International data privacy

Drawing on the experience of the firm’s international business attorneys as well as its privacy and data security attorneys, we help clients comply with data protection obligations worldwide. This includes the European Union’s General Data Protection Regulation (GDPR) and the privacy laws of other countries. As the regulatory environment grows, our data privacy team stays ahead of U.S. privacy legislation in new and growing industries.

Our team assists clients with the following sector-based U.S. laws and regulations:

  • Data breach notification laws in all U.S. states and territories
  • Other state identity theft and privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
  • Section 5(a) of the Federal Trade Commission (FTC Act) prohibiting engaging in unfair or deceptive business practices (addressing privacy policies)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH), which was part of the American Recovery and Reinvestment Act of 2009 (ARRA)
  • FTC Telemarketing Sales Rule (TSR)
  • Telephone Consumer Protection Act (TCPA), enforced by the Federal Communications Commission (FCC) (i.e. “do not call lists” and autodialing)
  • FTC Disposal Rule
  • Children’s Online Privacy Protection Act (COPPA)
  • Gramm Leach Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
  • Fair and Accurate Credit Transactions Act (FACTA), including Red Flag Identity Theft regulations
  • Electronic Communications Privacy and Stored Communications Acts
  • U.S. Patriot Act and its suspicious-activity regulations
  • Payment Card Industry PCI DSS standards (PCI)

We also assist clients with the following international laws and regulations:

  • The E.U. General Data Protection Regulation (GDPR)
  • The UK General Data Protection Regulation (UK GDPR)
  • The Chinese Personal Information Protection Law (PIPL)

Our experience includes:

  • Conducting website audits to advise clients if their site complies with their stated policies, and counseling clients in developing privacy policies that are reflective of the client’s actual policies
  • Advising clients regarding implementation and compliance with E.U. Standard Contractual Clauses
  • Assisting with data mapping exercises, data protection impact assessments, transfer impact assessment and other privacy assessments in collaboration with client’s internal team
  • Providing Data Protection Officer (DPO) services as required under the GDPR, including communication with regulators
  • Drafting or negotiate Data Processing Agreements between Controllers and Processors
  • Advising multi-national company regarding re-structuring their data retention system to comply with current data privacy issues
  • Assisting clients in drafting legal terminology for legally effective implementation of online user, online purchaser or restricted access agreements for website commerce and access-restricted use
  • Assisting clients in developing customer agreements and disclosures for financial products, including internet banking and online account access to ensure compliance with E-Sign