One of the biggest challenges facing businesses today is understanding and complying with privacy and data protection laws. This work is ever-changing and nuanced. The rate at which businesses collect and store digital information is increasing rapidly. Privacy and data security laws are complex and vary from state to state and from country to country, and different laws may apply to different segments of data at the same time.

The landscape of privacy laws is entirely different now than it was even just one year ago. California currently has one of the most evolved privacy regimes in the world. With new pending privacy laws sprouting up around the country, changes must be navigated with care. U.S. businesses must also be cognizant of international laws. Businesses must understand which laws apply to them as well as how to comply.

We help businesses minimize risks that can lead to a loss of valuable data, and we also help them to comply with the growing body of privacy and data security laws and regulations in the United States and abroad.  We provide counsel through all privacy and data security concerns—from pre-incident counseling and regulatory counsel, to managing incident responses and assisting security teams with internal investigations. We provide counsel through litigation and regulatory proceedings.

SA&M guides clients through these complex and ever-changing laws. We evaluate our clients’ data collection, protection, use, and sharing practices to assess liability risks, and we provide solutions to minimize risk.  

Our attorneys also counsel clients on privacy and security-related issues in online advertising campaigns, contests, sweepstakes, marketing programs, location-based services, and privacy by design practices for developing new products and services. We develop tailored privacy and data security policies to bring clients into compliance with legal and regulatory requirements and industry best practices.

Our services include:

• Guidance on complying with various state and federal privacy laws, including the California Consumer Privacy Act and Children’s Online Privacy Protection Act (COPPA)
• Guidance on complying with various international privacy laws, including the European Union’s General Data Protection Regulation (GDPR) 
• Privacy audits and assistance with data mapping
• Advice and counsel concerning identification and treatment of sensitive information
• Customized website documents and app agreements, including Terms of Use, Privacy Policies, Cookies Policies, and End User License Agreements
• Development of security policies such as incident response plans
• Data retention and data deletion policies and procedures
• Development and implementation of employee data security training 
• Development and implementation of processes and procedures for reporting privacy incidents and complaints
• Post breach/incident response, including internal investigations, compliance with notification, and the management of process to mitigate investigative risks