Practices |

Privacy & Data Security

Protect Data, Limit Risk,
Build Trust

Understanding the rapidly changing landscape of privacy and data security laws is critical for every business. We handle legal issues related to data privacy, security, and integrity for clients in a wide range of industries and technology verticals, including software, e-commerce, education, telecommunications, clinical trials and research, life sciences, publishing, new media, and interactive gaming.

Our experience includes:

  • Advising clients on compliance with state, federal, and international privacy and data security laws, such as CAN-SPAM, COPPA, FCRA, FERPA, GLBA, HIPAA, TCPA, the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Utah Consumer Privacy Act (UCPA), the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA), the Massachusetts data protection regulations (201 CMR 17), the New York SHIELD Act, and the General Data Protection Regulation (GDPR), and international data transfer mechanisms (including the “standard contractual clauses” issued by the European Commission and the international data transfer agreement and addendum issued by the UK Information Commissioner’s Office).
  • Developing privacy policies, security policies, and information management best practices.
  • Counseling clients with respect to incident and breach response.
  • Handling privacy risk allocation and due diligence in the context of M&A and investment transactions.
  • Drafting and negotiating commercial agreements involving privacy and data security, including data processing and data sharing agreements.
  • Representation in the context of Federal Trade Commission investigation of privacy practices and in the negotiation of FTC Consent Orders.
  • Providing guidance as to compliance with privacy laws relating to children and education, including the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), as well as to state privacy and data security laws relating to minors and the use of K-12 student data (particularly for companies in the digital games, mobile applications, and online education areas).
  • Advising clients on privacy and data security issues in the context of licensing and other transactions, including drafting and negotiation of strategic alliances, support and maintenance, professional services, software as a service (SaaS), hosting, and development agreements, and other contracts involving intercompany relationships.
  • Counseling employers on workplace privacy issues such as the monitoring of email and computer systems, employee use of electronic devices, employee drug testing, background checks, and workplace searches.
  • Advising sponsors, fiduciaries and record keepers of ERISA-covered plans with retirement or health & welfare benefits on best practices for protecting plan asset data and participants’ personally identifiable information, including drafting, in accordance with Department of Labor guidelines, cybersecurity policies/programs to mitigate the effects of cybersecurity issues.