EBG has lawyers who are well versed in all areas of data privacy compliance. Our services include:
- Designing and implementing effective data privacy risk assessments that identify and reduce data privacy risks in the organization’s data practices.
- Providing advice on the effective use of data maps and data processing registers to manage privacy risks and impacts.
- Preparing and negotiating licensing, software, and technology agreements regulating the collection and processing of personal data, personal information, and other protected information, including PHI, personally identifiable information, government identifiers, and financial information.
- Preparing and negotiating data protection and data processing agreements and addendums.
- Preparing policies, procedures, and documentation required for compliance under a myriad of state data privacy laws, including requirements of the California Consumer Protection Act / California Privacy Rights Act and Virginia Consumer Data Protection Act, as well as the laws of Connecticut, Utah, and Nevada.
- Advising on patient notices and consents under health information privacy laws, including HIPAA and 42 CFR Part 2, and the intersection of these requirements with state data privacy laws.
- Managing the challenges faced by organizations that operate internationally, including issues surrounding cross-border data transfers and other data privacy issues arising under the General Data Protection Regulation (GDPR).
- Developing personnel policies and practices involving the proper handling of sensitive employee information, including global employers.
- Training staff to comply with the organization’s data privacy obligations.
- Providing advice on workforce electronic monitoring policies and notices.
- Advising on state biometric information and genetic information privacy laws and the collection and use of biometric and genetic data.