Our privacy team advises companies of all sizes on issues arising from the collection, use, maintenance, and security of data. The Carney Badley privacy team advises clients on all U.S. federal, state, European, and other international privacy laws, including:
- U.S. state privacy and data breach notification laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Colorado Privacy Act (ColoPA), and the Virginia Consumer Data Protection Act (VCDPA)
- European privacy laws, including the EU’s General Data Protection Regulation (GDPR), the UK GDPR, and the Revised European e-Privacy Directive
- Education and child privacy laws, including Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA)
- Healthcare privacy laws, including Health Insurance Portability and Accountability Act (HIPAA)
- Financial privacy laws, including Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA)
- Telecommunications and marketing privacy laws, including Telephone Consumer Privacy Act (TCPA), the Electronic Communication Privacy Act (ECPA), and the CAN-SPAM Rule
- Federal Trade Commission enforcement and compliance issues and self-regulatory frameworks
Because our clients are from a wide array of industries, the Carney Badley privacy team believes in a “privacy by design” approach and is committed to addressing the unique issues presented by your company and industry. Our team advises clients on privacy needs and implantation nationwide – providing insight into effective privacy programs online, offline, on mobile devices, and throughout their business.
We also assist clients with the preparation, review, and best practices of the relevant contracts in this subject area, including but not limited to:
- Privacy Policies
- Data Processing Agreements
- Information Management Programs and Security Policies and Incident Response Plans
- Confidentiality Agreements
Representative Projects Include:
- Drafting, reviewing, and negotiating vendor- and customer-facing data processing agreements
- Counseling clients on international data transfer laws and how they apply to clients, whether as a Controller, a Processor, or otherwise
- Ensuring commercial contracts contain necessary and appropriate privacy protections reflective of a rapidly changing legal landscape
- Customizing privacy policies for websites, mobile applications, and SaaS services
- Helping clients launch social components to e-commerce sites
- Advising on product privacy on mobile applications
- Guiding on roll-outs of new web-based payment processing services
- Designing compliance programs to launch international services in more than 60 jurisdictions
Published Blog Posts:
- GDPR Update – Step 3: Time to Update your Standard Contractual Clauses!
- Catching up on Privacy News!
- Washington’s State House Again Amends Proposed Privacy Act to Include a Limited Private Right of Action.
- What is Personally Identifiable Information or PPI?
- The CCPA – Does it Apply to Your Business?
- CCPA – Who are California Consumers?