Use of cookies by
Norton Rose Fulbright
We use cookies to deliver our online services. Details and instructions on how to disable those cookies are set out at By continuing to use this website you agree to our use of our cookies unless you have disabled them.

Data privacy

An increasingly complex web of data protection, privacy and cybersecurity laws, self-regulatory frameworks, best practices and business contracts govern the processing and safeguarding, as well as the use and disclosure, of information in the pharma sector. We provide our clients with the multi-disciplinary legal solutions and practical advice they need to efficiently navigate this web and achieve their business goals.

We have developed one of the leading legal practices targeted to and serving the pharmaceutical and life sciences industry. Combining our general life sciences experience with our global data privacy and cybersecurity practice, our firm has significant experience and is uniquely equipped to handle data protection concerns in the pharma and life sciences sector. Our data protection practice is comprised of four “pillars”, including compliance and risk management, transactions, breach response and preparedness, and investigations and disputes, including government investigations and litigation.

Our recent work

  • Advising various multinational pharmaceutical manufacturers on HIPAA and data protection issues surrounding the use, disclosure and receipt of patient information, including patient authorization, email and collection issues, contractual requirements for various programs and services and the privacy and security terms of agreements between the manufacturer and vendors.
  • Advising a European pharmaceutical company concerning the privacy issues of a US-based interactive web portal dedicated to marketing a specific drug and encouraging online interaction between providers and patients online.
  • Advising biomedical supply company on data protection requirements, cross border data flow issues and registration and authorization formalities with French data protection authorities for the promotion and commercialization of medical products in France.
  • Advising a medical device company concerning security and privacy compliance and “privacy by design” issues associated with Internet of Things strategy for medical devices connected wirelessly to the Internet.
  • Advising various life sciences and healthcare companies on the effects of the CJEU ruling invalidating the Safe Harbor mechanism and the proposed EU/US-Privacy Shield and EU model clause roll-outs – both internally and with their clients and suppliers.
  • Advised a major pharmaceutical company on the development of a vendor management program, including a vendor assessment questionnaire, security assessment questionnaire, a data security and privacy schedule and guidance documents to support the program.
  • Advising a multinational pharmaceutical manufacturer on the development of an incident response plan, including preparation of an incident response questionnaire.