Our Suite of Services

Designed to effectively protect your data and information

Privacy Notices

We help you navigate complex and often conflicting jurisdictional rules to draft transparent, concise, and accurate privacy notices and website privacy policies, to inform customers, vendors, and business partners of your data use policies.

Data Protection Policies & Risk Assessments

We assess the privacy risks of new technologies, vendor agreements, and other business opportunities, with an eye towards formulating policies to protect customer and business data, while still pursing the client’s business goals. We also advise clients on applicable statutory and regulatory obligations for collection and retention of personal data.

HIPAA Privacy Policies

Advice for covered entities and their business associates.

Workplace Privacy

As employees increasingly work from their own devices and offsite, we help you craft Bring Your Own Device (BYOD) and mobile management policies, to prevent data leakage in your business. In addition, we advise employers on laws and regulations concerning employee data and employee monitoring.

Breach Response & Notification

No digital system is 100% secure. We work with your IT teams and management to draft incident response plans, and in the event of a breach, advise on data breach response and notification requirements.

GDPR and DPO Services

The GDPR is a new EU-wide regulation governing the processing of EU personal data, the transfer of European data abroad, and EU-specific data breach notification requirements. We provide data protection & security consulting advice to US-based businesses on the potential risks and application of the GDPR to their data processing activities.

Metaverse law provides advice to companies in all industries that collect, store, process, or monitor customer or employee data. The following industries often receive increased scrutiny for their data protection policies, due to their processing of customer data or sensitive data.

The Industries We Serve Include

Direct Marketing, Ad Tech, and Behavioral Advertising

As technology becomes even more intelligent, digital and online marketing companies are increasingly able to target advertising based on consumer tastes and preferences. Providers of direct marketing, ad-tech, and online behavioral advertising need to be cognizant of their opt-in or opt-out notifications, consent obligations, telemarketing and SMS marketing requirements, and other regulatory requirements.

Healthcare Providers and their Business Associates

Businesses in the healthcare industry need to be cognizant of HIPAA and GDPR regulations governing the use of patient health and medical information. Personalized healthcare is a growing field, causing a proliferation of health care apps, wearable devices, and other emerging technologies with their own privacy and security concerns.

E-Commerce and Fintech

The financial sector is growing more nimble, and companies of all sizes are looking towards new payment and financing solutions for their products and services. While new e-commerce and fintech companies attract a more tech-savvy consumer base, they still need to be cognizant of PCI data security standards.