Our privacy and security attorneys help clients navigate the complexities of state, federal, and international privacy and security laws and regulations. We assist clients by:

  • Advising on corporate transactions that require an assessment of privacy and security compliance
  • Counseling with respect to data breach reporting and notification under state and federal law, including drafting and coordinating individual and agency notifications with OCR and across states and foreign countries, and developing and implementing remediation efforts and corrective action plans
  • Responding to government investigations and negotiating resolution agreements with OCR
  • Analyzing privacy and security issues arising in the research context, including requirements for the use and sharing of data with research sponsors and among academic collaborators
  • Providing workforce training regarding the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule as well as other federal and state laws, with a focus on the practical implications of those rules for the client's workforce
  • Helping clients comply with non-U.S. data protection laws such as the EU General Data Protection Regulation (GDPR)
  • Drafting data use and sharing agreements, customized policies and procedures, training materials, and business associate agreements