skip to content



Smith Moore Leatherwood's Business Privacy Institute is a collaboration of attorneys from the firm's five main practice areas – litigation, corporate, commercial real estate, labor and employment, and health care – designed to address the needs of the firm's clients in understanding and complying with the wide variety of privacy laws and restrictions affecting businesses today.

The "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" ("CAN-SPAM Act") went into effect on January 1, 2004, and represents the Federal government's first attempt at controlling the form as well as the content of unsolicited commercial email traffic, commonly referred to as "spam."  Smith Moore Leatherwood can help businesses utilize the CAN-SPAM Act in two primary ways.  First, through application of the statute, our attorneys can assist businesses in reducing the amount of spam emails they receive, reducing frustration and inefficiency in the workplace.  Secondly, from email design to content-based techniques, our attorneys can help businesses engaging in email marketing campaigns so that they do not inadvertently violate the CAN-SPAM Act.  Smith Moore Leatherwood understands the dual application of the CAN-SPAM Act, and our attorneys can help tailor an approach to the statute based upon each client's unique goals and structure.

The Fair Credit Reporting Act ("FCRA") was passed in1970 to promote accuracy, fairness, and the privacy of personal information assembled by private entities.  Although FCRA is a complex statutory scheme, its primary goal over the years has stayed the same—to provide privacy protections for credit reports, consumer investigatory reports, and employment background checks.  Attorneys at Smith Moore Leatherwood understand both the complexity and breadth of FCRA, and understand that different businesses require different analyses under the statute.  From reporting various information about a defaulting consumer, to disposing of certain consumer information, to using consumer information to make a hiring decision, Smith Moore Leatherwood can help businesses conduct their activities in conformity with FCRA's mandates.

The Fair Debt Collection Practices Act ("FDCPA") was adopted to prohibit abusive practices by debt collectors.  The FDCPA is relevant to any business that regularly collects debts owed to others. In addition to prohibiting the expected types of abusive debt collecting practices, such as the use of threats of violence or harm against a debtor, the FDCPA also contains more subtle provisions.  Smith Moore Leatherwood attorneys understand the application of these various provisions, and can advise businesses on how to conduct their debt-collecting activities and stay on the right side of the FDCPA.  If a business is in the business of collecting debts, thorough knowledge of the FDCPA is required, and our goal is to provide businesses with that knowledge.

Smith Moore Leatherwood helps colleges and universities successfully address the requirements of the Family Education Rights and Privacy Act ("FERPA"), which governs access to students' personally identifying information.  From designing comprehensive FERPA compliance documents to managing the confidentiality of specific facts about a student, our attorneys have experience with the many sides of these privacy issues.  Smith Moore Leatherwood attorneys understand the unique demands of campus legal issues, having for years represented colleges, universities, athletics conference officials, and foundations, as well as having served as higher education adjunct faculty members, administrators, Board members and Board Chairs.

In recent years Federal Trade Commission has filed several high-profile enforcement actions against large retailers and credit card processors who collect consumer information but fail to take reasonable steps to secure that information.  Businesses are responsible for the privacy claims made on their websites and must be able to substantiate those claims. In its enforcement actions, the FTC, acting under the authority of Section 5 of the Federal Trade Commission Act, may determine that a company has not adequately protected confidential or personal information, described those protections through its policies, or prevented the sharing or abuse of the information.  The FTC's enforcement actions often result in consent agreements requiring the businesses charged to pay millions of dollars in penalties.  The FTC exercises this power under its authority to prevent unfair and deceptive trade practices, and the agency most often targets businesses who makes claims of privacy and security for consumer information and fail to follow through.  Smith Moore Leatherwood lawyers can help businesses navigate their way through privacy policies and disclosures, and take steps necessary to avoid costly FTC enforcement actions and civil penalties.

The Gramm-Leach-Bliley Act (GLB) regulates the sharing of personal information about individuals who obtain financial products or services from financial institutions.  The term "financial institutions" encompasses a broad range of entities that have access to individuals' financial information and is in no way limited to banks and similar operations.  For example, credit agencies, tax agencies, and colleges and universities must comply with the law.  GLB requires financial institutions to establish appropriate administrative, technical and physical safeguards to protect its customers' personal information and requires the institutions to inform individuals about the privacy policies and practices of the financial institution.  The goal is to give consumers information that they need and can use to make choices about financial institutions with whom they do business.  Smith Moore Leatherwood attorneys assist businesses as they develop the procedures and documentation required to comply with GLB, as well as provide practical guidance for institutions that find themselves threatened with an enforcement action or litigation.

The federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its Privacy and Security Rules require "covered entities" to ensure the privacy of the health information they maintain.  HIPAA applies not only to health care providers, but it also covers employers who offer health benefits to their employees through insured or self-funded health plans.  Depending on how much health information a covered entity maintains or has access to, its corresponding obligations under HIPAA may be more or less onerous.  Our attorneys work regularly with all types of covered entities to assist them in complying with the requirements of HIPAA, including representing them in court proceedings and government investigations relating to the use and disclosure of protected health information.

The Identity Theft Protection Act (ITPA) requires virtually all North Carolina businesses to develop written policies and procedures, train employees, and audit their practices regarding the use and disposal of social security numbers and other "personal identifying information."  Noncomplying companies can be subject to civil lawsuits for treble damages, attorney's fees, and/or investigation by the Attorney General, so it is important to understand what is required.  Smith Moore Leatherwood's Labor and Employment Group has extensive experience training businesses on how to meet their obligations to protect customers, employees, and clients' private information under the ITPA and other state and federal laws.  Our attorneys help businesses develop the policies and procedures required by law and offer practical tips on identifying potential problem areas.  Our goal is to help businesses to avoid becoming a target of an ITPA lawsuit, and if necessary, provide practical solutions and aggressive representation for those threatened by litigation and governmental investigations.

Patriot Act
The major objective of the Patriot Act is to deter acts of terrorism in the United States and to enhance law enforcement investigations of terrorist activities.  Under the Foreign Intelligence Surveillance Act, the Patriot Act allows the director of the FBI or a designee of the Director to apply for an order requiring "the production of any tangible things (including books, records, papers, documents and other items) for an investigation to protect against international terrorism or clandestine intelligence activities."  The required production of these tangible things may include health information otherwise protected under HIPAA , as well as other personal information of your patients, customers, clients, or employees.  Smith Moore Leatherwood's attorneys can assist you with your compliance with the provisions of these Acts.  We review government requests for information and your planned response so that the provisions of law will be followed, and can intervene with the federal enforcement authorities on your behalf when necessary.  We can also evaluate your business's policies and procedural safeguards, and work with you to implement systems that, when functioning properly, can help protect you from civil liability when providing information to the government in response to subpoenas, search warrants, and other requests for information.  Finally, should you need us, our attorneys have extensive experience in representing the targets of federal investigations and interact regularly with U.S. Attorneys and members of many federal law enforcement agencies.

Privacy Act
The Privacy Act of 1974 regulates what personal information the agencies of the Executive Branch of the federal government can collect on private individuals and how that information can be used.  Under the Act, individuals can find out what information the government has collected on the individual, attempt to change or delete inaccurate information that has been collected, and sue the government of violating the Act.  There are a number of exemptions from the Act's requirements pertaining to for example information obtained in a criminal or national security investigation.  Smith Moore Leatherwood attorneys can help you understand your rights under the Privacy Act.



Managing Partner
(336) 378-5256
Thought Leadership

Each of our lawyer's e-mail address is provided with his or her biography. If you are not a current client of our firm, you should not e-mail our lawyers with any confidential information or any information about a specific legal matter, given that our firm may presently represent persons or companies who have interests that are adverse to you. If you are not a current client and you e-mail any lawyer in our firm, you do so without any expectation of confidentiality. We will not establish a professional relationship with you via e-mail. Instead, you should contact our firm by telephone so that we can determine whether we are in a position to consult with you about any legal matters before you share any confidential or sensitive information with us.