Privacy Compliance
ArentFox Schiff provides counsel on compliance with US and international laws related to data collection, use, and transfer. Our attorneys work with companies to develop internal security and governance programs, advise businesses on the collection of data in retail locations as well as online including social media marketing and e-commerce platforms, and conduct internal investigations in response to critical data breaches. We also work with companies to implement privacy and data security protection by using IT agreements to control data access by their employees, reconfiguring data security when moving IT operations to the cloud, and protecting against cyber risks that can arise from third-party IT vendors.
Our Work
- California Consumer Privacy Act (CCPA)
- New York Cybersecurity Regulation
- EU General Data Protection Regulation (GDPR)
- EU-US Privacy Shield
- FTC Act
- FTC’s privacy and security enforcement rules and related guidelines
- FCC’s Customer Privacy Network Information (CPNI) rules
- Telecommunications Consumer Protection Act (TCPA)
- various federal privacy statutes including the Gramm-Leach-Bliley Act (GLBA)
- Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
- Children’s Online Privacy Protection Act (COPPA )
- Health Insurance Portability and Accountability Act (HIPAA )
- Payment Card Industry Data Security Standard (PCI DSS)
- additional federal and state laws on data protection