Loading Events

Bart Huffman: Compliance Issues and Risk Assessment in Connection with Third-Party Handling of Personal Information

Thursday, March 24, 2011
12:30 pm


Sherrerd Hall, 3rd floor open space
Princeton, NJ 08544 United States + Google Map

Food and discussion begins at 12:30 pm. Everyone invited.

As information technology continues to race along, including the natural evolution to storage and processing in the “cloud”, companies rely more heavily on information-handling service providers, in the United States and abroad. Until recently, the handling of personal information by third-party service providers was specifically addressed in the United States only by industry-specific laws such as the Gramm-Leach-Bliley Act (applicable to financial institutions) and the Health Insurance Portability and Accountability Act (primarily applicable to healthcare providers and group health plans). Today, laws such as the Massachusetts data security regulations and Nevada’s amended Security of Personal Information Law – and, increasingly, Federal Trade Commission enforcement of the FTC Act’s prohibition against “unfair or deceptive acts or practices” – require virtually any company that collects consumer or marketing data to maintain a comprehensive information security program. Such legal developments, and reputational pressure, have increased the importance of protective measures and ongoing risk assessment when entrusting personal information to service providers. This presentation will review the evolving, broadly-applicable U.S. legal standards for the handling of personal information by third parties, and examine pertinent factors in the development of responsible risk assessment and reasonable oversight programs.


Bart Huffman, head of Cox Smith’s Privacy and Data Security practice, has experience in a wide range of privacy and data security matters. With a proven track record in intellectual property, e commerce, and federal litigation matters, he offers a unique, broad perspective for critical information technology compliance and intellectual property issues. His clients, which include Fortune 500 companies as well as regional players, rely on his advice in connection with strategy and policy issues and initiatives, commercial technology services and other transactional matters, compliance advice, and privacy and intellectual property litigation. Bart is admitted to practice law in Texas, California and New York, and before various federal courts. He is also a USPTO Registered Patent Attorney and an IAPP Certified Information Privacy Professional. Before obtaining his J.D. with honors from the University of Texas School of Law, Bart obtained a B.S.E. from Princeton University, cum laude, Tau Beta Pi, in Civil Engineering and Operations Research with a Certificate in Engineering and Management Systems.