Privacy Governance and Technology Transactions

Overview

Strong, proactive privacy governance and technology strategy is vital to every business today. Our national team counsels clients on how to reduce or eliminate risk through rigorous review of policies that may pose privacy and security risks, as well advises on strategic acquisitions of technology.

We work with the key personnel who have responsibility for privacy and security and for technology infrastructure, including chief information and privacy officers, marketing team leaders, compliance officers, finance leaders and in-house legal teams. Our incident response experience and regulatory knowledge mean we are uniquely qualified to examine both internal and privacy governance policies. Our deep understanding of technology positions us to advise clients regarding the best practices for technology transactions, including negotiating agreements regarding cloud services and technology infrastructure as well as data ownership and other key issues that arise when companies do business together.

Regulatory Defense

We advise clients on how to develop and maintain consumer privacy programs. In addition, we help clients assess privacy impacts and employ privacy by design to balance commercial and consumer interests and to craft transparent, accurate and customer-friendly notices regarding data practices.

Our deep experience and relationships with state attorneys general and other regulatory officials allow us to deal efficiently with investigatory inquiries, often resulting in positive dispositions, including the conclusion of investigations without any charges being brought.

Our experience encompasses:
  • California Consumer Privacy Act (CCPA) and other state privacy laws.
  • General Data Protection Regulation (GDPR).
  • Attorney General privacy investigations related to data collection and use.
  • Data localization and retention laws.
  • The Children’s Online Privacy Protection Act (COPPA).
  • Gramm Leach Bliley Act (GLBA).
  • Telephone Consumer Protection Act (TCPA) and Controlling the Assault of Non-Solicited Pornography and Marketing Act compliance.
  • Federal Trade Commission matters.
  • The Fair Credit Reporting Act. (FCRA).
More »
Technology Contracts
  • Our team has a well-grounded understanding of transactions involving the use, licensing, acquisition and commercialization of data and technology. We review, negotiate and draft agreements and agreement provisions regarding:
  • Cloud computing.
  • Data ownership and data protection.
  • The PCI Data Security Standard and protected health information.
  • Service level agreements.
  • Software.
  • Hardware.
  • Mobile data and commerce.
  • E-commerce.
  • Back offices and infrastructure.
  • Outsourcing.

We handle agreements involving all forms of cloud service (SaaS, IaaS, PaaS), video game development, mobile apps, music distribution, geolocation, payment processing, fraud prevention, data analytics and digital advertising.

In addition, as companies everywhere undergo digital transformation, our team offers guidance on where opportunities and vulnerabilities lie and assists in designing plans to manage, protect and leverage your digital assets, including Big Data, predictive analysis, machine learning, robotics, the Internet of Things (IoT), and voice, text and vision recognition.

GDPR and CCPA

We provide comprehensive advice regarding the EU’s General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act (CCPA), including:

  • Compliance readiness assessments.
  • Compliance program development and implementation.
  • Inventory data and mapping data flows.
  • Privacy and data security assessments to prepare for the impact of the private right of action arising from security incidents.
  • Risk management.
  • Tracking legislative and regulatory developments.
  • Vendor contract drafting and review.
  • Identifying, engaging and managing IT consultants and solutions.

Select Experience

Privacy Governance
  • Counseled hundreds of companies on developing, implementing and maintaining privacy programs and complying with applicable data protections laws, including the CCPA.
  • Representing the interests of multiple clients in the digital advertising sector while working with the Internet Advertising Bureau to help develop a policy framework, multiparty agreement and technical signal program that will allow publishers and advertisers to integrate their CCPA “do not sell” requests with internet-based advertising technologies.
Technology Transactions
  • Representing an insurance company in its multimillion-dollar multiparty cloud and software services agreements.
  • Supporting a large healthcare system as lead technology and intellectual property counsel; advising the organization in more than $50 million worth of technology acquisitions.
More »

Professionals

Name Title Office Email
Associate New York
Partner Atlanta
Associate Costa Mesa
Partner New York
Partner Atlanta
Partner Cleveland
Partner Atlanta
Partner Atlanta
Associate New York
Associate New York
Associate New York
Partner New York
Partner New York
Partner Los Angeles
Partner New York
Associate Atlanta
Partner Atlanta
Partner Seattle
Partner New York
Associate Seattle
Associate Los Angeles
Associate Los Angeles
Partner New York
Partner Philadelphia
Associate Atlanta
Partner Philadelphia
Partner San Francisco
Partner New York
Partner Washington, D.C.
Associate New York
Partner Cincinnati
Associate Los Angeles
Associate Atlanta

Experience

Privacy Governance
  • Counseled hundreds of companies on developing, implementing and maintaining privacy programs and complying with applicable data protections laws, including the CCPA.
  • Representing the interests of multiple clients in the digital advertising sector while working with the Internet Advertising Bureau to help develop a policy framework, multiparty agreement and technical signal program that will allow publishers and advertisers to integrate their CCPA “do not sell” requests with internet-based advertising technologies.
  • Advising numerous clients regarding compliance with international data transfer restrictions and data localization requirements. Additionally, we developed and implemented GDPR compliance programs for U.S. and international organizations, including applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, the selection of Data Protection Officers and employee training.
  • Served as lead privacy counsel to a cutting-edge healthcare funding provider; provided a 50-state analysis of the privacy landscape for the company.
Technology Transactions
  • Representing an insurance company in its multimillion-dollar multiparty cloud and software services agreements.
  • Supporting a large healthcare system as lead technology and intellectual property counsel; advising the organization in more than $50 million worth of technology acquisitions.
  • Acting as lead counsel to a minerals and material solutions provider, evaluating and mitigating the risks of third-party installation of IoT tracking technologies for assets management.
  • As privacy counsel to a global public relations and earned media software company, led the organization through multiple acquisitions of portfolio companies and conducted privacy diligence for a number of transactions.
  • Advised a healthcare customer-relationship management company on commercial transactions and the development of a privacy and data strategy, navigating HIPAA compliance and regulations.

Recognition

  • BTI Cybersecurity Powerhouse (2020)
  • BTI CyberSavvy Law Firm (2020)
  • Chambers Global
    • Privacy & Data Security (USA) (2014 to 2020)
    • Privacy & Data Security: Healthcare Spotlight Table – Nationwide (2018 to 2020)
  • Chambers Fintech
    • Legal – USA (2018 to 2020)
  • Chambers USA
    • Advertising: Transactional & Regulatory – Nationwide (2018 to 2020)
    • Privacy & Data Security – Nationwide (2013 to 2020)
    • Privacy & Data Security: Healthcare Spotlight Table – Nationwide (2018 to 2020)
  • Chambers USA Award: “Privacy & Data Security Team of the Year” finalist (2015, 2017)
  • The Legal 500 United States
    • Media, Technology and Telecoms: Advertising and Marketing: Transactional and Regulatory (2018 to 2020)
    • Media, Technology and Telecoms: Cyber Law (2016 to 2020)
    • Media, Technology and Telecoms: Data Privacy and Data Protection (2016 to 2020)
  • Law360: Privacy "Practice Group of the Year" (2013 to 2015, 2018)

News

News

Press Releases

Blog Posts

Blog

In The Blogs

Previous Next
Data Counsel
California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0
By Alan L. Friel, Shea M. Leitch, Andrew M. Serrao
October 20, 2020
On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can...
Read More ->
Data Counsel
Jeewon Kim Serrato Co-Authors Article about Pricing, Value of Consumer Data and CCPA's Non-Discrimination Requirement
By Jeewon K. Serrato
October 19, 2020
Partner Jeewon Kim Serrato co-authored an article published in the California Lawyer Association’s Fall 2020 issue of the “Competition Journal” of the Antitrust, UCL and Privacy Section. The article, “Privacy, Pricing, and the Value of...
Read More ->
Data Counsel
Employee Training and Record-Keeping Requirements in the Final CCPA Regulations and a Preview of New Retention Requirements in the CPRA
By James A. Sherer, Nichole L. Sterling
September 15, 2020
The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA...
Read More ->
Data Counsel
Return to Work: What Employers Should Know About AB 1281, CCPA Notice Requirements and Recent Labor Law Guidance
By Alan L. Friel, Jeewon K. Serrato, Catrina W. Wang
September 8, 2020
While most privacy news and alerts have been focused on the collection and processing of customer data (see our earlier posts about interest-based advertising and the House Judiciary Committee’s Antitrust Hearing with Big Tech, for...
Read More ->
Data Counsel
IAB Launches CCPA Benchmark Survey
By Taylor A. Bloom, Kyle R. Fath, Gerald J. Ferguson, Alan L. Friel, Linda A. Goldstein
August 27, 2020
The Interactive Advertising Bureau (IAB), a leading advertising industry organization, has launched a CCPA Benchmark Survey to assess how companies across the digital advertising ecosystem are approaching CCPA compliance. The survey...
Read More ->