In today’s Internet-based global marketplace, communications, software and other technology services providers face real concerns related to customer privacy, data protection and network security. The modern importance of privacy protections continues to rise as the U.S. federal and state governments and regulatory authorities worldwide address privacy issues associated with new technologies. Agency enforcement actions, self-regulation and other forms of accountability are on the rise in the United States and across borders. One of the greatest risks is damage to a company’s reputation and its relationships with customers and business partners. Successful companies must navigate a complex web of rapidly evolving laws, regulations and policies at all levels of government, both domestic and international.
Our privacy professionals help clients implement best practices in information privacy and data security. We are aware of the potential for domestic and international enforcement actions for failure to protect consumer information. We have advised clients dealing with security breach and unauthorized disclosures of personal information, including state breach notification requirements. To ensure adequate protections, companies must work directly with vendors, employees, independent contractors and customers to obtain, use, secure and protect internal and external customer data. We also recognize the need to address legal and reputational risks while preserving an organization’s ability to use information in ways that achieve organizational goals. We work with clients to develop privacy practices that support business success.
Our clients are providers of Cloud communications, software as a service (“SaaS”), communications as a service (“CaaS”) and other software-enabled communications and collaboration services, application (apps) services & developers, and all forms of Internet Based (IP-based) services, including Voice over Internet Protocol (“VoIP”) and other hybrid & convergent communications service providers. We have regularly counseled our clients on the data security laws and regulations that govern the handling of financial information – under the Gramm Leach Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transaction Act (FACTA), Red Flags Rules — security breach disclosure laws; industry standards, such as PCI DSS; mandatory and voluntary compliance plans for the Fair Debt Collection Practices Act (FDCPA), TCPA and CAN-SPAM; and the FCC’s CPNI rules. We help clients realize business goals, manage risk, and comply with privacy and data protection laws.
The CommLaw Group’s information privacy, data security and consumer protection practice encompasses cloud computing, breach notification requirements, and privacy policies for companies that handle, collect and use personal data. See below for additional information regarding each of these distinct areas of our practice.
FREE WEBINAR: PRIVACY & SECURITY IN THE TRUMP ERA
Our Team and the Scope of Our Services
Our experienced attorneys provide creative, practical, specialized, legal counsel and support to enable companies to successfully manage their compliance risks. Specialized in representing all aspects of the communications sector, including providers of cloud communications, broadband and Internet access, and VoIP services, we carefully weave privacy and security in all aspects of the business to minimize its exposure while advising clients how to use information in ways that benefit the business and its customers. We offer comprehensive assessments of privacy and security requirements to ensure compliance with of the myriad U.S. federal and state laws, regulations and policies addressing privacy issues, including:
- FCC Customer Proprietary Network Information (“CPNI”) rules
- Telephone Consumer Protection Act (“TCPA”)
- CAN-SPAM Act
- Children’s Online Privacy Protection Act (“COPPA”)
- Federal Trade Commission (“FTC”) Fair Information Practices Principles
Other developments in federal laws and regulations supported by the FTC, as embodied in its 2012 Report to lawmakers and businesses: FTC Report: Protecting Consumer Privacy in an Era of Rapid Change
Our attorneys advise on structuring and implementing a compliant privacy policy and assist clients with measures designed to safeguard customer data, such as developing employee guidelines and standards and drafting customer notifications. In addition to general compliance, our firm can evaluate and propose a compliant solution for commercial advertising campaigns. Finally, our team can help minimize losses in instances of breach by assisting with customer notification measures.
We offer guidance on an array of privacy related matters, including the following:
- Development of data security plans
- Compliance with federal privacy mandates, including the FCC’s CPNI rules
- Drafting compliant privacy policies and website disclosures
- Developing TCPA and CAN-SPAM-compliant email and Internet commerce policies
- Handling data security breaches and privacy complaints
- Litigating and defending privacy-related cases before the FCC, federal and state courts, Administrative Law Judges, and the FTC
- Management of document retention policies
- Responding to law enforcement inquiries (wiretap and communications records) and reporting security breaches
- Compliance with state and local privacy mandates
- Reviewing and preparing contracts addressing privacy concerns with third-party vendors
- Creating FTC and FCC-compliant prepaid calling card disclosures
- Non-disclosure and non-compete agreements addressing the protection of confidential information
- Responding to legislative and regulatory initiatives
- Encryption of sensitive information
- Training employees and conducting security risk assessments
- Compliance with FTC’s “Red Flag” rules and federal privacy matters related to credit, debit and stored value transactions
- State and local laws and rules aimed at protecting consumer privacy
- International laws associated with consumer privacy, data protection and security, including the EU Data Protection Directive
- Payment Card Industry Data Security Standard (PCIDSS), which provides data security guidelines for companies processing credit card transactions and handling related transaction and account data
- Mandatory and voluntary compliance plans for the Fair Debt Collection Practices Act (FDCPA)
- Automated communications with cell phones and other wireless devices (TCPA)
- Stored Communications Act compliance plans
