Privacy

Navigating Complex Privacy Regulations

U.S. Privacy

U.S. privacy law is a complex web of federal, state, and local regulations. Key federal statutes include:

Gramm-Leach-Bliley Act (GLBA)

Health Insurance Portability and Accountability Act (HIPAA)

Fair Credit Reporting Act (FCRA)

Family Educational Rights and Privacy Act (FERPA)

Children’s Online Privacy Protection Act (COPPA)

Federal Trade Commission Act (FTC Act)

While there is no single federal law comprehensively regulating personal data collection and use, various state laws regulate nearly all forms of personal data within their jurisdictions. Notably, HIPAA protects health records and other identifiable health information, known as protected health information (PHI).

Our Expertise Includes:

HIPAA: Advising on compliance and crafting Business Associate Agreements (BAAs)

FCRA: Guiding on credit information collection and consumer credit report access

GLBA: Providing advice for financial institutions and their vendors

Privacy Policies: Developing employee-facing and customer-facing privacy policies

State Compliance: Developing programs for the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and various state data security laws

European Data Protection

The European Union’s GDPR and the data privacy laws of individual European nations are among the strictest globally, imposing high fines for non-compliance.

Our Expertise in European Data Protection:

GDPR Compliance: Insight into data processing principles, GDPR scope, consent, legitimate interests, and special categories

Data Subject Rights: Advising on privacy notices, transparency, and data subject rights

International Data Transfers: Guidance on compliance with international data transfer regulations

Employee Data: Advising on processing employee data, surveillance, and marketing considerations

Security of Processing: Implementing controls, mechanisms, and data breach notifications

Accountability: Supporting data protection by design and default, conducting data protection impact assessments, and defining data protection officer roles and responsibilities

Certifications:

IAPP Certified Information Privacy Professional/Europe (CIPP/E)

IAPP Certified Information Privacy Manager (CIPM)

IAPP Certified Information Privacy Technologist (CIPT)