|
Many states and countries have enacted privacy and data protection laws and regulations that impact the creation, management, and transfer of information – particularly, sources of information that contain personal data. While these requirements vary greatly from jurisdiction-to-jurisdiction and from industry-to-industry, the global trend has been towards stricter enforcement and the imposition of increasingly severe penalties for violations.
Addressing these overlapping requirements in the global economy requires the adoption of a risk management approach precisely framing the purpose and means for the collection, processing and transfer of personal data throughout any organization. This approach includes evaluating the legal qualification of the entities involved (data controller, data processor, data recipient) together with the data flow scheme, to determine (i) whether the processing is acceptable from a legal perspective, (ii) the appropriate formalities in light of the purpose of the processing and (iii) the obligations to be completed based on the type of information (e.g., individuals’ information, data security/confidentiality, data transfer agreements).
We help clients develop defensible (and reasonable) approaches to comply with these varied requirements.
Our privacy and data protection services include:
- Developing global compliance frameworks to assist in-house legal and privacy professionals assess international data protection and privacy risks
- Guidance regarding compliance with specific international privacy and data protection regulations (e.g., EU Data Protection regulations, enacting regulations in individual member states)
- Coordinating/negotiating with individual data protection authorities
- Developing the necessary forms of notice, rights of access, data transfer agreements, binding corporate rules and data protection contact provisions needed to support a data protection program
- Developing approaches that seek to balance the competing interests between compliance with international privacy and data protection regulations and the requirements associated with document disclosure and/or discovery orders in litigation matters and governmental investigations
- Guidance regarding the privacy and data protection implications associated with the deployment of communication and data storage technologies (e.g., centralized data centers, offsite data storage, third-party support services, cloud computing, Web 2.0 and social networking applications)
|
