Our compliance services aim at providing companies with the ability to understand the requirements of the numerous US and foreign data privacy laws that impact their businesses. These complex and ever changing laws, regulations, guidelines, and standards create requirements, restrictions, obligations, and prohibitions that affect most companies’ corporate or commercial transactions, marketing and business development activities, and interaction with their workforce.
The first laws that addressed the protection of personal data were adopted in the United States in the late 1960’s. Since that time, the Federal government and the States have passed hundreds of laws and regulations that pertain to the collection, processing, sharing or use of personal data. For example:
- Electronic Communications Privacy Act (ECPA);
- Fair Credit Reporting Act (FCRA);
- Fair and Accurate Credit Transaction Act (FACTA);
- Health Insurance Portability and Accountability Act (HIPAA) and the related privacy rules;
- Children Online Privacy Protection Act (COPPA);
- Gramm Leach Bliley Act and the related privacy rules;
- CAN SPAM Act;
- Telephone Customer Protection Act;
- Telephone Sales Rule;
- Federal and State Unfair and Deceptive Practices Acts;
- State Online Privacy Protection Act;
- State medical information laws;
- State driver’s license laws;
- And much more.
Abroad, the wave of adoption of data privacy laws has followed a similar pattern. The need to enact laws that protect the privacy of personal data was also discussed in the late 1960’s and the first comprehensive data privacy laws took effect in 1970. Today, numerous foreign countries have national laws that address the privacy of personal data. Consequently, companies that do business abroad, or interact with individuals who reside abroad, may have to comply with the data protection laws of the countries where they do business and ensure that their data handling practices comply with the data protection laws that regulate their foreign clients, business associates, or service providers.
We have worked on data privacy matters since the early 1990s, and have therefore a unique in-depth, experience and expertise with these issues. We have assisted hundreds of businesses of all sizes, in all markets, with respect to data privacy issues. We have also interacted with legislators and regulators on proposed legislation. We keep abreast of the most recent legal developments with respect to data protection matters, in the US and abroad.
The depth and breadth of our knowledge of the US and foreign data privacy bills, laws, regulations, government enforcement actions, jurisprudence, standards and industry guidelines provide the framework within which we advise businesses, shape internal policies, procedures and processes, and draft contracts that follow the applicable mandates, or train the company’s workforce and leadership on data protection issues and related recent developments.
In connection with our privacy compliance services, we may:
- Conduct assessments of current privacy practices and identify the compliance needs;
- Provide guidance to companies about their data privacy compliance obligations and how to address these obligations;
- Develop, revise, improve or supplement privacy policies and procedures;
- Draft, revise or supplement contracts with service providers;
- Review and revise promotional material and marketing guidelines;
- Create or revise employee manuals;
- Assist in registering and maintaining registrations with applicable US agencies, or with foreign data protection supervisory authorities;
- Provide training to employees and contractors on data privacy matters.