The resulting patchwork of federal and state laws, regulations and guidance, as well as expanding industry-specific requirements and guidelines, creates a compliance headache that plagues even the most sophisticated companies.
Our Privacy and Information Security attorneys work on the leading edge of media, technology and business, helping clients understand and proactively address the consumer privacy, information security and compliance issues they face as they implement new technology and develop innovative tactics to leverage consumer data.
Our goal is to enable you to achieve your business goals and objectives, gaining and keeping your competitive edge, while minimizing the risk of collecting, keeping and using customer data.
Members of our team have a unique regulatory perspective developed from years of serving with the FTC’s Bureau of Consumer Protection, including as bureau director, assistant director and attorney advisor. Our attorneys helped direct the implementation and enforcement of the Children’s Online Privacy Protection Act (COPPA) and the Gramm-Leach Bliley Act (GLBA), and targeted Internet privacy, identity theft and electronic commerce consumer protection issues during their time with the Bureau.
We counsel clients in all types of highly scrutinized industries, including consumer products and retail, hotel and leisure, and financial services, as well as telecommunications, broadband, technology and mobile services, with comprehensive privacy and information security regulatory issues.
We have particular strength at the intersection of privacy and advertising and marketing law, and we often perform comprehensive compliance reviews of marketing and consumer contact policies and practices, ranging from telemarketing compliance assessments, to privacy and data security-by-design gap analyses, helping you identify potential “red flags” that, when addressed, can mitigate your exposure of becoming a future regulatory or litigation target. We advise on the use of consumers’ personal information, geo-location and device data in marketing and advertising, including obtaining effective consent for e-mail marketing, text messaging and online behavioral marketing, and on compliance obligations under the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Federal Communications Commission’s CPNI regulations, the Telephone Consumer Protection Act (TCPA), the Federal Trade Commission’s Telemarketing Sales Rule and the CAN-SPAM Act, as well as state laws and regulations.
We help clients draft, review, revise and interpret their privacy policies and procedures, and develop appropriate, comprehensive enterprise-wide privacy and data security programs and conduct training for employees on privacy, data security, advertising and business practices. We perform privacy or data security audits of existing business practices to assess client compliance with current policies, and help clients develop and update reasonable oversight and monitoring programs of third-party vendors handling consumer data, including vendor privacy due diligence templates, drafting and negotiating strategic contractual provisions, and formulating appropriate compliance checks and responses to issues that arise during the relationship.