intellectual property, computer fraud, national security, and network and data security issues, including handling investigations, enforcement defense, and litigation.


Mr. Southwell is honored in the 2014 editions of Benchmark Litigation as a future star and The Best Lawyers in America as a leading lawyer in the area of Criminal Defense: White-Collar.


Mr. Southwell is also an Adjunct Professor of Law at Fordham University School of Law where he teaches a seminar on cyber-crimes, covering computer misuse crimes, intellectual property offenses, the Fourth Amendment in cyber-space, computer evidence at trial, data breach and privacy issues, and information security, among other areas.


Mr. Southwell earned his undergraduate degree, magna cum laude, from Princeton University and his Juris Doctor, magna cum laude, from New York University School of Law. Following law school, Mr. Southwell was a Law Clerk for the Honorable Naomi Reice Buchwald of the United States District Court for the Southern District of New York.


Mr. Southwell also serves on the Firmwide Diversity Committee and is active with the Federal Bar Council and the Association of the Bar of the City of New York, previously serving on the Association’s Professional Responsibility Committee, the Committee on Information Technology Law and the Government Ethics Committee.


Recent significant engagements include:

  • Facebook and Mark Zuckerberg: Represents Facebook and Mark Zuckerberg in a high-profile breach of contract action brought by Paul Ceglia in Federal Court in Buffalo, New York alleging an ownership interest in Facebook. Obtained expedited discovery against Plaintiff, developing evidence of spoliation of evidence and fraud concerning Plaintiff’s lawsuit, including Plaintiff’s doctoring the contract sued upon and manipulation of digital evidence. Successfully moved for dismissal of the case, which the Court dismissed as a fraud on the Court. Relatedly, represents Facebook and Zuckerberg as victims in the pending criminal prosecution of Plaintiff who was indicted on two felony counts for bringing the lawsuit.
  • Office of the Governor of the State of New Jersey: Represents the Office of the Governor of the State of New Jersey in a high-profile internal investigation related to the allegations concerning the George Washington Bridge toll lane realignment in September 2013 and the allegations raised by Hoboken Mayor Dawn Zimmer concerning Superstorm Sandy aid allocations. Over the course of two months, conducted and supervised interviews of over 70 witnesses and review of more than 250,000 documents. In addition to responding to subpoenas from the U.S. Attorney’s Office for the District of New Jersey and the New Jersey Special Committee of Investigation, supervised the preparation of a comprehensive and exhaustive 340-page report of our findings and recommendations. 
  • AlixPartners: Represented AlixPartners as one of the lead trial lawyers in a high-profile theft of trade secrets and breach of contract case against two departing executives in Delaware Chancery Court related to their wrongful taking of AlixPartners trade secrets and other highly sensitive and confidential documents. 
  • JPMorgan Chase: Represented JPMorgan Chase in a False Claims Act and FIREAA qui tam case brought by the Southern District of New York United States Attorney’s Office related to mortgage-related government insurance program, including conducting a significant internal investigation related to these issues. Successfully resolved investigation through a settlement of over $600 million.
  • Facebook: Represents Facebook in relation to unprecedented set of 381 search warrants from the Manhattan District Attorney’s Office in negotiating compliance with search warrants and appealing the constitutionality of the warrants in the New York State Supreme Court, Appellate Division. 
  • Port Authority of New York and New Jersey: Represented the Port Authority of New York and New Jersey in litigation in the Southern District of New York brought by two local Automobile Associations challenging recent Port Authority toll increases on statutory and constitutional grounds.
  • Business executive: Represented a business executive facing criminal securities fraud charges brought by the United States Attorney’s Office for the Eastern District of New York related to executive’s alleged role in a microcap pump-and-dump scheme.
  • Leading global financial institution: Represents a leading global financial institution in investigation by New York Department of Financial Services related to economic sanctions requirements and state banking laws.
  • Major retailer: Represented a major retailer in a high-profile defense of a grand jury investigation and OSHA investigation related to workplace fatality, including an extensive internal investigation.
  • Executive search firm: Represented an executive search firm in response to sophisticated cyber-attack including Advanced Persistent Threat intrusion and extensive exfiltration of sensitive databases. Counseled client on investigation of intrusion, including supervising digital forensics investigation and data security improvements, handled referral of incident to law enforcement and coordinated breach notification compliance, as well as public relations and SEC disclosure strategy.
  • Public authority: Represents a public authority in an internal investigation related to allegations of bid-rigging and investigation by Antitrust Division of the Department of Justice and New York State Office of the Inspector General.
  • Prominent non-profit institution: Represented a prominent non-profit institution in a significant investigation by the New York Attorney General’s Office Charities Division concerning the institution’s use funds raised.
  • International bank: Represented international bank in Department of Justice investigation of foreign corrupt practices related to Middle Eastern activities by bank client.
  • Public reinsurance company: Represented a public reinsurance company in an internal investigation related to allegations of collusion and price-fixing.
  • Private equity principal and fund: Represented a private equity principal and fund in the public corruption “pay to play” investigation being conducted by the New York Attorney General's Office and the Securities and Exchange Commission.
  • Engineering design firm: Represents one of the world’s largest engineering design firms in response to network intrusion, involving significant employee data breach. Counseled client on investigation of incident, including supervising digital forensics investigation and data security improvements, coordinated breach notification compliance, public relations strategy, and law enforcement interaction.
  • Chevron Corporation: Represented Chevron Corporation defending against environmental claims emanating from Ecuador, in which the plaintiffs allege billions of dollars in damages, including in civil RICO proceedings in the Southern District of New York and related matters.
  • Educational non-profit institution: Represented a major educational non-profit institution in a significant investigation by the New York Attorney General’s Office concerning the institution’s governance.
  • Board Audit Committee: Represented Board Audit Committee of health insurance provider in internal investigation related to allegations of poor internal and audit controls.
  • Healthcare system: Represented one of the nation’s largest secular healthcare systems in response to data breach involving lost laptop with extensive database of research participants. Counseled client on investigation of incident, including supervising digital forensics investigation and data security improvements, coordinated breach notification compliance under HIPAA and state law, public relations strategy, and law enforcement interaction.
  • Moneygram: Represented Moneygram in proceedings seeking to recover losses from funds forfeited in related criminal bank fraud prosecution. Successfully obtained substantial recovery through forfeiture litigation.
  • Independent Monitor: Assisted Gibson Dunn partner who served as Independent Monitor for a medical device company pursuant to a Deferred Prosecution Agreement with the United States Attorney's Office in New Jersey, including revising health care compliance policies and training and ensuring compliance with the Anti-Kickback Statute and other relevant health care laws, regulations, and corporate policies.
  • Bank: Represented a bank in a securities fraud investigation by the New York Attorney General’s Office, the Securities and Exchange Commission and Department of Justice, and achieved a declination of prosecution.
  • Dermatologist: Represented a dermatologist who is the target of a criminal health care fraud investigation being conducted by the Federal Bureau of Investigation and the Southern District of New York United States Attorney's Office.
  • Former executive: Represented a former executive at an accounting firm in connection with a tax shelter-related investigation by the Southern District of New York United States Attorney's Office.
  • Home health aide provider: Represented a home health aide provider who was under criminal Indictment on health care-related larceny charges brought by the New York Attorney General's Office.
  • Facebook: Represented Facebook in an investigation into its privacy and safety policies and procedures by the New York Attorney General’s Office, which resulted in a groundbreaking settlement that has been hailed as a model of compliance.
  • Prior to joining Gibson Dunn, Mr. Southwell served as an Assistant United States Attorney in the United States Attorney’s Office for the Southern District of New York from 2001 through 2007. As a member of that office's Securities and Commodities Fraud Task Force for three years, Mr. Southwell investigated and prosecuted a wide range of cases under the federal securities laws, including accounting fraud, insider trading, fraudulent offering of securities, market manipulation, and hedge fund improprieties. Mr. Southwell also focused on investigating and prosecuting computer hacking and intrusion cases and intellectual property offenses, as well as other high-technology offenses. Additionally, Mr. Southwell prosecuted a range of cases including wire and mail frauds, insurance fraud, public corruption, Foreign Corrupt Practice Act violations, bank secrecy act violations, identity theft, firearms crimes, tax offenses, child exploitation, and immigration crimes. As a federal prosecutor, Mr. Southwell tried a dozen felony cases and handled over a dozen appeals before the Second Circuit Court of Appeals. 


Randi M.


Timothy S.

Great series... would be good to include a tax considerations module in this series... huge planning opportunities.

Frank C.

The US is fast becoming an outlier for data protection, privacy, and cybersecurity. This presents huge challenges for American companies with an eye to expand internationally. Their "American" privacy programs do not fit the global perspective.

Steven F.

Good basis for further study or self-study on this very important subject.

Otis C.

This has become more and more relevant as time has passed- in our current political climate, it is downright scary!

Suzanne d.

very interesting and informative

Judy K.

This program is a must see for all attorneys, solo or large firm.

Lee C.

very helpful

Dan C.

last segment was practical and useful.

Abrar Q.


Rita S.

Timely information and approaches. Thank you!

Janet S.

Excellent overview.

James H.


David E.

Solid presentation-very relevant for me.

Load More


$ 59 Business, Corporate, & Securities Law In Stock


Get Unlimited Access to Lawline Courses

Unlimited CLE Subscription gives you access to take almost any course from our catalog and earn as much CLE credit as you need.