Privacy, Data Security and Records Management
Today’s global economy is dependent upon the flows of information and businesses needed to safeguard the security and confidentiality of both personal and business information.
Identity theft and security breaches have heightened global public awareness of the potential abuses associated with unauthorized access to personal information. Such risks apply to all businesses, which must develop and maintain compliance policies for privacy of sensitive personal information, personally identifiable information, or personal health information. Compliance has become a way of life for business to preserve goodwill, maintain trust, avoid liability and litigation and enhance their competitive position.
The “law of the Internet” is actually a maze of different laws governing acquisition, storage, processing, disclosure and use of personal information and commercial trade secrets. Typically, businesses must be concerned with many different Internet-focused laws. To name a few:
- CAN-SPAM Act
- Children’s Online Privacy Protection Act (COPPA)
- Unfair competition laws arising from comparative advertising and abuse of a dominant market position
- Generally applicable commercial laws, including rules governing various frauds (consumer fraud, securities fraud, commercial fraud, etc.) and other torts.
- Domain name dispute procedures under ICANN
- European Union’s directives on data protection and remote selling and local laws implementing such directives in varying ways.
- Vulnerability analysis and responses.
Privacy laws apply in virtually all jurisdictions. All businesses must comply with evolving privacy laws. We advise on U.S. legal issues in privacy law. This includes issues on policies and procedures for “PII” and healthcare personal information under HIPAA, security breach notification laws, FTC rules, EU-rules as adopted under “safe harbor” procedures under U.S. regulatory oversight. In conjunction with foreign law firms, we help avoid converting U.S. data governed by U.S. law into foreign data governed by foreign laws that impose different and onerous privacy rules.
We advise clients on managing privacy and security risks associated with the collection, use and disclosure of consumer and employee personal information. We design and implement policies and compliance programs governing the collection, use, protection, disclosure and management of content and data, including data protection, incident response, breach notification, privacy and records management.