Privacy and Security
Every business manages personal information. Businesses may directly or indirectly collect personal information from prospective or existing customers. Businesses may also disclose personal information to third parties including service providers, affiliates, and business partners. Legal risks arise when businesses collect, use, and disclose personal information. Sims & Sims Law routinely assists organizations address and mitigate these potential risks by providing consulting services and assistance with the creation of privacy notices, agreements, and statements.
Our Services
-
“Privacy by design” advice for new products and services
Data Privacy Impact Assessments
Transfer Impact Assessments
Cookie notices
Data Retention
Risk mitigation
Collection and Use of electronic data
Digital Advertising
Assisting clients on all aspects of privacy compliance related to relevant laws, including:
-
California- CCPA/CPRA
Colorado-Colorado Privacy Act (CPA)
Connecticut-Connecticut Data Privacy Act (CDPA)
Indiana-Indiana Consumer Data Protection Act (ICDPA)
Iowa-Iowa Consumer Data Protection Act (ICDPA)
Montana-Montana Consumer Data protection Act (MCDPA)
Oregon-Oregon Consumer Privacy Act (OCPA)
Tennessee- Tennessee Information Protection Act (TIPA)
Texas – Texas Data Privacy and Security Act (TDSA)
Utah- Utah Consumer Privacy Act (UCPA)
Virginia- Virginia Consumer Data Protection Act (VCDPA)
-
HIPAA
Health Information Technology for Economic and Clinical Health Act (HITECH)
Confidentiality of Substance Use Disorder Patient Records Rule
Genetic Information Nondiscrimination Act (GINA)
Cures Act
-
Fair Credit Reporting Act (FCRA)
Fair and Accurate Credit Transactions Act (FACTA)
Gramm-Leach-Bliley Act (GLBA)
Dodd-Frank Wall Street Reform and Consumer Protection Act
-
Family Educational Rights and Privacy Act (FERPA)
-
Regulations Governing Telemarketing
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
The Telecommunications Act
The Cable Communications Privacy Act
The Video Privacy Protection Act
-
Americans with Disabilities Act (ADA)
Civil Rights Act VII
-
GDPR
EU AI Act
-
Privacy Policies and Notices
Data Processing Agreements
Business Associate Agreements
Draft, review, negotiate contracts or specific provisions in contracts to address data security, data collection, and data sharing issues
-
Federally imposed information security provisions are found in laws impacting the healthcare and financial sectors. In addition, the Federal Trade Commission brings actions against companies misrepresenting their information security practices or failing to provide “reasonable procedures” to protect personal information. In addition, several states have passed laws requiring companies to implement information security measures to protect citizens’ sensitive information. Our firm assists clients by assessing the applicability of these laws to their organization, and provides guidance that allows them to achieve compliance with information security standards.
We also help clients with privacy incident management including:
Prevention & Analysis, –
Creating and developing: an incident response plan, and practicing the plan through table top exercises; a Business Continuity Plan; and a Disaster Recovery Plan.
Conducting cyber risk assessments
Triage and Investigation
Working with information security and forensics to investigate a security incident
Regulatory Research
Researching regulations pertaining to data breaches and assessing applicability to your organization
3rd Party Contractual Obligations
Surveying contracts for contractual notice obligations to third parties
Breach Decision
Assisting organizations in making the determination of whether a breach has occurred.
Remediation
Implementing effective follow-up methods to mitigate the risk of harm for individuals affected by the breach,, such as additional training, internal self-assessments, and third party audits where needed. These assessments should analyze the breach itself as well as the response plan and should identify deficiencies.
Notification
Drafting notices, as applicable to affected individuals, regulatory agencies, law enforcement, state attorneys general, and media.