Companies that are proactive about protecting consumer data are represented by Schwabe.
Overview
All businesses that process personal data face privacy and security risks.
Our attorneys can help you understand legal requirements and reduce your risks in a data-driven economy. We can guide you on how to respond to privacy and security incidents and inquiries, whether they originate with enforcement agencies or consumer protection advocates. We also have data protection knowledge for a wide variety of transactions that involve personal data.
Whether the data concerns your consumers, employees, patients, students, or business customers and partners, failure to protect it from improper use or access can result in legal, regulatory, reputational, and financial harm. To protect your operations, we help you navigate the complexities of global data protection laws, security industry standards, and market expectations.
As new privacy laws and regulations proliferate, our attorneys can also help you manage the shifting privacy and security legal landscape with greater confidence. Our attorneys hold IAPP credentials and have experience providing counsel to diverse organizations, from Fortune 500 businesses to start-ups, on the multitude of laws in this area.
Understand Privacy and Security Requirements
We can help you understand the privacy and security laws, regulations, and standards that apply to your business. Given the proliferation of privacy laws, not only in the US but across the globe, it can be challenging to understand how they intersect with existing requirements and what they mean for your business. We can help you synthesize privacy and security requirements, analyze the application of new laws and regulations, and help steer your business if you intend to move into new markets.
Identify Privacy and Security Risks
We will assist you in identifying privacy and security risks that may affect your business and guide you toward solutions to mitigate them. Our attorneys have aided businesses of various sizes and industries in conducting risk assessments. This includes analyzing a company’s public privacy disclosures, reviewing marketing practices, and identifying both compliance concerns and opportunities. We strive to understand your unique operations and your industry to help you develop and implement tailored compliance solutions, processes, and policies.
Thrive in a data-driven economy
Our attorneys understand that a business needs to thrive in a data-driven economy. Our legal advice can help you launch groundbreaking products and services powered by data and implement AI applications in your activities. We understand the privacy and security landscape that governs your use of data.
Respond to incidents and inquiries
Our team of attorneys can pilot you through privacy and security incidents, inquiries, and investigations. We help businesses investigate incidents, minimize damage, and move forward swiftly after a privacy or security incident. We can also help companies respond to privacy-related probes from enforcement agencies, such as the Federal Trade Commission or a state attorney general, data protection authorities, privacy advocates, and consumer protection groups.
Assist with transactions involving personal data
Schwabe supports businesses engaged in a wide variety of transactions and provides privacy and security counsel with regard to handling personal data. In Mergers and Acquisitions, we can navigate privacy due diligence and transfers of sensitive information, whether customer data or employee data. Concerning tech transactions and vendor agreements, we can provide guidance on the latest legal requirements, as well as help you negotiate privacy and security terms.
Help you build or strengthen your privacy program
There is no one-size-fits-all approach to compliance and risk management. We strive to understand your unique business as well as your industry to help you develop and implement compliance solutions, processes, and policies that work for you. We can:
- Build or strengthen your privacy program. Whether responding to consumer inquiries or conducting Data Protection Impact Assessments (DPIAs), we can show you how to implement privacy programs and processes to ease compliance.
- Develop privacy-related policies. Our attorneys will develop policies to reduce the risks related to your collection, use, disclosure, and storage of data. Whether it’s time to review your employee privacy practices or develop a policy to implement AI solutions safely, we can assist.
- Privacy and security training. Our team can help you develop privacy-related training that is tailored to your business and appropriate for a wide range of audiences. Whether you’re training your marketing team on the use of social media or cookies, or your engineers on principles of data minimization, we can support your training goals.
Global Comprehensive Privacy Laws
- U.S. federal and state privacy laws and regulations, including:
- State privacy laws, such as the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), and the Oregon Consumer Privacy Act (OCPA)
- Federal and state laws that prohibit unfair and deceptive acts and practices
- State data breach notification laws
- EU and UK Global Data Protection Regulation (GDPR)
- EU e-Privacy Directive (ePD) and related member state laws
- UK Privacy and Electronic Communications Regulations (PECR)
- BR General Personal Data Protection Law (LGPD)
- CA Personal Information Protection and Electronic Documents Act (PIPEDA)
- IN Digital Personal Data Protection Act
Privacy and Tech Topics and Industries:
- Artificial Intelligence: Emerging AI Laws, such as the EU AI Act, U.S. AI Bill of Rights, NYC Local Law 144
- Health Data: Health Insurance Portability and Accountability Act of 1996 (HIPAA) and WA My Health, My Data Act (WMHMD)
- Children and Teens’ Data: Children’s Online Privacy Protection Act (COPPA), UK and California Age-Appropriate Design Codes
- Communications Data: U.S. Wiretap Act and California Invasion of Privacy Act (CIPA)
- Financial Data: Fair Credit Reporting Act (FCRA), Payment Card Industry Data Security Standard (PCI DSS)
- Biometrics: IL Biometric Information Privacy Act (BIPA), TX Capture or Use of Biometric Identifier Act (CUBI)
Experience
- Advised companies regarding notification obligations in data security breaches.
- Advised clients on privacy, confidentiality, and data security terms in vendor contracts.
- Settled disputes involving handling of consumer data.
- Analyzed insurance policies for privacy/cyber liability coverage.
- Counseled a fitness client on the collection and use of consumer health data under the Washington My Health My Data Act.
- Guided a big tech client on the risks associated with voice-enabled technologies under U.S. wiretap laws, the EU e-privacy Directive, U.S. state omnibus privacy laws, and biometric laws.
- Advised healthcare conglomerates on the use of tracking technologies under HIPAA, GDPR, and U.S. state omnibus privacy laws.
- Advised on the development and launch of AI-based Fintech service; created and implemented compliance strategies to meet requirements from GDPR, CCPA, FCRA, and anti-discrimination laws.
- Assisted clients across diverse industries with updates to their privacy statements that ensured compliance with global data protection laws.
- Assisted various clients in responding to regulatory inquiries and investigations, including from the FTC, EU data protection authorities, and consumer protection advocates, related to the collection and use of personal data; drafted responses and developed legal strategies to reduce business disruptions from inquiries and investigations; and helped implement technical solutions across multiple business divisions to address concerns.
- Drafted and negotiated data-sharing terms, data processing agreements, and similar agreements, such as HIPAA BAAs, in various commercial contexts.
- Provided legal advice on privacy issues in M&A transactions to help clients reduce risks related to the transfer of customer and employee data.
- Advised clients on various employment-related privacy matters, including background checks and employee monitoring.
- Counseled clients on security incidents and cybersecurity events, including nation-state attacks; reported data breaches to data protection authorities and other agencies.
- Accelerated adoption of emerging technology by developing contractual standards and solutions.
Sign up