Records management and privacy policies

Good business practice today includes having effective privacy policies. More focus is being placed on ensuring companies have adequate internal privacy policies that direct users of personal data in how to handle the use of such personal information. Data and records management are important components of privacy policies. To help clients make data management a growth tool, our attorneys work closely with them to develop internal record retention and privacy guidelines. Clients rely on us for strategic planning advice that allows them to stay ahead of legal developments in the privacy and data-security arena while reaping the myriad benefits of unprecedented data availability.

Companies should also have precise privacy notices, or privacy statements, that clearly inform persons of how personal information is used by the company. The FTC has historically required that privacy notices provide persons (i) notice of the company's information practices, (i.e., what information they collect and how they use it); (ii) choices as to how their information is used beyond the purpose for which the information was provided, along with the option to opt out or opt in to data collection and use; (iii) reasonable access to their information and an opportunity to correct inaccuracies. Companies must also take reasonable steps to protect the security and integrity of personal information. Recently the FTC has focused on core concepts of privacy by design, simplifying consumer choice and greater transparency. We can assist with these matters.

Our experience includes:

  • We have assisted clients in addressing legal issues (including legal terms and best practice procedures) relating to the collection of resume, address and other personal data online.
  • We have counseled clients regarding the legal risks associated with the online collection and use of information, including requirements set forth by the FTC with respect to online privacy policies or the lack thereof on corporate websites.
  • We regularly review privacy notices posted on clients' websites to determine compliance with regulatory requirements, and advise regarding internal audits to ensure clients are following their privacy policies.
  • We advise regarding compliance with the Children’s Online Privacy Protection Act (COPPA) for clients who operate websites or online service directed to children, or who otherwise collect information from children under 13 years of age.