Risk Assessment & Standard of Care Analysis

Our clients encounter serious threats from a variety of sources that can easily disrupt or cripple normal business operations. Our data privacy practice attorneys are well-versed in assisting with the challenges companies face in securing and managing their sensitive data. 

Suite of Offerings

We routinely draft and negotiate vendor agreements, including those for cloud computing and SaaS, with a particular focus on issues vital to businesses, including data security and confidentiality concerns and the handling of personally identifiable information. We regularly help our clients design, refine and implement the full suite of internal policies necessary to support an information governance (IG) program including IG policies, written information security policies, data maps, BYOD policies, data breach response plans, privacy policies, and website terms and conditions. We also provide guidance on privacy issues related to M&A activity and due diligence. We are highly experienced regarding consumer-facing and internal privacy notices.

Experienced and Credentialed Team

Our data privacy team includes attorneys with vast experience in the data security and privacy arenas who have earned the designation of Certified Information Privacy Professional (CIPP/US and CIPP/EU) by the International Association of Privacy Professionals, indicating a comprehensive understanding of U.S. and European privacy and security laws, regulations and requirements. Our attorneys counsel clients with respect to issues and concerns relating to the Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health Act (HITECH), the Gramm-Leach-Bliley Act, FCC, Federal Risk and Authorization Management Program (FedRAMP), Critical Infrastructure Cybersecurity compliance, NIST 800-171 Controlled Unclassified Information, telecommunications compliance, and FTC regulatory frameworks including CAN-SPAM, COPPA and Red Flags Rule, state frameworks such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) and New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act, and international compliance requirements such as General Data Protection Regulation 679/2016 (GDPR) and the post-Brexit UK-GDPR.

  • Privacy notices (consumer facing and internal)
  • Written information security policy (WISP)
  • “Bring Your Own Device” (BYOD) policy
  • Employee training
  • Acceptable use policy
  • Website/app terms and conditions
  • Cookie/Tracking technology policy
  • IG Policy