Data privacy laws apply to both e-commerce and brick and mortar businesses, because almost all businesses collect some form of personally identifiable information from clients, prospective clients, and other business contacts, whether in person or online. Additional requirements may apply to those businesses that have an online presence. The Nason Yeager team is experienced in providing practical and legal advice on a wide range of legal issues in the data privacy and cybersecurity arena relating to regulatory compliance, drafting contractual protections, and litigation.
REGULATORY COMPLIANCE AND DATA PRIVACY POLICIES
New laws and regulations are continually being proposed, debated, and passed on the local, state, federal, and international level. Nason Yeager keeps an eye on all recent privacy law developments and advises clients when new issues or rules appear that may apply to them.
Regulatory Compliance
Nason Yeager guides businesses on how to comply with privacy laws such as the European Union’s General Data Protection Regulation 2016/679 (GDPR) and state-specific privacy laws such as the California Consumer Privacy Act (CCPA), as well as certain industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Our attorneys can help clients understand the requirements of each law and any applicable regulations, examine whether they apply to the client, and assist in determining what steps the client should take to comply with such laws and regulations.
Nason Yeager is also able to draft, review, and provide advice on internal company cybersecurity, confidentiality, and other technology use policies and agreements to help reduce the risk of any sensitive data leaks by company personnel and protect the company’s rights to its client information, technology, and intellectual property such as trade secrets.
Online Policies
Nason Yeager helps clients:
- Draft website policies such as privacy policies, terms of use, cookie policies, copyright policies, terms and conditions for online sales, and other online policies applicable to their businesses, in clear, concise language designed so that consumers will understand.
- Review existing policies to ensure they meet current laws and regulations and reflect current business practices.
- Evaluate operational and technology practices to make sure they comply with corporate policy.
No one policy fits the needs of all companies. And with numerous new privacy laws being proposed and adopted, and existing laws constantly being updated, our attorneys conduct periodic reviews of policies and procedures and make recommendations in accordance with best business practices and current regulations to reduce the risk of costly legal liability.
PRIVACY AND REDUCTION OF RISK IN TRANSACTIONS
Technology and Other Transactions
Many types of business agreements deal with sensitive, confidential, and/or proprietary data, such as technology licensing agreements, software-as-a-service agreements, and joint development agreements. When dealing with mergers and acquisitions, agreements in the healthcare industry, or other industries with specific privacy requirements, many transaction documents require robust data privacy and protection provisions. It is important not only to protect your business data and any personally identifiable data you collect from your clients and business contacts, but also to protect your business against liability in the event a third party exposes valuable data. Our highly experienced corporate and data privacy attorneys are well-equipped to review and analyze or draft the critical data privacy and cybersecurity provisions in a wide range of business agreements, to advise clients on privacy and cybersecurity best practices, and to advocate for and draft reduced liability and strong indemnification provisions for privacy and security breaches.
Service Provider Agreements
Some recent data privacy laws include an obligation for businesses to contractually obligate their third-party service providers to adhere to the minimum standards of data privacy and protection encapsulated in such laws. Our data privacy attorneys are experienced in drafting contractual provisions and addendums to be added to client contracts that both comply with regulatory requirements and protect our clients from liability in the event that a service provider fails to uphold the proper data privacy protocols.
PRIVACY AND DATA BREACH LITIGATION
Nason Yeager’s attorneys have the knowledge and expertise to represent companies in matters related to government investigations that may implicate privacy issues, and in crisis management and/or federal and state litigation related to data privacy breaches.
The legal team can help clients determine the form and content of any disclosures or notifications that may be needed to regulators, customers, the public, and others in the case of a data breach. We also provide advice on best practices in order to minimize risk and damages from a data breach.
Our firm is able to assist in responding to demands and lawsuits for damages arising from a data breach, and pursuing litigation against third parties that have contributed to the breach itself or the damages arising from the breach. Please see our litigation practice area for more information on the capabilities of our litigation team.