Our Privacy and Data Security attorneys help clients by:

  • Mapping the flow of data into and out of organizations to determine trigger points for compliance obligations
  • Advising on privacy and data considerations in acquisitions, investments, and other corporate transactions
  • Writing privacy policies, notices, and disclosures required by ever-changing U.S. and foreign laws
  • Negotiating data and privacy terms in business-to-business deals
  • Preparing Data Protection Agreements and other privacy-related documents for multi-tier distribution structures (for example, arrangements that permit data to flow from a company to its vendor and multiple levels of sub-contractors)

Sector Experience

Regulated industries present unique compliance and contracting considerations:

  • Education and EdTech: we represent educational institutions and the software vendors that service them. From the federal Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA) to state laws concerning student and child privacy, we can help.
  • Financial Services and FinTech: we counsel financial services clients on privacy obligations arising from the Gramm-Leach-Bliley Act and other federal and state laws. We also write the customer-facing disclosures, online Terms of Use, and print documentation those laws require.
  • Health Tech: we advise developers of mobile fitness apps, device manufacturers, and other health tech companies on their unique compliance obligations regarding health data.
  • Consumer Technology: B2C technology providers must comply with laws ranging from Europe’s General Data Protection Regulation (GDPR) to rigorous and fast-changing state privacy laws. Many B2C companies must also navigate the “private law” of privacy in the Google and Apple distribution ecosystems. We write the user-facing privacy disclosures and Terms of Use for consumer tech providers and advise them on compliance.

Representative Matters

Our Privacy & Data Protection attorneys have recently:

  • Advised a fitness application provider on privacy concerns relating to Artificial Intelligence tools
  • Written customer-facing privacy notices and Terms of Use for a bank’s mobile applications
  • Guided an education content publisher through compliance with federal and state student-privacy laws
  • Created cross-border data sharing agreements involving Canada-US and Switzerland-US data transfers