Email this page Print this page Print to PDF

Privacy & Data Security

Our Privacy & Data Security Team is designed to effectively and efficiently serve companies of all sizes, from startups to Fortune 500, and across industry sectors at every stage of the data lifecycle. Our dedicated team offers experienced guidance in multinational, federal and state privacy regimes, including GDPR and CCPA.

Our experienced and technologically savvy attorneys provide full-service representation to companies building or utilizing emerging technologies such as AI, Internet of Things devices, biometrics, and employee tracking to market entry and beyond. Clients operating in highly regulated industries benefit from our slate of attorneys with decades of experience in resolving industry-specific privacy concerns, including HIPAA considerations, consumer financial data implicating Graham-Leach Bliley applicability, and marketing practices under CAN-SPAM and the TCPA.

From preliminary risk assessment of privacy and data security policies to breach preparedness and response, our Privacy & Data Security Team crafts custom strategies to assist clients in effectively and efficiently minimizing legal and reputational risk related to the collection, use, storage and loss of sensitive data.

Compliance Advice and Implementation

Design privacy law compliance strategies to fit your business plan.
Create effective privacy notices/policies, terms of use, and end-user licensing agreements for web, IoT, AI, and mobile application implementation.
Prepare startups for market via website readiness and internal privacy policy development.
Prepare legitimate interest assessments and risk assessments, as necessary, to achieve GDPR and/or CCPA compliance.
Develop internal policies to control and manage sensitive data, select data processing vendors, and respond to consumer requests to exercise their rights under the GDPR and/or CCPA.
Provide corporate training from C-Suite to staff on internal protocols and best practices for privacy law compliance and security risk mitigation.

Data Privacy Considerations in Corporate Transactions

Data protection addenda (DPA) due diligence and drafting.
Draft and negotiate commercial contracts, including SaaS agreements, cloud-based service contracts, DevOps and subscription services agreements, and other technology product and service offerings.
Analysis and risk assessment of existing third-party contracts with technology and marketing vendors.
Merger and acquisition due diligence regarding data as a transferable asset, consumer and employee data privacy considerations, and use and transfer of technology.

Data Breach Strategy Development and Response

Assist in the implementation of a data breach response plan.
Coordinate breach assessments and action plans.
Help coordinate with local and national law enforcement personnel when necessary.
Ensure compliance with state, national, and international breach notification laws.
Represent clients in regulatory investigations and civil lawsuits that arise from data breach events.

Proactive Data Security Counseling

Compliance with state, federal, and international privacy and data security regulations, including GDPR and CCPA.
Craft data breach response plans and develop and facilitate data breach table top exercises.
Advise officers and directors on disclosure obligations regarding cybersecurity and privacy matters.

Related Practices & Industries

Blockchain & Cryptocurrency
Commercial Litigation
Corporate, Securities, and M&A
Electronic Discovery, Technology & Strategy
Finance & Banking
Government Law
Intellectual Property Transactions
Investigations, Compliance & White Collar
Labor, Employment & Benefits
Senior Living & Long Term Care
Startups & Venture Capital
Transportation

Want to stay up-to-date on Privacy & Data Security matters?

Get to Know Us

Experience

California Privacy Compliance

Represented multi-unit and multi-state employer in preparation of consumer-facing and employee-facing general privacy policies, terms and conditions, privacy documentation and privacy policy implementation.

Financial Institution’s Privacy Compliance

Represented a national bank in preparation of the privacy compliance documentation to comply with CCPA/CPRA and GLBA.

GDPR Compliance

Represented a worldwide manufacturer of electronic components in preparation of their GDPR-based privacy documentation.

U.S. Privacy Compliance

Represented international apparel company in preparation of their privacy policies, terms and conditions and other privacy-related documentation to comply with CCPA/CPRA.

Data Security Breach

Assisted nation-wide company with data security investigations, reporting and preparation of their data security breach notifications.

Employment Documentation

Aid construction company with drafting employment-facing policies including a notice of collection, privacy notice and various employment handbook policies (including use of artificial intelligence and the duty to secure data).

Vendor Contract Review

Assist nonprofit in review and revision of privacy language as required by CCPA and OCPA.

Ransomware Attack

Represented skilled nursing facility with respect to a ransomware incident, including investigation of incident, HIPAA breach analysis and notice issues, and appropriate mitigation and response issues.

HIPAA-Related Agreements

Represented national employer in preparation of agreement with medical university for use where medical student interns receiving certain training experiences on client employer’s premises, to make sure that HIPAA-based privacy duties are met.

HIPAA Issues Implicated by Witness Subpoena

Represented national senior living and long term care provider with respect to HIPAA and other privacy concerns implicated when its medical staff was subpoenaed to testify as a third-party witness in a lawsuit. Negotiated with counsel in the preparation and entry of an appropriate Protective Order, including appropriate procedures to comply with HIPAA and otherwise comply with privacy rights and duties.

Social Media Policy Development and Implementation

Prepared training materials for use by professional trade group organization with respect to development, implementation and enforcement of appropriate social media policies for HIPAA-covered entities’ and other care providers.

HIPAA Compliance / Online Health Application

Prepared HIPAA and other privacy related policies for developer of online-accessed health-related application.

Our Insights

July 18 & August 1, 2024Event / CLE
Scaling Up? Important Lessons and Legal Insights for Your Startup's Growth
In Portland & Seattle!
May 20, 2024Event / CLE
My Health My Data
Washington Health Care Association | Spokane, Washington
May 20, 2024Event / CLE
Artificial Intelligence in Long Term Care and Senior Housing
Washington Health Care Association | Spokane, Washington
May 6, 2024Publication
Oz Looks a Little Scary as State and Federal Law Look to Regulate the AI Wizard in Employment
Labor, Employment & Benefits Legal Update
March 14, 2024News
Bragun Featured in King County Washington Women Lawyers Newsletter
In the News
February 20, 2024Publication
Navigating Privacy Compliance: Will Your Business Be Subject to Washington’s My Health My Data Act? The Answer Might Surprise You.
Privacy & Data Security Legal Update
January 31, 2024Publication
Oregon Consumer Privacy Act: Determining Whether Your Organization Collects the Requisite Amount of Data
OCPA Series
December 6, 2023Publication
Oregon Consumer Privacy Act: Time to Get Ready, But Does It Apply to My Organization?
OCPA Series
October 23, 2023News
Zarelli Earns CIPP/US Certification
Firm Announcement
October 2, 2023News
Bragun Earns CIPP/US Certification
Firm Announcement
September 18, 2023News
Bragun Joins Privacy & Data Security and Creditors' Rights & Bankruptcy Teams
Firm Announcement
February 25, 2021Event / CLE
What the Biden Administration Means for Startups
Lane Powell & Geekwire | Virtual
May 12, 2020Publication
Rampant Identity Theft Discovered in Unemployment Claims: Steps Washington Employers Should Take Now
COVID-19 Resource
April 22, 2020Publication
Adapt to Thrive: Privacy and Data Security Considerations for Taking Business Online in Response to COVID-19
COVID-19 Resource
March 23, 2020Publication
Privacy & Data Security in a WFH Environment
COVID-19 Resource
January 14, 2020Event / CLE
Cyber Security & the Maritime Industry: How to Address Privacy & Data Security
Maritime Commerce Club | Portland, Oregon
November 4, 2019Event / CLE
Let’s Get Digital: Privacy & Data Security Best Practices in the Workplace
Oregon Bureau of Labor and Industries 35th Annual Employment Law Conference | Portland, Oregon
May 1, 2019Event / CLE
36th Annual ‘Best Practices for Best Employers™’ Labor & Employment Seminar
Lane Powell Seminar | Portland, Oregon
March 14, 2019Event / CLE
Travel Risk Symposium
Key Travel | Atlanta
November 1, 2018Event / CLE
Privacy & Data Security in the Workplace: Issues and Best Practices for Employers
Bureau of Labor & Industries | Portland, Oregon
October 23, 2018Event / CLE
36th Annual ‘Best Practices for Best Employers™’ Labor and Employment Seminar
Lane Powell Seminar | Seattle
September 13, 2018Event / CLE
Equal Employment Opportunity Commission Seattle Seminar
EEOC Training Institute | Bellevue, Washington
June 6, 2018Event / CLE
35th Annual ‘Best Practices for Best Employers™’ Labor & Employment Seminar
Lane Powell Seminar | Portland, Oregon
May 20-23Event / CLE
2018 LeadingAge Oregon Annual Conference
LeadingAge Oregon | Redmond, Oregon
March 1, 2018Event / CLE
‘Lucky to be in LTC’ Spring Expo
Oregon Health Care Association | Eugene, Oregon
February 1, 2018Publication
Cyber-Threat Reduction: How Employee Policies and Practices Can Help Senior Living and Long Term Care Employers Bolster Privacy and Data Security
PALS Advisor
November 6, 2017Event / CLE
Privacy and Data Security for Employers: Cyber Threats in Your Workplace
Oregon Bureau of Labor and Industries | Portland, Oregon
October 17, 2017Event / CLE
35th Annual ‘Best Practices for Best Employers’ Labor and Employment Seminar
Lane Powell Seminar | Seattle
July 12, 2017Publication
Health Information Data Security: Low-Tech Action in the Trenches to Thwart High-Tech Threats
Oregon Business Magazine
May 12, 2017Event / CLE
Succession Planning and Policies
World Law Group | Warsaw, Poland
May 11, 2017Event / CLE
Social Media in Senior Living: The Intersection of Marketing and Privacy
Oregon Health Care Association | Portland, Oregon
April 3, 2017Publication
Ransomware and Long Term Care: How the Threat of Holding Patient Records Hostage Impacts HIPAA Analysis
PALS
December 21, 2016Publication
OCR’s 2016 Ransomware ‘Guidance’: A Health Care Provider’s New Best Friend?
Health Care Liability & Litigation
November 7, 2016Publication
Ransomware Cyber Security Threat Tests Providers’ Defenses
Provider Magazine
May 5, 2016Publication
Increased Ransomware Attacks and Phase 2 HIPAA Audits: Two Closely-Related Issues for Long Term Care Providers
Lane Powell White Paper
April 8, 2016News
Panama Papers: A History of Tax Evasion From Ancient Rome to the French Revolution to 19th-Century New Jersey
In the News

Before proceeding, please note: If you are not a current client of Lane Powell PC, please do not include any information in this email that you or someone else considers to be confidential or secret in nature. Prior to the establishment of a lawyer-client relationship, unsolicited emails from non-clients containing confidential or secret information cannot be protected from disclosure.