resilience through diligence
Overview
In a world dependent on information technology, networked operations and mobile connections, businesses face an increasing array of data privacy challenges. Dorsey offers a coordinated worldwide team that helps assess your data flows and guide compliance efforts. Increasingly, privacy compliance is table stakes in vendor relationships and mergers and acquisitions. Dorsey helps its clients negotiate contracts, draft privacy and security policies, and consider privacy challenges raised by cutting-edge technologies.
Top Infosec and Privacy Issues
Doing business internationally requires a global data privacy compliance program. Dorsey’s offices in the US, Asia, and the UK work together to advise our clients on the increasingly important international data protection laws and regulations. Companies collecting, storing, and sharing personal information of their customers, users, or employees or transferring personal information across national borders rely on Dorsey to help navigate the technological and legal complexities of doing so.
With the EU’s General Data Protection Regulation (GDPR) the EU’s approach to data privacy and security expanded considerably. This involves not only an expansion of companies’ obligations when they collect, store, and share personal data of people in the EU (or in other countries that adopted GDPR like the UK did after Brexit), but also an expansion of the number of companies subject to these requirements. Any company doing business in any of the EU member states or in the UK, whether or not it has any physical presence in those countries, should be aware of the obligations imposed by the GDPR. To comply with the GDPR’s requirements, companies collecting, storing or sharing personal information need to review and in many cases revise their internal data practices and privacy policies as well as their consent forms, contracts with vendors, and the information provided to employees and customers when personal information is collected. Companies should also review and potentially need to improve measures to assure the security of personal data and to be prepared to respond to a security incident even more rapidly than in the past.
Dorsey’s Privacy and Social Media Practice Group has handled numerous types of GDPR and ePrivacy Directive-related advice and drafting, including:
- Data Processing Agreements and Addenda (DPA)
- Advising on Lawful Basis for Processing Data
- Privacy Statements
- Advising on Data Flows and Controls
- Security Policies
- Process Change Management
- Options for Obtaining User Consent When Required
- Preparing to and Responding to Data Subject Requests
- Vendor Management
- Contract Assessment
- Cookie Policies
- Cross-Border Data Transfer Options including Standard Contractual Clauses, Privacy Shield, and Binding Corporate Rules
- Advising on When Data Protection Officer (DPO) Required
- Monitoring Enforcement Activity and Guidance Released by European Data Protection Board (EDPB) and Member State Data Protection Authorities (DPAs)
- Records Retention Requirements and Restrictions
- Website Policies
- Third Party Security Management Program Development
- Advising on Email, Text and App-Based Marketing Restrictions and Requirements
Dorsey provides a full suite of services related to GDPR compliance and leverages its international team of privacy lawyers to ensure that clients receive the most up-to-date guidance on this hot topic.
A coordinated data protection plan is the first critical step necessary to minimize the likelihood of theft or illegal use, expedite investigation if misuse occurs, mitigate the damages and maximize success in potential future litigation. Standards of corporate governance require that directors and executives understand the adequacy of cybersecurity measures and liability protections. Dorsey can help your business:
- Develop and implement critical data protection policies, procedures and response plans, including cybersecurity assessments, privacy policies, information security programs, identity theft protection programs, website and mobile apps terms of use, social networking policies and username protection
- Protect intellectual property (patents, copyrights, trademarks and trade secrets) across networks, websites, mobile apps and mobile devices
- Prepare and negotiate key agreements with employees and third parties for licensing, confidentiality, outsourcing and cloud computing
Experience
Client Achievements
Proactive Prevention
- A Fortune 500 multi-national corporation turned to Dorsey to assess its privacy and data protect policies and procedures, and completely update them. Our attorneys worked with a multi-dimensional in-house team to determine data collection, flow, retention and destruction; access protocols; EU-data transfers; certification requirements; and ongoing compliance monitoring.
- A Dorsey cybersecurity team analyzed potential privacy and data protection issues associated with a risk management solutions company’s potential acquisition of a mobile app authentication service.
- Dorsey counsels a nationwide retailer on the constantly evolving best practices for structuring communications to customers of its pharmacy operations.
- Dorsey’s privacy group drafted a complex set of website terms for use in 21 countries, with significant user-generated content issues, using its knowledge of international privacy laws to provide insight and practical advocacy.
- Our team assisted a Fortune 100 insurance company in drafting and implementing an internal social networking policy.
- Dorsey regularly advises clients with European online presence on how they can benefit from immunity from liability in relation to user-generated content under the eCommerce Directive and on the pit-falls presented by the Privacy in Electronic Communications legislation in relation to matters, such as the use of cookies in websites and the challenges of targeted advertising.
- We have deep experience in registering both generic and country code domain names for clients and in counseling clients on managing their domain name portfolios to deter cybersquatters.
Compliance
- A Native American gaming organization turned to Dorsey for assistance in developing assessment mechanisms to ensure compliance with guidelines and regulations for data and privacy protection and reporting. This project included assessment of applicability of state breach laws to a sovereign tribe, potential waiver consequences associated with voluntary compliance and mechanisms for ongoing assessment and improvement of policies and procedures.
- Dorsey served as general counsel to a public-private Health Information Exchange formed to facilitate the exchange of health information electronically in compliance with HIPAA/HITECH.
- Working with app developers, our privacy compliance professionals have counseled on designing apps in compliance with the FTC’s endorsement guidelines.
- Dorsey has extensive experience with counseling clients on complying with and drafting policies concerning the Digital Millennium Copyright Act, the CAN-SPAM Act, the Communications Decency Act, the Children’s Online Privacy Protection Act, online behavioral advertising principles, and other internet-related laws.
- Dorsey has helped numerous app developers design online advertising platforms and draft user rules in compliance with the FTC’s endorsement guidelines.
- Our Financial Services privacy lawyers develop and audit internal privacy procedures to address both Graham-Leach-Bliley Act compliance and customer expectations for their personal financial information.
- Dorsey Financial Services privacy practitioners also assist in dealing with subpoenas and other legal processes served on clients that trigger Graham-Leach-Bliley issues.
Industries & Practices
Consumer Financial Services
Explore This Practice View client achievements related to this practice View resources related to this practiceCorporate Governance & Compliance
Explore This Practice View client achievements related to this practice View resources related to this practiceHealthcare Transactions & Regulations
Explore This Practice View client achievements related to this practice View resources related to this practiceIntellectual Property Litigation
Explore This Practice View client achievements related to this practice View resources related to this practiceTrademark, Copyright + Advertising
Explore This Practice View client achievements related to this practice View resources related to this practice- Consumer Financial Services
- Corporate Governance & Compliance
- Cybersecurity
- Healthcare Transactions & Regulations
- Intellectual Property Litigation
- Labor & Employment
- Technology Commerce
- Trademark, Copyright + Advertising
featured resources

