Privacy & Data Security

Surveys of executives and general counsel demonstrate that privacy and data security issues are at the top of their list of risk threats and day-to-day concerns. With rapid advances in technology, aggressive oversight by regulators, increased consumer litigation, and widespread media attention, this should come as no surprise. Despite these risks, companies rely more and more on advanced data analytics to leverage the power of information and help grow their business. It is therefore critical to have a comprehensive program in place to manage the collection, use, security, and disposal of individuals’ personally identifiable information. We understand that a one-size-fits-all approach to managing and protecting data typically does not work. Instead, company-specific policies and procedures should be adopted after taking business objectives and corporate culture into account.

Our Privacy team includes Certified Information Privacy Professionals (CIPP/US) who provide clients with practical, implementable, and cost-effective solutions that help their business effectively compete while reducing the risk of using valuable consumer data. We monitor policy developments and enforcement activity on a daily basis, helping our clients take into account the most current interpretations of the law and enabling them to sidestep potential landmines.

We work closely with businesses of all sizes, across a range of industries, helping them achieve and maintain compliance with many privacy laws and industry best practices, including the following:

  • Fair Credit Reporting Act (FCRA)
  • Fair Debt Collection Practices Act (FDCPA)
  • Fair and Accurate Credit Transactions Act of 2003 (FACTA) and Red Flags Rule
  • Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act or GLBA)
    • GLBA Privacy Rule
    • GLBA Safeguards Rule
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Electronic Communications Privacy Act (ECPA/SCA)
  • Children’s Online Privacy & Protection Act (COPPA)
  • California Online Privacy Protection Act (CalOPPA)
  • Telemarketing Sales Rule (TSR)
  • Telephone Consumer Protection Act (TCPA)
  • Combating the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM)
  • Junk Fax Prevention Act of 2003 (JFPA)
  • Federal and state data protection and breach laws
  • Federal and state unfair, deceptive, or abusive acts or practices (UDAAP)
  • PCI Compliance
  • General Data Protection Regulation (GDPR)

We offer a full range of privacy and data security services, including the following:

  • Defense of Class Action and Individual Lawsuits. We have defended numerous companies against class action and individual lawsuits involving the FDCPA, FCRA, TCPA and other privacy laws, achieving optimal outcomes for our clients. In many instances, we have been able to get the plaintiff to voluntarily dismiss the case or settle on an individual, rather than class-wide, basis.
  • Compliance Programs. We regularly help clients identify and mitigate privacy risks through the implementation of practical, cost-effective compliance programs. Among other things, this includes drafting policies and procedures, training employees and establishing robust quality assurance protocols.
  • Compliance Audits. Unlike many law firms – even those with a privacy practice – we regularly conduct on-site compliance audits of our clients’ operations. Such audits are typically the best way to verify that a compliance program is working as designed and assess the organization’s risk exposure. Often times, these audits bring to light new business practices that have not been fully vetted from a compliance perspective. By discovering these issues proactively, we’ve successfully helped our clients remediate noncompliant practices before they catch the attention of regulators or plaintiffs’ attorneys.
  • Third Party Due Diligence and Contract Review. In addition to auditing internal compliance programs, we also help clients mitigate external risks by establishing robust due diligence programs for their vendors, dealers, marketing partners and/or merger and acquisition targets. Such programs might include pre-contract due diligence measures, contractual requirements/prohibitions, ongoing due diligence protocols, and remediation measures.
  • State and Federal Investigations. We can help you navigate investigations brought by the FTC, FCC, BCFP or state attorneys general. We have been successful in resolving investigations without negative findings against our clients or with consent agreements containing little or no monetary penalty.
  • Regulatory Advocacy. We advocate for clients’ privacy-related interests before the FTC and FCC. This includes filing petitions or comments on behalf of our clients and meeting with regulatory staff and leadership regarding such issues.
  • Data Breach Response. In the hours and days after a data breach has been discovered, businesses need clear and fast counsel regarding their breach response obligations. We can advise on breach response requirements and work with the business’ public relations team and senior leadership to navigate the complex issues that arise in the aftermath of a data breach.