resilience through diligence

Emerging personal technologies are leveraging biometric data such as fingerprints, iris scanning, and facial recognition for authentication and cutting-edge service offerings. Dorsey’s biometric experts assist clients in navigating emerging state and international privacy regulations and laws related to the collection and processing of biometric data to ensure that the deployment of these new technologies remains compliant with such legal protections. Dorsey’s team also has the pulse on emerging biometrics such as behavioral biometrics and the most recent case law in class actions regarding use of biometric data in business.

Doing business internationally requires a global data privacy compliance program.  Dorsey’s offices in the US, Asia, and the UK work together to advise our clients on the increasingly important international data protection laws and regulations.  Companies collecting, storing, and sharing personal information of their customers, users, or employees or transferring personal information across national borders rely on Dorsey to help navigate the technological and legal complexities of doing so.

With the EU’s General Data Protection Regulation (GDPR) the EU’s approach to data privacy and security expanded considerably.  This involves not only an expansion of companies’ obligations when they collect, store, and share personal data of people in the EU (or in other countries that adopted GDPR like the UK did after Brexit), but also an expansion of the number of companies subject to these requirements.  Any company doing business in any of the EU member states or in the UK, whether or not it has any physical presence in those countries, should be aware of the obligations imposed by the GDPR.  To comply with the GDPR’s requirements, companies collecting, storing or sharing personal information need to review and in many cases revise their internal data practices and privacy policies as well as their consent forms, contracts with vendors, and the information provided to employees and customers when personal information is collected.  Companies should also review and potentially need to improve measures to assure the security of personal data and to be prepared to respond to a security incident even more rapidly than in the past.

Dorsey’s Privacy and Social Media Practice Group has handled numerous types of GDPR and ePrivacy Directive-related advice and drafting, including:

• Data Processing Agreements and Addenda (DPA)
• Advising on Lawful Basis for Processing Data
• Privacy Statements
• Advising on Data Flows and Controls
• Security Policies
• Process Change Management
• Options for Obtaining User Consent When Required
• Preparing to and Responding to Data Subject Requests
• Vendor Management
• Contract Assessment
• Cookie Policies
• Cross-Border Data Transfer Options including Standard Contractual Clauses, Privacy Shield, and Binding Corporate Rules
• Advising on When Data Protection Officer (DPO) Required
• Monitoring Enforcement Activity and Guidance Released by European Data Protection Board (EDPB) and Member State Data Protection Authorities (DPAs)
• Records Retention Requirements and Restrictions
• Website Policies
• Third Party Security Management Program Development
• Advising on Email, Text and App-Based Marketing Restrictions and Requirements

Dorsey provides a full suite of services related to GDPR compliance and leverages its international team of privacy lawyers to ensure that clients receive the most up-to-date guidance on this hot topic.

Clients that deal with personal health information face increasing burdens to ensure that this information is protected. Dorsey’s expert health privacy team assists clients in navigating the sometimes complex requirements under HIPAA, including developing internal privacy practices, business associate agreements, incident response, and responding to OCR inquiries.

Dorsey’s expert team handles all manner of security incidents and data breaches. Read more about our Cybersecurity Practice Group and incident response capabilities.

Through its representation of a wide range of global clients, Dorsey has the experience and has a significant library of policies that it can custom tailor to any client requirements to meet emerging regulatory requirements or other best practices. Dorsey’s team of information security experts can also assist clients with navigating audits and certifications.

Privacy and security have become key parts of M&A transactions, especially where the target company has collected personal information or where there is an intent to integrate disparate systems post acquisition. Dorsey’s expert team regularly assists clients with conducting diligence on target companies and helping target companies navigate and prepare for diligence by acquiring companies.

Dorsey has mapped a variety of its offerings to the NIST Framework to enable clients to quickly assess how each offering fits into its own compliance and maturity objectives.

A coordinated data protection plan is the first critical step necessary to minimize the likelihood of theft or illegal use, expedite investigation if misuse occurs, mitigate the damages and maximize success in potential future litigation. Standards of corporate governance require that directors and executives understand the adequacy of cybersecurity measures and liability protections. Dorsey can help your business:

• Develop and implement critical data protection policies, procedures and response plans, including cybersecurity assessments, privacy policies, information security programs, identity theft protection programs, website and mobile apps terms of use, social networking policies and username protection
• Protect intellectual property (patents, copyrights, trademarks and trade secrets) across networks, websites, mobile apps and mobile devices
• Prepare and negotiate key agreements with employees and third parties for licensing, confidentiality, outsourcing and cloud computing

Dorsey’s world-class Technology Commerce group has significant expertise in drafting and negotiating cutting edge technology contracts. From purchase and licensing terms, to specific privacy and data security requirements, our clients save time and costs by leveraging our expert team to get to the heart of the matter with each transaction.

Third party risk is quickly becoming the hot button issue in information security and Dorsey’s expert team draws on years of experience in developing full third party risk programs to assist clients in both building their own third party risk programs and responding to inquiries from prospective customers. Dorsey’s clients are able to close deals faster by leveraging expert third party risk advice.

The importance of having a proper website and app privacy policy cannot be overstated. From enforcement actions in the United States by the FTC to a growing body of actions taken in Europe under the GDPR to preparing for Attorney General enforcement in California, website and app privacy policies have become a focal point of scrutiny for businesses’ privacy practices. Dorsey leverages its unique technical talent to conduct top-of-class diligence for its clients to ensure that their website privacy policies will meet these emerging requirements.