Legal advice on data, privacy and cybersecurity issues in the following contexts:
- Counseling. Product development, compliance, marketing, and data strategy
- Transactions. Commercial, venture financing, M&A, and public offerings
- Incident response. Planning and breach counseling
- Regulatory. Investigations, enforcement actions, and rulemaking
Legal expertise includes:
- Comprehensive privacy and data protection laws, including the California Consumer Privacy Act (CCPA) and other state laws in the U.S., and the General Data Protection Regulation (GDPR) in the UK/EU
- AI regulation
- Cross-border data transfers
- Wiretap and invasion of privacy laws
- Children's privacy laws, including Children's Online Privacy Protection Act (COPPA) Age-Appropriate Design Codes, and K-12 privacy laws
- Health privacy laws, including HIPAA and state consumer healthcare privacy laws
- Direct marketing laws, including TCPA, state telemarketing laws, CAN-SPAM Act and UK/EU ePrivacy rules
- Financial privacy laws, including Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA)
- State data broker laws
- FTC privacy and data security enforcement
- Data security and breach notification laws
- SEC cybersecurity rules and reporting requirements
Domain expertise in multiple data-driven technologies, including AI/ML, biometrics, adtech, AR/VR, autonomous vehicles, IoT devices, medical devices, cleantech, video games, and cloud/SaaS.