Privacy, Data Security and Governance
Privacy, Data Security and Governance
Federal and state privacy and security laws affect nearly every industry sector ranging from healthcare providers to financial institutions to start-ups. Our attorneys advise both public and private clients in healthcare, technology, transportation and financial services in areas of privacy applicable to IT/technology, data security, financial privacy, health privacy, consumer privacy, employment privacy, litigation and transactions.
We counsel clients on how to protect proprietary and customer confidential information. We guide our clients through all steps of information governance and risk management, such as the development and implementation of preventative measures, policies and procedures; technology selection and validation, the placement of cyberliability insurance, and pursuit of claims under these policies. In addition, we help clients investigate and respond to data breaches and represent clients in related litigation.
- Commercial transactions
- Compliance audits
- HIPAA compliance
- Training programs
- Information governance
- Cyberliability insurance
- Incident response and data breach counseling
- Information handling
- Privacy and data protection litigation
- Privacy policies and procedures
- Regulatory investigations
Representative Work
- Drafted a privacy policy for a mobile app company.
- Ongoing HIPAA Compliance for client (e.g., draft HIPAA privacy and security manual and related health plan language; draft and negotiate business associate agreements; analyze reportability of HIPAA breaches).
- Drafted numerous privacy policies and technology contracts including SaaS and online bill pay agreements, where we advised on significant privacy issues.
- Advise clients regarding obligation under HIPAA and California law to report possible health information security breach.
- Advised global semiconductor company on the effect of data security monitoring and investigation practices on EU Safe Harbor Certification.
- Advised American subsidiary of European company regarding US Government access to EU hosted cloud content under Patriot Act procedures (National Security Letters or FISC subpoenas.)
- Advise numerous clients regarding the purchase/renewal of cyberliability policies.
- Counsel clients on pursuing and obtaining insurance to pay for costs/losses arising from a data breach.
- Counsel clients in successfully pursuing insurers to pay for costs/losses arising from hacking and other cybersecurity incidents.
- Advised transportation agency client on contract involving third party collection, processing and off-site storage of employee data.
- Advised retail client regarding requests for Personally Identifiable Information (PII) at California brick and mortar stores.
Key Contacts
News & Resources
Data Privacy Week: Navigating Data Privacy in the Age of AI
Rob McFarlane, Batya Forsyth, and Jenny Dao of Hanson Bridgett discuss the Executive Order issued on the Safe, Secure, and Trustworthy Development and Use of AI on October 30, 2023.
California Consumer Privacy Act 2.0 – What You Need to Know
DOL recently stated that the use of private equity investments within professionally managed asset allocation funds is not inconsistent with the plan fiduciaries' ERISA fiduciary duties.
Temporary Relief For CA Businesses From The CCPA: Employee and B2B Exemptions Extended Another Year
The California Assembly passed Assembly Bill 1281. If signed, the bill will guarantee that certain California Consumer Privacy Act exemptions will be extended beyond their initial deadline, December 2020.
Privacy Alert: Zoom or Not to Zoom?
Use of Zoom and other videoconferencing tools have exploded since stay at home orders started, elevating privacy concerns and legal challenges.
COVID-19 and CCPA: No Delay in Enforcement
Enforcement of the California Consumer Privacy Act is set to start on July 1. Despite requests from over 60 companies, the Attorney General will not extend that deadline.