We help you navigate complex and often conflicting jurisdictional rules to draft transparent, concise, and accurate privacy notices and website privacy policies, to inform customers, vendors, and business partners of your data use policies.
We assess the privacy risks of new technologies, vendor agreements, and other business opportunities, with an eye towards formulating policies to protect customer and business data, while still pursing the client’s business goals. We also advise clients on applicable statutory and regulatory obligations for collection and retention of personal data.
Advice for covered entities and their business associates
As employees increasingly work from their own devices and offsite, we help you craft Bring Your Own Device (BYOD) and mobile management policies, to prevent data leakage in your business. In addition, we advise employers on laws and regulations concerning employee data and employee monitoring
No digital system is 100% secure. We work with your IT teams and management to draft incident response plans, and in the event of a breach, advise on data breach response and notification requirements.
The GDPR is a new EU-wide regulation governing the processing of EU personal data, the transfer of European data abroad, and EU-specific data breach notification requirements. We provide data security consulting advice to US-based businesses on the potential risks and application of the GDPR to their data processing activities.
As technology becomes even more intelligent, digital and online marketing companies are increasingly able to target advertising based on consumer tastes and preferences. Providers of direct marketing, ad-tech, and online behavioral advertising need to be cognizant of their opt-in or opt-out notifications, consent obligations, telemarketing and SMS marketing requirements, and other regulatory requirements.
Businesses in the healthcare industry need to be cognizant of HIPAA and GDPR regulations governing the use of patient health and medical information. Personalized healthcare is a growing field, causing a proliferation of health care apps, wearable devices, and other emerging technologies with their own privacy and security concerns.
The financial sector is growing more nimble, and companies of all sizes are looking towards new payment and financing solutions for their products and services. While new e-commerce and fintech companies attract a more tech-savvy consumer base, they still need to be cognizant of PCI data security standards.