Data Privacy

Privacy and data security laws have exploded in the last decade, as the cloud-computing revolution moved sensitive data into the hands of remote service providers.  We have adapted our firm’s practice to keep pace.   

We advise our clients on compliance with the developing body of privacy and data protection laws, including the California Consumer Privacy Act (CCPA), the EU and UK General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Massachusetts Data Security Regulation, and similar data protection and privacy laws in other foreign jurisdictions such as Australia, Switzerland and Japan, the Gramm-Leach Bliley Act, and other laws and regulations.  Many of our clients are US-based SaaS providers, which often must agree to strict data protection agreements with their corporate customers, even if they do not yet have a presence in a foreign jurisdiction.  We regularly draft and negotiate data protection agreements (DPAs ) and amendments for our clients.  We formulate data security and privacy policies and procedures, and assist our clients in the updating of their online privacy policies and terms of service to reflect the requirements of applicable data privacy laws. 

While data security and privacy are relatively new concerns to American businesses, Bob was studying and writing about the topic nearly thirty years ago.