Peter J. Guffin
Peter Guffin is chair of Pierce Atwood’s Privacy & Data Security practice. A long-time partner and now of counsel at the firm, Peter focuses his practice in the areas of information privacy and cybersecurity law, drawing on his extensive experience in the areas of intellectual property, the internet, and information technology.
Peter regularly advises clients with respect to regulatory compliance issues, risk management, governance, and data security incidents, including internal forensic investigations, data breach notification obligations, regulatory investigations and enforcement, risk mitigation, and litigation strategies.
Peter represents businesses and organizations across a wide range of industry sectors, including health care, information technology, education, energy, banking, financial services, insurance, and retail.
Before joining Pierce Atwood in February 2000, Peter served as Intellectual Property and Technology Counsel in the Legal Division of Unum Group (NYSE: UNM), a Fortune 500 company and the world's leading disability insurer. Early in his career, Peter practiced law with the Wall Street firm Chadbourne & Parke LLP in New York.
- Recipient of Maine Judicial Branch "Outstanding Volunteer of the Year" Award (2018)
- Listed in The Best Lawyers in America® for Copyright Law and Intellectual Property Litigation (2014-present)
- Selected as arbitrator for EU-US Privacy Shield Program by the US Department of Commerce and EU Commission
- Certified Information Privacy Professional (CIPP/US, CIPP/E), International Association of Privacy Professionals
- Distinguished Fellow, Ponemon Institute, in recognition of service, commitment, and leadership to the advancement of responsible information management practices in business and government
- Professor of Practice at the University of Maine School of Law (teaching courses in information privacy, artificial intelligence, and cybersecurity)
Represented amicus curiae Conference of Chief Justices in support of defendants in First Amendment challenge to electronic court records access rules in Courthouse News Service et al. v. Glessner et al., No. 21-1624 (1st Cir.) and Courthouse News Service et al. v. Gabel et al., No. 21-3098 (2d Cir.).
- Member, Judicial Branch Task Force on Transparency and Privacy in Court Records (2017-2018)
- Co-founder and Co-chair, Northern New England KnowledgeNet, International Association of Privacy Professionals (2014-2018)
Frequent invited speaker (partial list):
“Emerging Jurisprudence in First Amendment Challenge to Electronic Court Records Access Rules,” presentation at annual meeting of Conference of Chief Justices and Conference of State Court Administrators in Chicago (July 2022)
- "Artificial Intelligence Technologies and Data Protection," AI webinar at University of Maine (May 2020)
- "Information Security Program Basics," CLE presentation at Practising Law Institute's Fundamentals of Privacy Law program (annually 2018-present)
- “The EU General Data Protection Regulation: What Researchers Need to Know,” presentation at Research Integrity Symposium (May 2018)
- “The NAIC Insurance Data Security Model Law: What Insurers Need to Know,” presentation at education session of Members Participation Council meeting of the National Organization of Life and Health Guaranty Associations (April 2018)
- “Beyond Ethics – Privacy, Cybersecurity and Data Breach Notification Laws Affecting Lawyers,” CLE presentation sponsored by the Maine State Bar Association and the Maine Board of Overseers of the Bar (November 2017)
- “The Security, Privacy and Legal Challenges of Offering and/or Procuring Cloud Services,” presentation and panel discussion at joint meeting of the Northern New England KnowledgeNet chapter and (ISC)2 Maine Chapter (October 2016)
- “Weathering the Perfect Storm of Internal and External Threats,” panel discussion at the Cybersecurity and Fraud Forum hosted by Marcum LLP in Boston (October 2016)
- Boston Bar Association 2014 IP Year in Review: CLE presentation on privacy and data security (January 2015)
- Co-author, As Massachusetts Punts on Privacy Law, Companies Can't be Complacent - Law360 (2022)
- Co-author, Massachusetts Data Privacy Bill Would Increase Litigation Risks, Law 360 , November 2021
- Co-author, Maine: Internet Privacy Law Advances Consumer Privacy Protection and Fills a Federal-level Regulatory Void, OneTrust DataGuidance, July 2020
- Author, Digital Court Records Access, Social Justice, and Judicial Balancing: What Judge Coffin Can Teach Us, Maine Law Review, May 2020
- Co-author, Maine Guidance Note on Health and Pharmaceutical Sectors, OneTrust DataGuidance, May 2021
- Co-author, Maine's New Internet Privacy Law in Brief, Maine Lawyers Review, July 11, 2019
- Author, Why Study Privacy Law?, Maine Bar Journal, Volume 33, Winter/Spring 2018
- Co-author, chapter titled "The Electronic Communications Privacy Act" in Data Security and Privacy in Massachusetts, book published by MCLE Press (Now in its 3rd edition)
- On behalf of major insurers, banks, retailers, public utilities, and health care providers, prepared and negotiated hundreds of technology procurement and outsourcing contracts involving mission critical systems and business processes, including major IT outsourcing deals involving offshore software development and other services
- On behalf of leading software publishers, prepared and negotiated hundreds of software licenses, software development, application hosting, software as a service, joint development, strategic marketing and distributor (reseller/OEM) agreements
- On behalf of publicly-traded (NYSE) financial services company, provided advice regarding IP and regulatory compliance issues, including privacy and data security, in connection with acquisition of a company that provides electronic payment processing solutions in the health care space, specifically, insurance premium and employee benefit payments
- On behalf of a major U.S. utility, led legal team responsible for preparing and negotiating key technology license and services agreements for full scale deployment of a smart meter solution serving its entire customer base, one of the first such deployments in the United States
Latest Updates in Intellectual Property & Technology
- Advise clients on compliance with state, federal, and international laws and regulations relating to privacy and data protection, including the GLB Act, FTC Act, HIPAA, HITECH Act, NAIC model acts and regulations, the EU General Data Protection Regulation, and the EU-US Privacy Shield framework
- Regularly counsel clients with respect to data security incidents, ranging from internal investigations, incident response, breach notification obligations, communications with regulators, risk mitigation, and litigation strategies
- Leading EU General Data Protection Regulation compliance projects for U.S. based organizations, including assisting organizations with data protection compliance assessments, developing and implementing workable strategies to legitimize data processing and cross border data flows, and drafting and negotiating data processing agreements