- Data Privacy & Cybersecurity -

Brian Elliott is a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals and provides broad range of legal services in data privacy and cybersecurity.  

Preventative Consulting and Preparation. We work with our clients to create and implement comprehensive cybersecurity programs and develop actionable data privacy policies including data retention and data destruction policies, privacy policies, sensitive data handling protocols, vendor checklists, and more. We perform legal cybersecurity audits, review contracts for compliance with CCPA and GDPR and assist our clients in response readiness and stress testing internal policies. We develop information security and data privacy playbooks and provide clients with tools to achieve and maintain data security compliance.

Transactional. Brian Elliott assists his clients across industries prepare, review and negotiate commercial agreements involving data privacy issues, including Data Processing Agreements, Information Security Requirements, Business Associate Agreements, Master Service Agreements,  SaaS Agreements, Technology Service Contracts and many other Vendor and Service Provider Agreements. Additionally we provide support in Mergers and Acquisitions due diligence related to data privacy and regulatory compliance issues. 

Response Management. We provide guidance for Data Subject Access Requests (DSARs). We apply a rapid response project management approach to security breach incident responses and can assemble a team of privacy focused legal professionals to provide a quick assessment of the data incident, rapid review of legal agreements to understand contractual and regulatory obligations across jurisdictions, and provide an actionable plan to maintain compliance with data privacy laws, including crafting required notifications and managing communications with media and government, while mitigating damage and protecting the company from further liability. 

Comprehensive Compliance. We assist our clients ensure ongoing compliance with:  the  General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the 21st Century Cures Act, the Family Educational Rights and Privacy Act (FERPA), Computer Fraud and Abuse Act (CFAA),  the Video Privacy Protection Act (VPPA), the Fair Credit Reporting Act (FCRA), the Fair Debt Collection Practices Act (FDCPA), the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), the Gramm Leach Bliley Act (GLBA), the Stored Communications Act (SCA), the Telephone Consumer Protection Act (TCPA) and the biometric, video processing, artificial intelligence and consumer protection laws of all 50 states.