Privacy & Data Security

Complying with privacy and data security has become extremely difficult and it’s not going to get easier.  The rate at which businesses collect and store digital information is increasing rapidly.  Privacy and data security laws are complex and often vary from state to state and from country to country, and different laws may apply at the same time.

There are a number of federal privacy laws, which include: The Federal Trade Commission Act, The Health Information Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Children’s Online Privacy Protection Act (COPPA).  In addition, at least 30 states have laws regulating the use and security of personal information, such as the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA), and many are inconsistent with each other.  U.S. businesses must also be cognizant of international laws, such as the European Union’s General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the multi-country Organization for Economic Cooperation and Development (OECD) guidelines.  Businesses collecting personal information need to know how all of these laws apply to their data collection practices.

SA&M guides clients through these complex and ever-changing laws.  We help businesses minimize risks that can lead to a loss of valuable data and to comply with the growing body of privacy and data security laws and regulations in the United States and abroad.  We evaluate our clients’ data collection, protection, use, and sharing practices to assess liability risks and we provide solutions to minimize these risks.  Our attornies counsel clients concerning online advertising campaigns, contests, sweepstakes, marketing programs, location-based services, and privacy by design practices for developing new products and services.  We develop tailored privacy and data security policies to bring clients into compliance with legal and regulatory requirements and industry best practices.

Our services include:

  • Advice for complying with state and federal privacy laws
  • Audits and data mapping
  • Advice concerning identification and treatment of sensitive information
  • Customized website documents and app agreements, including Terms of Use, Privacy Policies, Cookies Policies, and End User License Agreements
  • Development of an Incident Response Plan (IPR) with specific response protocols in the event of a data breach
  • Data retention and data deletion policies and procedures
  • Development and implementation of employee training data security
  • Development and implementation of processes and procedures for reporting privacy incidents and complaints
  • Assistance with data breach response, from working with law enforcement and third-parties to breach notification

Practice Area Group Co-Chair

Privacy & Data Security
News & Announcements