We provide advice and documentation to assist companies manage their privacy obligations and set up defenses against claims relating to protected information. Such procedures are useful to protect the company from claims of third parties, protect the companys trade secrets, client relationships, employee morale and performance, supplier trustworthiness and ultimately the companys goodwill and reputation.
Our services include consultations, advice, drafting and assistance in self-assessment for compliance with privacy, confidentiality and information security throughout the global enterprise.
- Employment policies, including procedures and protocols during the process of hiring, evaluating and terminating employment.
- Contracting policies, procedures and terms, including direct obligations of suppliers and indirect obligations of sub-suppliers in the global supply chain for goods and services.
- Information technology policies, to provide access to confidential information on a need-to-know basis, while not making any representations about the safeguarding of consumer information, failing to employ reasonable and appropriate security measures to protect the information they store.
- Marketing policies, including website usage policies, contracting with search-engine optimization companies and making promises that the company would take reasonable steps to protect consumers sensitive information, but fails to do so.
- Emergency planning for incident response in case of security breach, whether internal or external, including notification of authorities, public relations management, forensic evidence management, identity restoration, business continuity planning and disaster recovery and claims against employees engaged in cyber-extortion through, for example, access without authorization or exceed authorized access to a protected computer under the federal Computer Fraud and Abuse Act, 18 U.S.C. 1830, as amended. Having an incident response protocol defined in advance is essential to mounting a prompt and effective response to any security breach.
- Transborder data flows, including foreign-sourced protected personal data coming from the European Union to the United States under the FTC-DOC-EU Safe Harbor program that requires self-certifying companies to respect the seven core requirements of the EU Data Protection Directive:
- Notify individuals about the purposes for which information is collected and used;
- Give individuals the choice of whether their information can be disclosed to a third party;
- Ensure that if it transfers personal information to a third party, that the third party also provides the same level of privacy protection;
- Allow individuals access to their personal information;
- Take reasonable security precautions to protect collected data from loss, misuse or disclosure;
- Take reasonable steps to ensure the integrity of the data collected; and
- Have in place an adequate enforcement mechanism.
- Consumer protection policies, including compliance with security breach notification statutes, Federal Trade Commission regulations, health data protection under HIPAA, common law tort and other legal frameworks.
As a local U.S. law firm, we have worked with various foreign law firms who advise on foreign law. We do not advise on foreign laws but will work with the foreign lawyers of your choice.
© Copyright 2004-2008 Bierce & Kenerson, P.C.SM.
Attorney Advertising.
Privacy Policy | Disclaimer | Copyright Notice | Site Map