Information Privacy & Security

Our team can assist with a variety of data privacy and cybersecurity related issues to mitigate the risk of noncompliance with applicable laws and industry standards that regulate the collection, use, storage, commoditization, disclosure, transfer, protection, and proper disposal of personal data.

Compliance. We assist our clients in complying with laws governing the management and security of business data. We assist clients in:

• Evaluating applicable state, federal, and international privacy and security laws, including laws involving customer data, employee data, children’s information, financial information, and health information.
• Compliance with various industry-specific privacy laws, including but not limited to Reg-SP, Gramm-Leach Bliley, the FTC Safeguards Rule, and HIPPA.
• Auditing internal information security programs and policies.
• Developing programs and policies to internally govern the collection, storage, access, transfer, use, disclosure, and disposal of information in accordance with applicable laws.
• Data mapping to track what data is collected for what purposes.
• Preparing privacy policies, privacy notices, and terms of use for websites, mobile applications, software-as-a-service products, and more.
• Preparing IT policies and procedures.
• Reviewing the data policies and practices of other parties with whom our clients do business and share data to assess compliance with applicable laws.
• Evaluating consumer data rights requests.
• Developing “Red Flags Rule” identity theft prevention programs.
• Working with counsel in other jurisdictions regarding compliance with privacy laws worldwide.

Data Breach Mitigation & Response. We assist our clients in mitigating the risk and of and responding to data breach incidents by:

• Evaluating applicable state, federal, and international data breach laws.
• Managing response action, including advising on required notifications in compliance with applicable laws.
• Developing data management policies, including electronic media and mobile device policies for employee handbooks and compliance manuals.
• Providing training on information privacy and security.
• Referring our clients to data security vendors and information technology forensics vendors.

Data-Driven Marketing & Advertising. We advise on a variety of issues surrounding:

• Promotional text message or SMS communications.
• Targeted or behavioral advertising.
• Email marketing.
• Artificial intelligence tools.
• Promotional or advertising opt-out requirements.

Contractual Obligations and Negotiations. We assist our clients in:

• Preparing and negotiating contracts involving data (including business associate agreements).
• Negotiating confidentiality and non-disclosure agreements that specifically address data security concerns.
• Drafting, evaluating, and negotiating information privacy and security terms in a variety of contracts.
• Advising on information privacy and security issues in corporate transactions.

Litigation. We also represent clients in litigation when necessary. Our experienced litigators assist clients with:

• Consumer protection litigation.
• Electronic discovery matters related to information security and privacy legal requirements.
• Class action data breach litigation.
• Governmental investigation and enforcement actions.