MAEDER LAW OFFICE





CALL FOR A CO
NSULTATION:
860.836.8338
Privacy and Cybersecurity

Privacy and Cybersecurity


Maeder Law Office offers legal counsel on privacy and cybersecurity-related matters. With widely-reported data breaches and misuse of personal information frequently in the news these days, privacy and cybersecurity are top of mind for many businesses. Privacy and cybersecurity issues are involved in a wide range of matters, from vendor contracts and internal corporate policies and procedures to customer-facing contracts, and more. Ms. Maeder assists clients to identify legal risks associated with privacy and data security and develop risk mitigation strategies.


Managing privacy and data security risks requires a strong understanding of client technologies and the collection, use, and disclosure of client data. Ms. Maeder’s underlying subject matter knowledge in information technology and prior business experience in the information technology industry as a computer analyst specializing in developing end-to-end database solutions for customers enable her to quickly understand client technologies and the technical and logistical aspects of data, identify potential legal risks, and develop risk mitigation strategies. Ms. Maeder offers counsel on a number of privacy and data security-related matters.

Regulatory Compliance


We provide legal counsel on compliance with privacy and data security laws and regulations, including HIPAA/HITECH, Gramm–Leach–Bliley Act (GLBA), COPPA, and other sector specific laws. Additionally, we provide counsel on Federal Trade Commission (FTC) data privacy issues related to unfair trade practice; for example, if a company’s actions do not comply with its stated privacy policies, the FTC considers this to be an unfair trade practice and can impose fines. We also assist clients with questions about the FTC’s Principles for Online Behavioral Advertising.


Privacy and Data Security Policies and Procedures


We offer assistance to clients with writing and reviewing corporate privacy and data security policies, including HIPAA policies and procedures, website privacy policies, written information security plans (WISPs), and website terms of service that reflect the client’s business practices and are compliant with applicable privacy and data security laws and regulations.



Vendor Contracts Privacy and Data Security Issues


Privacy and data security risks can arise from third-party vendors that handle client data. We review client contracts with third-party vendors to ensure that the contract language calls for the same levels of privacy and data security that the client expects and appropriately address privacy and data security rights, responsibilities, and procedures. Third party vendor contracts that we review include contracts with technology service providers (TSP), outsourcing, cloud computing, and data processor agreements. A few of the contract provisions that we scrutinize include data security clauses, audit, breach notification, and privacy provisions.


Global Privacy


We assist clients with global privacy and data security laws and regulations that their operations may be subject to such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the European Union’s General Data Protection Regulation (GDPR). 


Health Information Technology (Health IT) Privacy and Data Security


We provide counsel to health IT vendors and customers on the HIPAA privacy and data security implications of business transactions and underlying service agreements involving Health IT, assist with development of HIPAA privacy and security policies and procedures, and review and draft business associate agreements that define the parties’ obligations and permitted and required uses and disclosures of electronic protected health Information (ePHI), including use and disclosure of ePHI for management and administration, data aggregation, and de-identification. For health IT vendor contacts, we offer assistance with incorporating the business associate agreement into the underlying services agreement between the covered entity and business associate.



Other privacy and data security matters that we assist with include:

  • Cyber Insurance Coverage Evaluation
  • Cloud Computing Privacy and Security Issues


 

To learn more, we invite you to contact us at  860-836-8338 or info@maeder-law.