Advise on legal risks associated with penetration testing, gap assessment, and information governance audits and assessments, both internal and third-party. 

Oversee all elements of response to a data incident, including coordination with forensic investigators, law enforcement, communications, and insurance provider.

Advise on CCPA readiness and draft appropriate policies.

DPAs and other data processing arrangements for retailers, service providers, B2B information technology companies, staffing companies, and other sectors.

Evaluation of privacy and security commitments in diligence and sale of privately-held enterprises. 

Assess GDPR readiness and provide ongoing counsel.

Advise global appliance manufacturer on IoT/smart device launch.

Advise on data collection, processing, and transmission regarding domestic and international operations, including use and sharing of employee data, consumer data, and business partner data gathered via “smart” devices, in connection with marketing efforts, and through service provider relationships.  Advise on creation and use of aggregated, anonymized, and deidentified data. 

Respond to breaches of client credit card information in multiple states; research state requirements and interface as required with state law enforcement officials or others.

Creation and review of privacy policies and procedures for media, healthcare, retail, service, and other clients in conjunction with findings from security audits and pursuant to emerging regulations such as the CCPA. 

Advise and counsel on protection of PHI and other personal patient information in connection with sale of practice, disposition of records, distribution of consumer and commercial healthcare apps and devices, and in daily operations under the CCPA. Oversee response to healthcare technology data breaches.  

Consult on creation and implementation of corporate document retention policies and procedures, including electronic storage and records management.

We immediately collected information in response to client’s identification of release of employee data by contractor. We researched relevant state laws and advised the client regarding an appropriate external and internal response. The response was successful, and no disputes or suits resulted from this incident.

Advise covered entities on business associate agreements to manage risk.

Advice on data disposal following sale/wind-down of healthcare practices

Privacy, Cyber, and General Counsel to the Board of a National Industry-Specific Information Sharing and Analysis Center.

Represent various retail clients regarding PCI compliance, credit card fraud and loss, and fraudulent e-commerce orders.

Coordinate response to loss of protectable or sensitive data in electronic form, including personal credit information, vendor account credentials and customer payment authorizations.

Advised companies regarding compliance with the Fair Debt Collection Practices Act (FDCPA), Telephone Consumer Protection Act (TCPA), Georgia Fair Business Practices Act (FBPA) and Florida Consumer Collection Practices Act (FCCPA).