Comprehensive data privacy regulation is more rigorous than ever in the United States. From the amended California Consumer Privacy Act (CCPA) to the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CoPA), the Connecticut Data Privacy Act (CTDPA) and the Utah Consumer Privacy Act (UCPA) to the host of industry- and subject matter-specific regulations in place at the state and federal levels, our dedicated privacy compliance attorneys are seasoned professionals on U.S. privacy laws.
We have guided hundreds of companies through the compliance process, provide strategic advice on every aspect of data privacy, and are leading advocates for businesses facing regulatory investigations and consumer lawsuits. We proactively monitor new developments in this dynamic area of regulation and help our clients stay ahead of pending legislation. Combining our strength in privacy and advertising law, we also help publishers, advertisers and ad tech companies address complex issues regarding the impact of privacy laws on digital advertising, and we work with the leading trade associations in this regard.
What You Need to Know
When the CCPA took effect in January 2020, it ushered in a new era of comprehensive state privacy laws in the United States. Beyond regulation of specific types of information or specific industries, the CCPA’s protections apply to all California residents, regardless of their relationship with a business, the industry in which the business operates, and whether the business collects personal information online or offline. The California Privacy Rights Act (CPRA) further expanded individual privacy rights, created additional requirements for businesses, established a new enforcement agency dedicated to data privacy, and ended exemptions for personal information collected from employees, job applicants and business-to-business contacts.
Meanwhile, California is no longer alone in enacting comprehensive privacy laws. By the start of 2025, more than 19 percent of the U.S. population will have the right to ask businesses what personal information is held about them, to delete or correct that information, and to limit certain uses and sharing, among other rights. Dozens of comprehensive privacy bills pending in state legislatures and a proposed federal privacy law foreshadow further expansion of omnibus privacy regulation. While there are harmonized approaches that can be leveraged for compliance with these laws, it is critical to know the detailed requirements of each law, the nuances of when they apply, and how they interact with existing federal privacy laws like the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA) and the Gramm-Leach-Bliley Act (GLBA).
At its core, compliance with comprehensive privacy laws requires a thorough understanding of how your business collects and uses personal information; how it shares personal information with business partners, vendors and others; the rights available to individuals; and what actions must be taken on personal information the business holds in order to delete it, correct it, provide a portable copy, or enable an individual to opt out of certain data uses.
How We Can Help
Compliance
Our privacy compliance attorneys are deeply familiar with the implications of the U.S. state comprehensive privacy laws as well as the pending privacy landscape. We provide clients with strategic and practical compliance advice that includes:
- Compliance readiness assessments
- Compliance program development and implementation
- Data inventory and mapping of data flows
- Analysis and management of cookies, pixels, software development kits (SDKs), and other tools that may collect and transfer personal data
- Privacy policies and notices
- Privacy rights requests
- Privacy and data security assessments and risk management
- Contract negotiation and drafting
- Tracking legislative and regulatory developments
- Due diligence for mergers, acquisitions and other transactions
- Identifying, engaging and managing privacy and technology consultants and solutions
We provide privacy guidance for companies across all industries, including:
- Advertising, marketing and digital media
- Entertainment
- Retail
- Consumer services
- Food and beverage
- Hospitality
- Technology, including software as a service
- Healthcare and medical devices
- Manufacturing
- Financial services/wealth management
- Human resource services and employee benefit providers
- Health and wellness
- Professional services organizations
- Real estate
Enforcement
When the California attorney general began enforcement of the CCPA on July 1, 2020, our firm was there to defend businesses caught in the first wave of enforcement. We have continued to advocate on behalf of clients facing government inquiries, investigations and enforcement relating to data privacy. Our unique knowledge and experience in this area along with our backgrounds in litigation and white-collar defense allow us to provide strategic and effective representation of companies facing regulatory scrutiny, as well as best-in-class advice to help keep clients out of the regulatory crosshairs