Peter J. Guffin

Peter Guffin is chair of Pierce Atwood’s Privacy & Data Security practice. A long-time partner and now of counsel at the firm, Peter focuses his practice in the areas of information privacy and cybersecurity law, drawing on his extensive experience in the areas of intellectual property, the internet, and information technology.

Peter regularly advises clients with respect to regulatory compliance issues, risk management, governance, and data security incidents, including internal forensic investigations, data breach notification obligations, regulatory investigations and enforcement, risk mitigation, and litigation strategies. 

Peter represents businesses and organizations across a wide range of industry sectors, including health care, information technology, education, energy, banking, financial services, insurance, and retail.

Before joining Pierce Atwood in February 2000, Peter served as Intellectual Property and Technology Counsel in the Legal Division of Unum Group (NYSE: UNM), a Fortune 500 company and the world's leading disability insurer. Early in his career, Peter practiced law with the Wall Street firm Chadbourne & Parke LLP in New York.

Honors & Distinctions
  • Recipient of Maine Judicial Branch "Outstanding Volunteer of the Year" Award (2018)
  • Recognized by The Best Lawyers in America® for Copyright Law and Litigation - Intellectual Property (2014-present)
  • Selected as arbitrator for EU-US Privacy Shield Program by the US Department of Commerce and EU Commission
  • Certified Information Privacy Professional (CIPP/US, CIPP/E), International Association of Privacy Professionals
  • Distinguished Fellow, Ponemon Institute, in recognition of service, commitment, and leadership to the advancement of responsible information management practices in business and government
Professional Activities

Frequent invited speaker (partial list):

  • “Emerging Jurisprudence in First Amendment Challenge to Electronic Court Records Access Rules,” presentation at annual meeting of Conference of Chief Justices and Conference of State Court Administrators in Chicago (July 2022)

  • "Artificial Intelligence Technologies and Data Protection," AI webinar at University of Maine (May 2020)
  • "Information Security Program Basics," CLE presentation at Practising Law Institute's Fundamentals of Privacy Law program (annually 2018-present)
  • “The EU General Data Protection Regulation: What Researchers Need to Know,” presentation at Research Integrity Symposium (May 2018)
  • “The NAIC Insurance Data Security Model Law: What Insurers Need to Know,” presentation at education session of Members Participation Council meeting of the National Organization of Life and Health Guaranty Associations (April 2018)
  • “Beyond Ethics – Privacy, Cybersecurity and Data Breach Notification Laws Affecting Lawyers,” CLE presentation sponsored by the Maine State Bar Association and the Maine Board of Overseers of the Bar (November 2017)
  • “The Security, Privacy and Legal Challenges of Offering and/or Procuring Cloud Services,” presentation and panel discussion at joint meeting of the Northern New England KnowledgeNet chapter and (ISC)2 Maine Chapter (October 2016)
  • “Weathering the Perfect Storm of Internal and External Threats,” panel discussion at the Cybersecurity and Fraud Forum hosted by Marcum LLP in Boston (October 2016)
  • Boston Bar Association 2014 IP Year in Review: CLE presentation on privacy and data security (January 2015)

Practice Areas

Representative Experience
  • On behalf of major insurers, banks, retailers, public utilities, and health care providers, prepared and negotiated hundreds of technology procurement and outsourcing contracts involving mission critical systems and business processes, including major IT outsourcing deals involving offshore software development and other services
  • On behalf of leading software publishers, prepared and negotiated hundreds of software licenses, software development, application hosting, software as a service, joint development, strategic marketing and distributor (reseller/OEM) agreements 
Representative Experience
  • On behalf of publicly-traded (NYSE) financial services company, provided advice regarding IP and regulatory compliance issues, including privacy and data security, in connection with acquisition of a company that provides electronic payment processing solutions in the health care space, specifically, insurance premium and employee benefit payments
  • On behalf of a major U.S. utility, led legal team responsible for preparing and negotiating key technology license and services agreements for full scale deployment of a smart meter solution serving its entire customer base, one of the first such deployments in the United States
Representative Experience
  • Advise clients on compliance with state, federal, and international laws and regulations relating to privacy and data protection, including the GLB Act, FTC Act, HIPAA, HITECH Act,  NAIC model acts and regulations, the EU General Data Protection Regulation, and the EU-US Privacy Shield framework
  • Regularly counsel clients with respect to data security incidents, ranging from internal investigations, incident response, breach notification obligations, communications with regulators, risk mitigation, and litigation strategies
  • Leading EU General Data Protection Regulation compliance projects for U.S. based organizations, including assisting organizations with data protection compliance assessments, developing and implementing workable strategies to legitimize data processing and cross border data flows, and drafting and negotiating data processing agreements