Data Privacy, Cybersecurity & Artificial Intelligence

Our Approach

Our experienced team of attorneys combines up-to-date legal acumen with the technological know-how to provide successful cybersecurity solutions. Members of our practice include attorneys recognized as Certified Information Privacy Professional/United States (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E), and Certified Information Privacy Manager (CIPM). In addition, our interdisciplinary team advises clients on the full range of matters that may arise in relation to data privacy and security, spanning counseling, regulatory compliance and enforcement by regulatory authorities, as well as litigation, should it arise.

Counseling

Our team of experienced data privacy professionals work closely with clients on the front end to develop policies and procedures to enhance and protect security, reduce risk, and assess preparedness should a data security incident occur. We advise clients on the appropriate ways to collect, maintain, and use data for their businesses while still complying with the many-and-increasing data privacy laws in the United States and globally.

In addition, with the rise in adoption of artificial intelligence for both business and personal uses, we work with organizations to review and evaluate the terms and conditions of technology implemented from the legal side, and advise on the varied risks inherent in using AI technology by the business and its employees. Our experienced attorneys work closely with clients to develop generative AI policies and guidelines, tailoring each to the specific business needs and risk appetite.

• Develop and implement policies and procedures
• Assess preparedness and advise on changes
• Counsel on collection, maintenance, use, and retention of data
• Review, negotiate and draft contracts and other agreements (vendor agreements, cloud computing, SaaS agreements, and business associate agreements)
• Website privacy policies
• Generative AI use policies

Compliance and Investigations

Privacy laws apply to nearly everyone who controls personal data – including your business. With the alphabet soup of state, federal and international laws, often with overlapping and different requirements, it can be challenging to keep up with all of the compliance needs. Our team is well-versed in these laws, and advises clients on appropriate protection of personal information, protected health information, and other private data under those laws. In addition, we guide clients who may be the subject of investigation by regulatory authorities, whether they have experienced a breach or not. We help clients respond to requests and interact with regulatory agencies, relying on our extensive experience that includes time working in the Attorney General’s office, as well as before a wide range of agencies, and the knowledge of strict policies and procedures that come along with audits and complaints.

• Gramm-Leach-Bliley Act (GLBA)
• Stored Communications Act (SCA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Fair Credit Reporting Act (FCRA)
• Computer Fraud and Abuse Act (CFAA)
• Do Not Call Registry
• Family Educational Rights and Privacy Act (FERPA)
• Federal Trade Commission’s Red Flag Rule
• The Fair and Accurate Credit Transactions Act (FACTA)
• Automatic Renewal Laws (ARL)
• Telephone Communications Protection Act (TCPA)
• California Consumer Privacy Act 2018 (CCPA)
• California Privacy Rights Act (CPRA)
• Standard Contractual Clauses for data transfers under the GDPR
• Minnesota Health Records Act (MHRA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• 42 CFR Part 2
• Section 5 of the Federal Trade Commission Act
• State consumer protection laws
• Freedom of Information Act (FOIA)
• Minnesota Government Data Practices Act
• NAIC Insurance Data Security Model Law