Privacy Compliance Strategies

Virtually all businesses today collect and save information relating to their employees, clients, customers, patients, or other parties. Because myriad international, federal, and state privacy laws and regulations cover not only those parties but also matters of national security and crime prevention, it is not unusual for one business to be subject to different sets of privacy laws and regulations. Thus, businesses face the challenge of complying with all relevant privacy laws and regulations and ensuring that safeguards are in place to prevent the improper use or disclosure of this information.

Epstein Becker Green’s Privacy & Security Group helps clients understand and stay compliant with the privacy laws and regulations and industry best practices that are applicable to the collection, use, and transfer of the clients’ confidential information. Since the key to privacy compliance is establishing a strong, effective, and well-documented privacy program, members of our Privacy & Security Group:

  • Advise on compliance with privacy-related federal, and state laws, rules, and regulations, including, among others, the CAN-SPAM Act, the Children’s Online Privacy Protection Act (COPPA), the Computer Fraud and Abuse Act (CFAA), the EU-U.S. Privacy Shield program, the Family Education Rights and Privacy Act (FERPA), the Genetic Information and Nondiscrimination Act (GINA), the Gramm-Leach-Bliley Act, the Health Information Technology for Economic and Clinical Health Act (HITECH), the Health Insurance Portability & Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS) requirements, the Telephone Consumer Protection Act (TCPA), and the Telemarketing Sales Rule
  • Document and ensure that a client’s privacy and security policies are in place and compliant, the client’s employees are aware of and understand them, and appropriate internal enforcement mechanisms have been established
  • Conduct risk assessments of privacy policies and service provider and other vendor arrangements
  • Provide counsel on compliance with Federal Trade Commission rules, including the ID Theft Red Flags Rule, the Address Discrepancy Rule, and other disclosures and safeguards for online, mobile, and social media information collection, use, and sharing practices
  • Update clients on new developments in privacy laws, regulations, and standards, and review and revise policies, practices, procedures, where needed, to ensure compliance with those developments