Data Privacy

Challenge

International, federal, and state data privacy laws require clients across all industries to develop and implement an effective data privacy strategy and program for the management of sensitive data they collect and process. Depending on the jurisdictions in which the organization operates, it may be subject to varying data privacy requirements regulating the collection, processing, and use of personal information. This may include government identifiers, financial account or credit/debit card information, personal health information, or, more broadly, any information that may identify a natural person. Organizations entrusted with personal information or that provide personal information to their business partners or vendors for processing or storage need to address supply chain risks and regulatory compliance in their products, services, customer contracts, and data processing addendums. E-commerce organizations are challenged to ensure that their consumer-facing website policies, notices, and terms of use comply with all applicable data privacy laws. Employers must make sure that they manage their workforce’s personal information and data in compliance with data privacy and employment laws.

SOLUTION

Solution

EBG has lawyers who are well versed in all areas of data privacy compliance. Our services include:

  • Designing and implementing effective data privacy risk assessments that identify and reduce data privacy risks in the organization’s data practices.
  • Providing advice on the effective use of data maps and data processing registers to manage privacy risks and impacts.
  • Preparing website privacy policies, notices, and terms of use that comply with consumer privacy laws across jurisdictions, including as they pertain to marketing practices, cookies, and tracking technologies.
  • Preparing and negotiating licensing, software, and technology agreements regulating the collection and processing of personal data, personal information, and other protected information, including PHI, personally identifiable information, government identifiers, and financial information.
  • Preparing and negotiating data protection and data processing agreements and addendums.
  • Preparing policies, procedures, and documentation required for compliance under a myriad of state data privacy laws, including requirements of the California Consumer Protection Act / California Privacy Rights Act and Virginia Consumer Data Protection Act, as well as the laws of Connecticut, Utah, and Nevada.
  • Advising on patient notices and consents under health information privacy laws, including HIPAA and 42 CFR Part 2, and the intersection of these requirements with state data privacy laws.
  • Managing the challenges faced by organizations that operate internationally, including issues surrounding cross-border data transfers and other data privacy issues arising under the General Data Protection Regulation (GDPR).
  • Developing personnel policies and practices involving the proper handling of sensitive employee information, including global employers.
  • Training staff to comply with the organization’s data privacy obligations.
  • Providing advice on workforce electronic monitoring policies and notices.
  • Advising on state biometric information and genetic information privacy laws and the collection and use of biometric and genetic data.

Visit our website for more information.

LEARN MORE

Keep in Touch

SUBSCRIBE

© 2024 Epstein Becker & Green, P.C. All rights reserved. Attorney advertising.

DISCLAIMER | PRIVACY POLICY | TERMS OF USE