Our Privacy & Data Security lawyers advise multi-national and emerging companies in a wide range of privacy and data security-related matters involving the collection, use, storage, and monetization of confidential data. Our services include:
Privacy & Data Security Compliance Counsel and Programs
- Assessing data flows and vulnerabilities and establishing a risk profile to develop incident and data breach response plans, including data audits and classification projects, tag and cookie management programs, vendor management, and data security amendments.
- Advising on legal requirements and best practices for safeguarding customer and employee information.
- Drafting and updating public-facing privacy policies for websites, mobile applications, and IoT devices to address evolving business practices, including policies of multinational organizations with hundreds of websites.
- Implementing Privacy by Design.
- Complying with US State and federal privacy and data management laws and standards including the Children’s Online Privacy Protection Act, Gramm-Leach-Bliley, HIPAA, CAN-SPAM, the Telephone Consumer Protection Act, the Fair Credit Reporting Act,the Payment Card Industry Data Security Standard, and California’s Shine the Light law and Online Privacy Protection Act.
- Complying with legal requirements for cross-border data transfers, including implementation of the EU-US Privacy Shield Principles and application for certification under the Privacy Shield framework, preparation and implementation of standard contractual clauses (Controller to Controller and Controller to Processor), and advice on implementing mechanisms for providing notice and obtaining consent for data transfers under the laws of a variety of other non-US jurisdictions in Canada, Latin America and Asia.
- Complying with international privacy regulations, including the EU General Data Protection Regulation (GDPR).
- Counseling users and providers of big data analytics and fraud prevention services on risk mitigation.
- Preparation of written information security programs.
Vendor Management, Cloud Computing and IT transactions
- Advising companies of all sizes on due diligence for, and negotiation and drafting of terms for, vendor agreements involving the sharing of sensitive information.
- Negotiating cloud computing deals and transactions on behalf of both cloud service providers and enterprise purchasers, including Software as a Service (SaaS), and other information technology outsourcing transactions.
Data Breach Response
- Assessing and remediating sensitive data breaches, working with law enforcement officials, notifying affected customers and employees, interacting with government and regulatory agencies and third-party vendors, and managing press relations.
- Identifying the problem in collaboration with trusted forensic experts.
- Disclosing the breach in order to comply with HIPAA, the Gram-Leach-Bliley Act and state regulations.
- Winning privacy and data breach lawsuits and responding to regulatory investigations, such as FTC and state regulatory enforcement actions.
- Responding to customer or employee complaints.
- Post-breach counselling.