Data Privacy and Security

Developing, implementing, and maintaining privacy policies and data security practices that protect sensitive business and customer information from unauthorized use and disclosure is imperative for organizations of all sizes and across all industries. Whether it’s personally identifiable customer information, patient information, trade secrets, intellectual property, or other confidential information, the data must be managed in compliance with rapidly evolving laws and regulations and consistent with best practices. In today’s complex legal and regulatory landscape, businesses need an experienced, reliable, and responsive legal team.

Verrill’s team of Privacy and Data Security attorneys have extensive experience across various industries, practice areas, and jurisdictions. Our attorneys stay updated with the latest state, federal, and international privacy laws and regulations for collecting personal/sensitive data. We offer counsel on data privacy and cybersecurity concerns, data security breaches, mergers and acquisitions, joint ventures, consumer protection, marketing programs, compliance and regulatory issues, information management, and information sharing. We help clients understand and implement necessary safeguards and comply with applicable notification and other legal requirements.

We have experience with a wide range of state, federal, and international laws and industry best practices, including:

• Healthcare: HIPAA, HITECH
• Education: FERPA
• Finance: GLBA, FACTA, FCRA
• Marketing and Communications: TCPA, TSR, FTC, and CAN-SPAM
• International: EU GDPR, UK GDPR, PIPEDA
• Technology: COPPA, CFAA, Stored Communications Act
• State Data Privacy and Information Security laws

Verrill takes a collaborative and proactive approach to helping its clients comply with regulations. We carefully analyze and pinpoint areas that require immediate attention and improvement and work with our clients to implement effective measures to address and rectify them. If any challenges arise, Verrill is always ready to support clients in conducting a timely, thorough, and effective response.

The following are the services we provide related to data governance and privacy:

• Providing counsel on compliance with evolving data privacy laws and regulations, helping clients navigate complex legal requirements and adapt their practices accordingly.
• Establishing and maintaining privacy and data security programs tailored to the client’s specific needs, ensuring ongoing adherence to best practices and regulatory requirements.
• Conducting comprehensive risk assessments to evaluate data governance practices, including conducting privacy impact assessments to identify potential risks to data privacy.
• Formulating and implementing administrative safeguards, encompassing the creation of robust policies, procedures, and contractual agreements to ensure compliance with privacy regulations and standards.
• Delivering targeted awareness training sessions to educate employees and stakeholders on the importance of data privacy and security measures.
• Advocating for clients in both defensive and prosecutorial capacities regarding privacy and data security claims, ensuring their interests are protected.
• Responding promptly and effectively to regulatory inquiries and criminal investigations related to data privacy, ensuring compliance with legal obligations.
• Overseeing incident readiness and response procedures, including counseling with respect to data breach reporting and notifications under state and federal law, including drafting and coordinating individual and agency notifications.
• Drafting data use and sharing agreements, customized policies and procedures, training materials, and business associate agreements.
• Developing robust business continuity and disaster recovery plans to mitigate the impact of data breaches or other unforeseen events on the client’s operations.
• Negotiating cyber insurance coverage tailored to the client’s specific risk profile and pursuing claims in the event of data breaches or cyber incidents.
• Resolving transactional disputes related to data governance and privacy matters through negotiation or other legal means, protecting the client’s interests.