Data Privacy and Security

• Drafting and updating website privacy policies and terms of use to reflect applicable state and federal privacy law requirements, including required consumer rights disclosures and data collection and sharing practices.
• Creating internal and external data management policies for sensitive and regulated data including protected health information, biometrics, and information of minors.
• Drafting consumer-facing transparency disclosures and consent notices for AI chatbots and automated decision-making tools to satisfy applicable AI disclosure and privacy law requirements.
• Advising clients on cookie consent requirements, online tracking and advertising pixel deployments, and associated liability exposure under state wiretapping and electronic surveillance statutes.
• Providing guidance on state and federal laws, best practices, and industry standards regarding the collection and use of sensitive and highly regulated personal data.
• Assisting organizations, including health care, financial services and technology companies, to establish, document, and enforce information security policies and procedures that comply with applicable laws (e.g., HIPAA, GLBA, COPPA, BIPA, etc.) and industry standards.
• Advising clients on international data protection frameworks, including the EU's General Data Protection Regulation (GDPR), Canada's PIPEDA, China's Personal Information Protection Law (PIPL), South Korea's Personal Information Protection Act (PIPA), and Singapore's Personal Data Protection Act (PDPA).
• Advising clients on required data use restrictions, confidentiality obligations, and security safeguards mandated under applicable federal and state privacy law and regulations.
• Helping clients operationalize compliance through scalable documentation and processes.
• Supporting privacy due diligence in strategic transactions.
• Advising on regulatory audit and assurance requirements, subprocessor oversight obligations, and cross-border data transfer compliance mechanisms.
• Preparing regulatory-compliant data processing addenda (DPAs) and vendor data processing terms to satisfy applicable privacy law requirements for third-party oversight and privacy program compliance.

Technology Transactions

• Preparing and negotiating technology agreements for clients in the areas of complex software and maintenance services, health information technology and services, and custom software development.
• Drafting and negotiating complex technology and commercial agreements, including software, SaaS, and professional services contracts.
• Negotiating complex data use agreements for extensive data and related analytics.
• Advising clients regarding the use and deployment of cloud services, colocation leases, and data centers.
• Developing internal open source software policies for clients’ legal and IT teams.
• Creating technology vendor due-diligence policies, including form contracts, onboarding materials, audit checklists, and negotiation playbooks.

Health Services Technology

• Preparing and negotiating software and services agreements for consumer- and business-facing products and services.
• Advising clients regarding the use of cloud service providers and protected health information.
• Advising covered entities and business associates regarding privacy and security obligations associated with the collection and use of protected health information, including internal governance and training.

Financial Services Technology

• Preparing and negotiating software and services agreements for consumer- and business-facing financial products and services.
• Advising clients regarding the use of cloud service providers and personal financial records.
• Advising covered entities regarding privacy and security obligations associated with the collection and use of personal financial information, including internal governance and training.