Internet Privacy and Data Security Lawyer
Hinch Newman assists Internet marketers and companies of all sizes with data privacy and security issues. The firm advises clients with preventive privacy compliance issues and defending regulatory investigations pertaining to alleged unfair data security practices.
An online privacy and cybersecurity law firm, Hinch Newman assesses clients' domestic and global data collection, use and disclosure practices. The firm drafts website privacy policies, conducts advertising and disclosure clearance reviews, develops and implements corporate information security protocols, drafts commercial marketing agreements, and keeps clients abreast of emerging state, federal and international data use legal requirements.
The firm also possesses significant experience with tracking and online behavioral marketing technology platforms utilized by Internet marketers in conjunction with advertising campaigns.
Exceptional Coverage and Foundational Understanding
The firm’s practice provides exceptional coverage of substantive areas of state, federal and international privacy and data security laws, including various legal structures, digital advertising and marketing, behavioral advertising, geo-location data and social media issues.
We counsel clients on laws and regulations governing GDPR-requirements, information management, data inventory, data sharing and transfers, data collection and retention, user preference management, privacy program development, written information security plans, data breach notification and incident response programs, workplace privacy, online privacy and privacy policies, vendor management, standard contract provisions, international data transfers, U.S. Safe Harbor and Privacy Shield, Children’s Online Privacy Protection Act (COPPA), Telemarketing Sales Rule, Telephone Consumer Protection Act (TCPA), Do Not Call registry (DNC), FTC and state attorneys general privacy enforcement actions, private rights of action, unfair and deceptive trade practices, and other theories of legal liability.
See the FTC’s Privacy & Data Security Update (2018), here.
Children’s Online Privacy Protection Act (COPPA), Telemarketing Sales Rule, Telephone Consumer Protection Act (TCPA), Do Not Call registry (DNC), FTC and state attorneys general privacy enforcement actions, private rights of action, unfair and deceptive trade practices, and other theories of legal liability.
Hinch Newman knows how to apply privacy laws and regulations, from jurisdictional laws and consumer protection statues to legal requirements for handling and transferring data. In addition to data privacy legal regulatory compliance, this substantive knowledge enables the firm to represent clients in a broad spectrum of cybersecurity-related litigation matters.
The firm is skilled in handling complex privacy-related litigation matters, including allegations of “unfair and deceptive” business practices, Telephone Consumer Protection Act class action defense and various common law privacy torts.
Managing Digital Legal Privacy Risks
Reassuring customers that your Internet business maintains a culture of compliance - that it takes privacy and data protection seriously - goes a long way towards gaining a competitive advantage in today's online marketplace. Hinch Newman counsels clients on the importance of treating consumers' information properly.
The firm provides insight and advice regarding the privacy risks that may arise and suggests ways for web-based businesses to collect and robustly safeguard personal data in a way that is fair and promotes greater trust and relationships with consumers. Failing to take privacy and data security into proper account can lead to negative press, government investigations, fines, security breaches, consumer complaints and costly litigation.
There are inherent risks when gathering information from end-users. This is particularly true with regard to using "cookies" to track online activity, IP addresses to target content at a particular individual, and "sensitive information," such as financial account numbers, Social Security numbers, and medical records.
Further, if you collect information from children who visit your website, you should consult with a privacy law attorney at Hinch Newman immediately so that we can advise you on the Federal Trade Commission's Children's Online Privacy Protection Act, as well as the “do’s and dont’s” with regard to current laws pertaining to sensitive information.
Data privacy lawyer Richard B. Newman is a member of the International Association of Privacy Professionals and regularly consults with clients about the design and implementation of data privacy and security procedures that are valid worldwide.
Recent privacy and data security concerns have also arisen in the context of location-based marketing strategies like "geo-tagging." Initial privacy concerns over the ability for others to check the location of an individual without their consent is cause for some concern and should be clearly understood by those in the Internet marketing business.
Information Risk Minimization
The firm works closely with clients on multiple aspects of information risk management, and privacy and data security legal and regulatory compliance. The foregoing includes issues such as data asset inventories, vendor assessment, data use disclosures and information governance.
We have also represented tech entrepreneurs against government investigations related to malicious cyber-related incidents, and work with clients to implement marketing solutions, consumer-facing disclosures and marketing materials.
You need an experienced Internet privacy and data security attorney who can assist with specific online marketing and eCommerce measures to protect and manage sensitive information. If the information falls into the wrong hands, it can lead to fraud or identity theft. The cost of a security breach can be measured in the loss of your customers' trust, which makes safeguarding personal information just plain good business.
Internet marketers that partner with vendors, service providers or other marketers are faced with privacy and data security compliance risks. Where regulatory protocols exist, they must be incorporated into business operations, monitored and adhered to. State-specific requirements such as those enacted in California, Colorado, Massachusetts, Nevada and Vermont must be afforded special attention as all have pioneered privacy and cybersecurity legislation.
Privacy lawyer Richard B. Newman provides counsel on the GDPR, CCPA, and other consumer privacy legislation.
California's Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et seq. requires U.S. companies to implement a number of privacy initiatives designed to provide California residents landmark data privacy rights in the United States.
With limited exception, the CCPA applies to "businesses" that collect and sell consumers' “personal information” or disclose personal data for business purposes. The California law contains expansive definitions for key terms and considerations, including, what business are covered under the law, who qualifies as a "consumer," what constitutes a "sale," and what constitutes "personal information.” The CCPA does not apply to information that is subject to other federal regulation, including, the Health Insurance Portability and Accountability Act, the Gramm-Leach Bliley Act, the Fair Credit Reporting Act or the Drivers’ Privacy Protection Act. The CCPA, however, does apply to entities covered by these laws to the extent they collect and process other personal information about consumers.
At its core, the CCPA provides consumers with a number of rights, including a right to transparency about data collection, a right to request the deletion of their information, a right to opt-out of having their data sold and an opt-in requirement for minors. Without limitation, consumers have the right to know whether their personal information is being collected, what information is being collected, for what purposes it is being used and/or sold, the categories of sources from which that information is collected, and the categories of third party transferees with whom the information is shared.
The CCPA also contains provisions that prohibit businesses from discriminating against consumers for exercising their rights, including by charging consumers that opt-out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data.
A deliberate and strategic approach is complying with the CCPA is of paramount importance for digital marketers. Consult with an experienced privacy law attorney to address issues such as, without limitation, updating privacy notices and policies, updating data inventories and business processes, identifying what categories of personal information are transferred to third parties, implementing appropriate protocols to ensure that consumers are afforded applicable statutory rights and updating third party vendor and client contracts. In situations where third parties have paid for consumer data, processes must be implemented in order to address opt-out and deletion requests.
Additionally, employees handling consumer inquiries are required to be trained with respect to the CCPA's requirements.
The CCPA also contains a data broker registration component. Those that qualify as "data brokers" are required to register with California’s Attorney General for a fee and provide various pieces of information that will be included on a publicly available directory, such as the data broker’s name and primary physical, email and Internet website addresses. Data brokers will be required to register by January 31 of each year.
Vermont is the only other state in the nation for a data broker registration law. The Vermont law also requires "data brokers" to register annually with the Vermont Attorney General and pay an annual registration fee. It requires, without limitation, the disclosure of information regarding practices related to the collection, storage or sale of consumers' personal information, as well as practices, if any, for allowing consumers to opt-out of the collection, storage or sale of personal information. The law also requires data brokers to develop, implement and maintain a written, comprehensive information security program that contains appropriate physical, technical and administrative safeguards designed to protect consumers’ personal information.
General Data Protection Regulation (GDPR) Compliance
The General Data Protection Regulation is the framework for European Union privacy and data protection. It applies to companies with an establishment in the EU, as well as those outside the EU that offer products and services to EU data subjects or monitor the behavior of EU data subjects, and consequently, process personal data of EU data subjects. For those that are covered by the GDPR, compliance is essential.
You need an experienced privacy and data security lawyer with a solid understanding of the scope of the GDPR, how “personal data” is defined, the enhanced rights for data subjects, notice requirements, privacy by design, accountability, breach notification, penalties, and requirements for data controllers and data processors. Hinch Newman works with clients to evaluate whether they are subject to the new rules, how they can comply, current privacy and data protection policies and procedures, gaps remediation strategies and best practice implementation.