Privacy + Data Security
Smart companies are constantly determining new ways to collect, analyze and act upon ever-increasing volumes of data. That data consists of private and valuable information that takes many forms, such as financial transaction data, personal and medical records, client files, proprietary business information, and even social media passwords. Every day, your company’s data is accessed by employees, clients, vendors, contractors, customers and you, and each touchpoint creates the possibility for a data breach.
Our team of data privacy attorneys, which includes an IAPP-Certified Information Privacy Manager, understands the thoroughness required for proper information security, and stays current on both the business and legal requirements companies must meet and the strategies to meet them domestically and internationally. Their diverse depths of knowledge make them not only well-equipped to analyze the various ways a business may be at risk and then create and implement solutions that lower the likelihood of data breaches, but also to protect your business should a breach occur, or if one already has.
Companies must navigate the nuanced and rapidly changing data security environment. Working from that perspective, our firm consults on legal compliance and best practices to create and enact strong privacy protection policies and manage both liability risk and customer and public relations risk so that our clients are able to continue growing and remaining confident in their information security programs.
- Incident Support, Response, and Investigation: providing strategies for the avoidance of and preparation for data breaches that occur domestically or abroad in order to reduce their likelihood; responding to customer, client and media inquiries; navigating the entire process for incidents that lead, or have led, to litigation
- System Analysis: thorough examining of the processes and structure a company has in place internally and externally to protect its data; offering strategies for the development and improvement of policies, documents and training programs
- Global Data Management: creating, implementing and updating global data privacy policies and security procedures, as well as employee training programs; advising on the gathering, processing and transferring of data domestically and internationally
- Privacy Documents: drafting, updating and revising critical documents, statements, agreements and disclosures, including HIPAA and business associate agreements
- Compliance: communicating with clients regarding the latest legislative, regulatory and legal changes that affect their policies; providing counsel throughout regulatory and forensic investigative procedures, audits and litigation
- Subscription/Service Agreements/SLAs: drafting and negotiating subscription and service agreements for SaaS products to ensure that ownership and rights to use of data are appropriately documented
- Partner ecosystems development: negotiating joint development; designing co-marketing agreements with third-party platforms; managing technology vendors
Global Information Security + Privacy
Companies need to fully understand the obligations, liabilities, risks and perspectives involving information security and privacy everywhere in the world they do business, including any industry sector-specific rules. Our team provides a practical and comprehensive legal and business approach for dealing with information security and privacy law issues in companies’ business operations globally, including North America, Latin America, the EU and the Asia-Pacific region.
We assist businesses of all sizes, both domestically and internationally, with the protection of their most sensitive data, representing leaders in numerous industries and sectors, from midsize businesses to corporations, healthcare and banking, and retail and education. Current and past clients have included the country’s largest independent digital marketing agency; a Boston-based provider of clinical, commercial and consulting services to health care businesses; and a global company focused on wireless mobile buyback, data protection and hardware recycling.