​​

Data privacy, cybersecurity, and protection is a fast-evolving area of the law. Increasingly, businesses must be on top of the technological and legal issues relating to the privacy and protection of networks and data. Data breaches can cripple a business, and as such protecting against such breaches - and taking swift action if they occur - are vital considerations. There is a growing tapestry of laws, including California’s Privacy Rights Act (CPRA), the EU General Data Protection Regulation (GDPR) and others, that regulate which types of personal information companies can store, how this information can be collected, what notices to customers are required, and how such data must be protected. Data privacy laws vary by country and, in the US, by state. The issues can be complex and can be implicated across a broad spectrum of industries such as digital advertising, telecommunications, finance, and others. We counsel clients in these areas and guide them in understanding the changing legal landscape surrounding them.

​

 

Privacy Policies for Websites

​

We build privacy and cookie policies for our clients and advise them on website compliance relating to data privacy. More specifically, we advise our clients with regard to informing consumers what personal information is collected, used, and shared. We also advise our clients on the virtues of using methods such as footers, popup banners, and cookie banners to mitigate the risk of non-compliance. One area our advice focuses on is compliance when their website uses third party tracking pixels and the like. In recent years third party tracking pixels have caused headaches for companies who have been surprised to find themselves on the receiving end of lawsuits and consumer arbitrations alleging invasion of privacy, larceny, and other statutory and common law claims stemming from such commonplace website tools. To guard against these types of claims, risk mitigation strategies such as notification and click-through agreements can be key.

​

 

Lawsuits and Consumer Arbitrations Alleging Privacy Violations in Sharing Personal Data

​

Indeed, in the data privacy arena, strategies incorporating risk assessment and mitigation are critical. This is particularly the case in states such as California, which not only have passed stringent data privacy laws but whose courts have allowed plaintiffs to bring invasion of privacy claims using decades-old wiretapping statutes, to litigate what public facing websites are doing with their browsing data and the like (e.g., whether the website has third party tracking pixels that share a consumer’s personal data with third parties without the consumer’s knowledge). Often claimants start a consumer arbitration, which can tie companies up and force them to spend a significant amount of money defending against these types of claims. We actively defend our clients against these claims, advising them on the strengths and weaknesses of their case, providing critical advice regarding whether to defend or settle, and, on a broader level, addressing any non-compliance issues with their website as a longer term solution to the problem.

​