Privacy and data security issues are among the most challenging and rapidly-evolving areas of risk for companies across a wide variety of sectors and industries. Privacy laws govern the collection, use, and handling of personal data. Data security laws require the implementation of security measures adequate to protect the authenticity, confidentiality, and integrity of personal data. The applicability and requirements of these privacy and data security regulations can vary significantly from law to law and country to country, and the penalties for noncompliance are often substantial. Ward and Smith's Privacy and Data Security team routinely counsels and assists clients across a broad spectrum of industries, including finance and banking, healthcare, technology, construction, and retail, with navigating the complex requirements of privacy and data security regulations and managing the risks and breach notification requirements related to data security incidents.
Our services include:
Privacy and Data Security Compliance: Our team regularly works with clients to proactively evaluate privacy and data security regulatory compliance and mitigate noncompliance risks, including compliance assessments; internal data management policies and procedures; negotiating third-party vendor data processing contracts; and employee education. These compliance evaluations assist companies with ensuring that their data collection and processing practices, data transfer procedures, privacy policies, and marketing activities are compliant with the relevant domestic, international, and state data privacy and security regulations and laws.
Data Security Breach Response: We routinely assist clients with managing and facilitating security breach investigations; evaluating breach notification requirements; preparing state and federal breach notifications; completing state and federal reporting obligations; pursuing criminal actions through state and federal law enforcement officials due to hacks, phishing, ransomware attacks, and other unauthorized data access or theft; complying with destruction laws; and implementing post-breach remediation measures.
Financial Services Industry: We represent clients in the financial and insurance services industry on a variety of compliance matters, including those implicating the Gramm-Leach Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA) and corresponding Red Flags Rule, and other state laws regulating the use and disclosure of consumer financial information.
Cross Border Data Transfers: We advise clients on regulations and best practices for the transfer and receipt of data from countries outside of the United States, including counsel related to the EU Data Protection Directives and upcoming General Data Protection Regulation.
Mobile and Online Privacy: Mobile and online activities implicate and require compliance with a plethora of state and federal laws, including privacy and security laws such as the Children's Online Privacy Protection Rule (COPPA) governing the collection of data from minors; state laws regarding Privacy Notices; and consumer behavior and location tracking limitation and guidelines.
Direct Marketing Initiatives: Technology has changed the way businesses interact and communicate with consumers. Companies must ensure that each consumer communication, whether it is by text message, email, telephone, or fax, complies with the applicable privacy regulations, including the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), the Telemarking Sales Rule (TSR), and all applicable state laws.
Workplace Privacy: We often assist employers with ensuring compliance with workplace privacy rules, including counsel on social media policies; employment handbooks; permissible use of consumer reports and background checks; employee misconduct investigations; employee monitoring programs; and bring-your-own-device (BYOD) policies.
Supply Chain Risk Management: Our team assists clients in mitigating risk in their technology supply chains with services in vendor management, due diligence, drafting supplier vetting processes and procedures, structuring transactions to lessen risk, advising on sectoral, state, national, and international legal risks to supply chains, adopting and implementing best practices, and compliance.
Healthcare Services Industry: Our clients in the healthcare services industry regularly rely on us to assist with data privacy and security compliance matters, including the Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health Act (HITECH privacy), security and breach response and remediation, and the use of technology to facilitate the transfer of medical information such as patient portals, authentication, encryption, and telemedicine.
Educational Agencies and Institutions: We advise educational agencies and institutions, including community colleges, charter schools, and state school systems, on the compliance requirements of The Family Educational Rights and Privacy Act (FERPA) and The Protection of Pupil Rights Amendment PPRA).