Privacy & Data Protection
Our Privacy & Data Protection team draws on deep technical and industry knowledge and decades of incident response experience to offer our clients a suite of transactional and compliance services to help protect their data, reduce risk, and prepare for breach events in a rapidly changing world. We design and help implement data protection compliance plans and negotiate privacytech transactions to facilitate. Our experience spans technology type and industry, from green technology to manufacturing, and we frequently work in fintech, marketing technology, e-commerce and privacy technology, including predictive analytics, artificial intelligence and machine learning.
We review, draft and revise current privacy and security policies and procedures in connection with data collection and data review. We, assess data flows, evaluate compliance vulnerabilities and facilitate compliance with evolving global data protection laws.
Our work includes development of internal policies and procedures that are consistent with relevant workplace privacy laws and whistleblower laws, advising on the most appropriate methods to comply with applicable law regarding collection, storage, transfer and sharing of personal and regulated data.
We actively monitor the growing and overlapping legislation as it evolves. As the only full-service law firm with offices in all 50 states, we are in a unique position to advise clients as the laws and regulations continue to develop. We routinely advise clients in connection with:
- State Comprehensive Data Protection laws such as CCPA, VDCPA and the analogous laws in more than a dozen states
- The General Data Protection Regulation (GDPR) in Europe and the United Kingdom as well as analogous laws around the world
- State biometric privacy laws including Illinois’ BIPA
- Gramm-Leach-Bliley Act
- Health Insurance Portability and Accountability ACT (HIPAA)
- Computer Fraud and Abuse Act (CFAA)
- Fair Credit Reporting Act (FCRA)
- Fair Debt Collection Practices Act (FDCPA)
- Stored Communications Act (SCA)
- Payment Card Industry Data Security Standard (PCI DSS)
- New York State Department of Financial Services Cybersecurity Regulation
We represent clients in privacytech transactions with a focus on the allocation of risk and liability of potential data-related issues and cyber incidents with third parties and vendors. GRSM lawyers have strong knowledge of “what’s market” having negotiated with every major privacytech vendor for all manner of services from CISO as a Service to DFIR.
When claims occur, we work closely with the litigators in our Cyber, Privacy & Data Security team to ensure that our clients have the latest technical knowledge for their defense.