Privacy & Data Security

Protect Data. Limit Risk. Build Trust.

Understanding the rapidly changing landscape of privacy and data security laws is critical for every business. We handle legal issues related to data privacy, security, and integrity for clients in a wide range of industries and technology verticals, including software, e-commerce, education, telecommunications, clinical trials and research, life sciences, publishing, new media, and interactive gaming.

Our experience includes:

  • Advising clients on compliance with state, federal, and international privacy and data security laws, such as BIPA, CAN-SPAM, COPPA, FCRA, FERPA, FTC ACT, GLBA, HIPAA, TCPA, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Utah Consumer Privacy Act (UCPA), the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA), the Massachusetts data protection regulations (201 CMR 17), the New York SHIELD Act, and the General Data Protection Regulation (GDPR), and international data transfer mechanisms (including the “standard contractual clauses” issued by the European Commission, and the international data transfer agreement and addendum issued by the UK Information Commissioner’s Office, and the EU-U.S. Data Privacy Framework).
  • Developing privacy policies, security policies, and information management best practices.
  • Counseling clients with respect to incident and breach response.
  • Handling privacy risk allocation and due diligence in the context of M&A and investment transactions.
  • Drafting and negotiating commercial agreements involving privacy and data security, including data processing and data sharing agreements.
  • Representation in the context of Federal Trade Commission investigation of privacy practices and in the negotiation of FTC Consent Orders.
  • Providing guidance as to compliance with privacy laws relating to children and education, including the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), as well as to state privacy and data security laws relating to minors and the use of K-12 student data (particularly for companies in the digital games, mobile applications, and online education areas).
  • Advising clients on privacy and data security issues in the context of licensing and other transactions, including drafting and negotiation of strategic alliances, support and maintenance, professional services, software as a service (SaaS), hosting, and development agreements, and other contracts involving intercompany relationships.
  • Counseling employers on workplace privacy issues such as the monitoring of email and computer systems, employee use of electronic devices, employee drug testing, background checks, and workplace searches.
  • Advising sponsors, fiduciaries, and record keepers of ERISA-covered plans with retirement or health & welfare benefits on best practices for protecting plan asset data and participants’ personally identifiable information, including drafting, in accordance with Department of Labor guidelines, cybersecurity policies/programs to mitigate the effects of cybersecurity issues.

News & Insights

Morse Announces 2024 Attorney Elevations M&A News: Morse Client Garvin Construction Products in Acquisition by Beacon Kevin Olson Earns IAPP Certified Information Privacy Technologist Credentials Client Alert: European Commission Approves EU-U.S. Data Privacy Framework Top Trends in Data Privacy Morse Serves as Counsel to Wagr in Acquisition by Yahoo Sports Data Privacy Compliance Basics: ICYMI Webinar Recap Top 10 Tips for Developing a Privacy Notice Client Alert: GLBA Compliance Data Protection Risks in M&A and Investment Transactions Do You Have an Employee Benefit Plans’ Cybersecurity Policy? Faith Kasparian Named Go To Privacy & Cybersecurity Lawyer by MA Lawyers Weekly Client Alert: Upcoming UK and EU Data Transfer Deadlines Morse Welcomes Associates Kevin Olson and Monica Sax Client Alert: The New Data Transfer SCCs Client Alert: CCPA Compliance Client Alert: Standard Contractual Clauses Client Alert: Virginia Consumer Data Protection Act Morse Announces 2021 Attorney Elevations IP News: 6(b) Orders Issued Client Alert: Cybersecurity Improvement Act of 2020 EU Regulators Crack Down on Taking Cookies from the Cookie Jar Client Alert: Privacy Shield Decision The California Consumer Privacy Act Attorney Earns IAPP Certified Information Privacy Professional Credentials The Process of GDPR Compliance The First Step in Developing a GDPR Compliance Strategy Data Privacy Bell Ringers Elevation Launches the New Year at Morse Client Alert – Happy Halloween! Client Alert – Happy Halloween! VIDEO: Privacy and Data Security Clips WISP – Written Information Security Program Head in the Clouds – A Cloud User’s Contract Checklist High-Level Points Regarding the U.S. Privacy and Data Security Landscape M&A Privacy & Data Security Considerations: No Escape From Release Forms