Peter J. Guffin

As chair of Pierce Atwood’s Privacy & Data Security practice, Peter Guffin combines extensive experience in intellectual property, information technology, privacy, and data protection law, with a practical appreciation of the business and legal imperatives that can determine a client's success.

Areas of focus include:

  • Information Privacy and Cybersecurity
  • Breach Preparedness, Response, Investigation, and Communication
  • Risk Management, Governance, and Compliance

Peter represents businesses and organizations across a wide range of industry sectors, including health care, information technology, education, energy, banking, financial services, insurance, and retail.

Before joining Pierce Atwood in February 2000, Peter served as Intellectual Property and Technology Counsel in the Legal Division of Unum Group (NYSE: UNM), a Fortune 500 company and the world's leading disability insurer. Early in his career, Peter practiced law with the Wall Street firm Chadbourne & Parke LLP in New York.

Honors & Distinctions
  • Recipient of Maine Judicial Branch 2018 "Outstanding Volunteer of the Year" Award
  • Listed since 2014 in The Best Lawyers in America® for Copyright Law and Intellectual Property Litigation
  • Selected as arbitrator for EU-US Privacy Shield Program by the US Department of Commerce and EU Commission
  • Certified Information Privacy Professional (CIPP/US, CIPP/E), International Association of Privacy Professionals
  • Distinguished Fellow, Ponemon Institute, in recognition of service, commitment, and leadership to the advancement of responsible information management practices in business and government
Professional Activities
  • Professor of Practice at the University of Maine School of Law (teaching courses in information privacy, artificial intelligence, and cybersecurity)
  • Director, Information Privacy Law Program, University of Maine School of Law
  • Member, Judicial Branch Task Force on Transparency and Privacy in Court Records (2017-2018)
  • Co-founder and Co-chair, Northern New England KnowledgeNet, International Association of Privacy Professionals (2014-2018)

Frequent invited speaker (partial list):

  • "Artificial Intelligence Technologies and Data Protection," AI webinar at University of Maine (May 2020)
  • "Information Security Program Basics," CLE presentation at Practising Law Institute's Fundamentals of Privacy Law program (annually 2018-present)
  • “The EU General Data Protection Regulation: What Researchers Need to Know,” presentation at Research Integrity Symposium (May 2018)
  • “The NAIC Insurance Data Security Model Law: What Insurers Need to Know,” presentation at education session of Members Participation Council meeting of the National Organization of Life and Health Guaranty Associations (April 2018)
  • “Beyond Ethics – Privacy, Cybersecurity and Data Breach Notification Laws Affecting Lawyers,” CLE presentation sponsored by the Maine State Bar Association and the Maine Board of Overseers of the Bar (November 2017)
  • “The Security, Privacy and Legal Challenges of Offering and/or Procuring Cloud Services,” presentation and panel discussion at joint meeting of the Northern New England KnowledgeNet chapter and (ISC)2 Maine Chapter (October 2016)
  • “Weathering the Perfect Storm of Internal and External Threats,” panel discussion at the Cybersecurity and Fraud Forum hosted by Marcum LLP in Boston (October 2016)
  • Boston Bar Association 2014 IP Year in Review: CLE presentation on privacy and data security (January 2015)

Practice Areas

Representative Experience
  • On behalf of major insurers, banks, retailers, public utilities, and health care providers, prepared and negotiated hundreds of technology procurement and outsourcing contracts involving mission critical systems and business processes, including major IT outsourcing deals involving offshore software development and other services
  • On behalf of leading software publishers, prepared and negotiated hundreds of software licenses, software development, application hosting, software as a service, joint development, strategic marketing and distributor (reseller/OEM) agreements 
Representative Experience
  • On behalf of publicly-traded (NYSE) financial services company, provided advice regarding IP and regulatory compliance issues, including privacy and data security, in connection with acquisition of a company that provides electronic payment processing solutions in the health care space, specifically, insurance premium and employee benefit payments
  • On behalf of a major U.S. utility, led legal team responsible for preparing and negotiating key technology license and services agreements for full scale deployment of a smart meter solution serving its entire customer base, one of the first such deployments in the United States
Representative Experience
  • Advise clients on compliance with state, federal, and international laws and regulations relating to privacy and data protection, including the GLB Act, FTC Act, HIPAA, HITECH Act,  NAIC model acts and regulations, the EU General Data Protection Regulation, and the EU-US Privacy Shield framework
  • Regularly counsel clients with respect to data security incidents, ranging from internal investigations, incident response, breach notification obligations, communications with regulators, risk mitigation, and litigation strategies
  • Leading EU General Data Protection Regulation compliance projects for U.S. based organizations, including assisting organizations with data protection compliance assessments, developing and implementing workable strategies to legitimize data processing and cross border data flows, and drafting and negotiating data processing agreements