Every organization collects, stores, uses, and discloses personal information. As companies across all industries increasingly rely on personal information to provide, maintain, and improve their services, states and countries are adopting stricter requirements for protecting personal data at an exponential rate. It is critical that stakeholders take stock of the personal information that they hold, and act carefully to effectively comply with these evolving, and often conflicting, laws, regulations, and standards worldwide.
With a specific focus on consumer privacy and security laws in the United States and Europe, as well as global standards and trends, our attorneys work collaboratively across multiple functions within client organizations, including product, marketing, engineering, HR, and communications, in order to advise and provide cost-effective solutions on a broad spectrum of compliance matters.
- Global privacy compliance strategies and implementation, including data mapping, audits and assessment of applicable rules, regulations, and/or industry standards
- Risk assessments and strategies for data collection and minimization
- Internal and outward-facing privacy and related policies – tailored to each client’s specific business activity, industry, and data practices
- Internal documentation requirements under applicable privacy laws, including third-party vendor relationships and risk assessments
- Third-party data protection agreements and cross-border data transfers, including with respect to “adtech” and social media
- Requirements applicable to children’s data (e.g., COPPA, CCPA, GDPR)
- Data retention and minimization policies
- “Privacy-by-design” counseling for various stakeholders
- Security incidents and breach notification requirements
- Review and audit of privacy and security in the corporate (M&A, financings) and bankruptcy sale contexts
- Technology transactions involving personal information
- Employee and stakeholder training of security and privacy
- Concise updates on industry standards, enforcement actions and recent cases, and regulator guidance
Our primary geographic areas of focus are the Unites States and Europe, namely California-specific privacy and security requirements, Federal consumer privacy laws and regulations, and EU laws.
Our practice also covers emerging areas related to biometrics, IoT, and Artificial Intelligence. We also work closely with our experienced litigation team to advise on privacy and security-related disputes and litigation, including data breaches, privacy violations, and CCPA-related claims
Efficiency and Cost-Effectiveness
We strive to understand our clients’ businesses and the technology behind it, so as to provide the most practical advice. Our experienced team is able to cut to the core issues and quickly bring a level of efficiency and value per dollar of legal fees that we believe is among the best in the Northern California legal market. Comprised of former “big law” attorneys, we streamline staffing with senior attorneys billing at lower hourly rates than many junior associates at national and global law firms based in Silicon Valley and other major cities. Our clients tell us that we deliver sophisticated, practical legal counsel at a fair price.
Hopkins & Carley’s Data Privacy & Security group provides the full spectrum of counseling in data rights, security and privacy to clients across various industries, including, gaming, retail, software, hardware, and emerging technologies. Our CIPP-certified privacy attorneys are well-versed in privacy and data security-related regulation in the United States on both state and federal levels, as well as in the European Union (GDPR).
A deep understanding of data flows within an organization is key to ensuring proper compliance with privacy legislation worldwide. In order to assist clients with launching or updating their privacy strategy and programs, we provide a Data Questionnaire at no cost. This enables an organization to specifically map out the collection, use, and disclosure of personal information and serves as a basis for our attorneys to identify applicable laws, regulatory requirements, and risks. Please contact either Chiara Portner or Céline Guillou to receive a Data Questionnaire.
Our team provides regular practical insights on new privacy laws, recent developments, and guidance, and privacy and security trends in our Privacy Hacker blog, available here. We also provide short videos on relevant topics [see Privacy Hacker tab above].
- Create implemented and updated full privacy compliance programs (U.S. and E.U.) for multiple companies of various sizes. Representative clients: online gaming and social media platforms, B2B software providers, eCommerce and retailers, security software providers, mobile apps
- Draft, review, and negotiate data processing and data sharing agreements across various jurisdictions, including addressing cross-border transfers
- Provide advice in the adtech and monetization spaces – review and negotiate a wide range of agreements to address conflicts with data protection laws
- Assist with CCPA implementation, including updating consumer-facing privacy policies and creating internal policies for the handling of consumer rights
- Provide training to our clients’ staff and employees on data protection and security requirements, including as required by the CCPA
- Collaborate with our clients to review new products, features, and functionalities and identify and address potential privacy and security risks, as well as assist with “privacy-by-design”
- Advise companies on data retention and data minimization
- Identify and advise on high-risk activities, including biometrics, children’s data, profiling
- Perform issue-spotting, audits, and assessments
- Assist with corporate due diligence on matters relating to privacy compliance in multiple M&A transactions and financings
- Regularly update policies, disclosures, and documentation for clients
- Assist litigation team with security breaches and privacy disputes
Risks of Not Complying with CCPA
Common Misunderstandings with CCPA Fundamentals
CCPA and Vendors