We act as outside general counsel on data privacy and security matters.

We help companies comply with complex and rapidly changing privacy laws in the United States and Europe. We also help companies deal with data breach and security incidents.

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Other state privacy laws (Virginia, Colorado, Connecticut & Utah)
  • GDPR/EU data protection issues
  • Data privacy/information security risk assessment
  • Personal information protection policies & procedures
  • Privacy notices for consumers and employees
  • Privacy and data security Issues with vendor contracts
  • Data retention policies
  • Legal audit/monitoring of information management program
  • Due diligence for M&A transactions
  • Data breach & incident response preparedness
  • Breach notification procedures, investigation and response
  • Investigations by FTC, other government agencies, and state attorneys general
  • Workplace privacy, social media, and “Bring Your Own Device” challenges
  • Financial privacy (Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act (FACTA)