Privacy and Personal Data Protection

Businesses need to proactively address the changing privacy regulations that govern how they collect, use, store, and share data about their customers, employees, and other individuals.


International laws, such as the European Union’s General Data Protection Regulation (GDPR), national laws, such as the United States Graham-Leach-Bliley Act (GLBA), laws of individual states, such as the California Consumer Privacy Act (CCPA) and the Massachusetts Standards for The Protection of Personal Information of Residents of the Commonwealth, and laws applicable to particular types of data or industries, such as the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services Cybersecurity Regulation, are all privacy laws which regulate the ways various types of personal information must be handled by businesses and their vendors. The aim of these laws is to protect consumers and to hold businesses accountable for how they use and protect information about individuals, but the lack of uniformity makes compliance difficult. With a range of different regulations to consider on the state, national, and international level and with respect to various business activities and types of information, privacy law compliance can be daunting for any business.

We help business owners determine which privacy laws may be applicable to their businesses, and take the steps they need to take to deal with the complex web of worldwide privacy regulations. Our mission is to establish a solid foundation for your business’ privacy policies and practices to mitigate risk and foster growth in an ever-changing regulatory landscape.

In today’s privacy landscape, it is important for businesses to understand the implications of using websites and mobile apps to connect with customers. Whether you’ve already launched or are still in development, it is important that you understand requirements relating to collection and storage of user information, as well as requirements that may apply to any third-party services through which you connect with customers. Equally important is understanding which privacy regulations (such as the CCPA and GDPR) apply to your business.

Auditing your business practices, developing strategies for obtaining required consents, addressing complaints, responding to deletion or disclosure requests, training employees, and updating important documentation, such as internal policies and procedures and external Privacy Policies and Terms of Service, is part of a comprehensive strategy to evidence regulatory compliance. Establishing and maintaining compliant policies and practices will go a long way to ensure that you are able to operate your business effectively and efficiently, while avoiding the potential cost and risk of noncompliance.