Karr Tuttle Campbell’s cross-disciplinary privacy and data security attorneys use their hands-on experience serving tech-sector businesses and heavily regulated industries to counsel companies of all sizes as they manage risks associated with the collection, use, and disclosure of data.
Our attorneys’ extensive subject matter expertise in intellectual property, international law, consumer protection, banking, finance, and healthcare—when combined with a real-world understanding of the actual risks involved with litigation—yields commercially practicable compliance strategies that balance the costs of data security against those of running a profitable business.
Data privacy is an enterprise-wide concern. Over 100 countries and the vast majority of U.S. states promulgate unique rules regulating collection, use, disclosure and security of personal information. A deep understanding of this complex global framework builds trust with business partners and customers. However, the plurality of legislation makes full compliance a daunting task, even for the most experienced businesses.
Karr Tuttle Campbell’s privacy attorneys mitigate risk at every stage of the information lifecycle. Our attorneys partner with general counsel, chief privacy officers, and chief information officers to devise technical and non-technical methods to achieve privacy and data security compliance, including:
Compliance counseling for privacy and security issues implicated by mergers and acquisitions, including:
Advice on the transfer of a target company’s employee and customer data
Integration of the target’s and acquirer’s internal and public-facing privacy policies and data handling procedures
Cross-border data transfers
Data breach response strategies, including customer notifications
Health information privacy strategies
Legislative monitoring
Privacy policies and data breach notification policies tailored to industry and geography
Technology licensing agreements
Third-party liability assessments under state, federal, and international privacy laws:
Identification of data security vulnerabilities in customer, distributor, supplier, or other business partner agreements
Negotiations of vendor contracts and information use and distribution agreements
Workplace privacy measures, like acceptable use policies with EU-grade “privacy by design” principles
EU General Data Protection Regulation (GDPR) and EU-US Privacy Shield.
We also assist businesses with their efforts to comply with the ever-expanding array of international data protection requirements, including the EU’s General Data Protection Regulation (GDPR) and member state implementations of other EU mandates, such as the EU-US Privacy Shield, model contracts, and binding corporate rules (BCRs).
Our privacy and data security attorneys keep clients apprised of international privacy developments pertinent to their business. In addition, Karr Tuttle Campbell has extensive experience representing Asian and European-based companies, as well as other foreign-based and multi-national companies.
Highly regulated industries.
Our attorneys are sought-after by businesses operating in regulated industries with sector-specific legal issues, such as those implicated by:
Children’s Online Privacy Protection Act (COPPA)
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
Electronic Communication Privacy Act (ECPA)
Fair Credit Reporting Act (FCRA)
Family Educational Rights and Privacy Act (FERPA)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
