Every organization collects, stores, uses and discloses personal data. As companies across the board rely more heavily on data to provide, maintain and improve their services, stricter requirements for protecting personal data are expanding at an exponential rate around the world, and it is critical that stakeholders act carefully to effectively comply with these evolving, and often conflicting, laws, regulations and standards worldwide.
Hopkins & Carley’s Data Privacy & Security group provides the full spectrum of counseling in data rights, security and privacy to clients across various industries, including, gaming, retail, software, hardware and emerging technologies. Our CIPP-certified privacy attorneys are well-versed in privacy and data security-related regulation in the United States on both state and federal levels, as well as in the European Union (GDPR).
With a specific focus on California privacy laws, GDPR, and the Children’s Online Privacy and Protection Act (COPPA), in addition to global privacy and security standards and trends, our attorneys work collaboratively across multiple functions (product, marketing, engineering, and communications) and with various stakeholders within organizations to advise and provide cost-effective solutions on a broad spectrum of privacy and security matters and issues, including:
- Global privacy compliance strategies and implementation, including data mapping, audits and assessment of applicable rules, regulations and requirements
- Risk assessments and strategies for data collection and processing activities
- Internal and outward-facing privacy and security policies – tailored to each client’s specific business activity, industry and location
- Documentation requirements under GDPR
- Privacy Shield certification and EU data protection compliance (GDPR)
- Children’s Online Privacy and Protection Act (COPPA)
- Business Associate Agreements under the Health Insurance Portability and Accountability Act (HIPAA)
- CAN-SPAM Act
- California and state privacy laws
- Security incidents and breach notification requirements
- Privacy analysis in context of mergers and acquisitions and financings
- Technology transactions involving data and the review and negotiation of specific data protection agreements or language (data processing agreements)
- 3rd party vendor (controller/processor) relationships and risk assessments
- Employee and stakeholder training for GDPR and the California Consumer Privacy Act (CCPA)
- Litigation defense with respect to data privacy and security
A deep understanding of data flows within an organization is key to ensuring proper compliance with the privacy legislation worldwide, beginning with CCPA and GDPR. In order to assist clients with launching or updating their privacy strategy and programs, we are able to provide them with a Data Questionnaire at no cost. This will enable your organization to specifically map out its collection, use and disclosure of personal information, and serves as a basis for our attorneys to work with your organization’s team to identify applicable laws, regulatory requirements and risks. Please contact either Chiara Portner or Céline Guillou to receive your Data Questionnaire.
To keep up on the latest privacy news, please subscribe to our Data Privacy client alerts by clicking here.
Efficiency and Cost Effectiveness
Our experienced team is able to cut to the core issues and quickly bring a level of efficiency and value per dollar of legal fees that we believe is among the best in the Northern California legal market. Our clients tell us that we deliver sophisticated, practical legal counsel at a fair price. We would welcome the opportunity to discuss, at your convenience, our capabilities and how we can best assist you.
- GDPR compliance program for a large online gaming company and graph database software provider, including external and internal policies
- GDPR compliance program for a large software security company, including internal and external policies
- Negotiated agreement and data ownership and usage terms on behalf of mobile application provider with public company home warranty company
- Prepare data processing and protection agreement forms for processors, collectors and controllers
- Prepare modular data protection addendums for mobile application client that acts as both controller and processor