Data, of course, is the oxygen of modern business. The technology of data has advanced with breathtaking speed, while the law has often struggled to keep pace. Accordingly, anyone operating a business of any size is faced with a bewildering skein of intricate regulations, laws, statutes and industry best practices. Our role is to help our clients understand which of these regulatory regimes apply to them and to advise on compliance, accountability and risk control. In doing this, we often work side-by-side with our colleagues in the firm’s technology, new media, and intellectual property practices.
Our approach is with a practical, business-oriented perspective. We provide clients with workable, real-world recommendations for dealing with the legal implications of data-related issues. We are not theoreticians. We are problem-solvers and anticipators, and our advice is grounded in the practicalities of a client’s business objectives and priorities.
- We counsel clients on, among other topics, the European Union’s GDPR law, as well as the California Consumer Privacy Act (CCPA).
- We also advise on more narrowly targeted sectoral statutes, such as the Children’s Online Privacy and Protection Act, the Gramm–Leach–Bliley Act and Federal Trade Commission decisions. Depending on a client’s situation and industry, more than one of these may be applicable.
- Our clients also receive guidance in best practices and government standards that may fall short of being legal requirements, but significantly affect potential liability.
- We are frequently called upon to review internal practices and data security requirements, in order to manage risk relating to vendors and customers.
- We draft both external and internal policies to ensure statutory compliance.
- We regularly conduct internal and forensic investigations in the event of a security breach. Working closely with technology partners, we can follow data almost anywhere it goes, and reconstruct what happened and why.
- We provide training to employees in privacy and data security procedures.
- We counsel clients on the purchase of cyber-insurance policies.
- Our clients operate across all forms of digital technologies such as cloud Software as a Service (“SaaS”), streaming entertainment, restaurants and hospitality, and e-commerce, particularly in clothing and apparel. We also counsel many professional services clients, including accounting firms, consultancies, and other law firms.
Ultimately, we examine the entire ecosystem in which data is distributed and used in light of both legal requirements and the strategic needs of our clients. Our aim is to produce practical and actionable results. We strive to balance risk with opportunity, and above all, when so much of commerce now occurs at the intersection of business and technology, making sure that our counsel serves our clients well in both realms.
Our team has three attorneys, Timothy J. Toohey, Ann Lee, and Peter K. Jackson, who have attained the International Association of Privacy Professionals designation as a Certified Information Privacy Professional in United States law (CIPP/US).