Photo

Information Privacy and Data Security Policies and Procedures

Home Email Page Print Page

No one privacy policy is appropriate for all clients. Published privacy policies must reflect actual practices of a company and must not over- or understate the commitments a company makes concerning its use of personal data. Procedures used by another company could be irrelevant to the practices or type of data that another company collects and uses for different purposes. The CommLaw Group helps our clients take the time to draft clear, complete, accurate privacy or security policies relevant to the applicable laws and the company’s activities concerning the collection and use of personal data.

At Marashlian & Donahue – The CommLaw Group, our privacy professionals help clients implement best practices in information privacy and data security. We are aware of the potential for domestic and international enforcement actions for failure to protect consumer information. We have advised clients dealing with security breach and unauthorized disclosures of personal information, including state breach notification requirements. To ensure adequate protections, companies must work directly with vendors, employees, independent contractors and customers to obtain, use, secure and protect internal and external customer data. We also recognize the need to address legal and reputational risks while preserving an organization’s ability to use information in ways that achieve organizational goals. We work with clients to develop privacy practices that support business success.

Our clients include providers of Cloud communications, software as a service ("SaaS"), communications as a service ("CaaS") and other software-enabled communications and collaboration services, application (apps) services & developers, and all forms of Internet Based (IP-based) services, including Voice over Internet Protocol ("VoIP") and other hybrid & convergent communications service providers. We have regularly counseled our clients on the data security laws and regulations that govern the handling of financial information – under the Gramm Leach Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transaction Act (FACTA), Red Flags Rules -- security breach disclosure laws; industry standards, such as PCI DSS; mandatory and voluntary compliance plans for the Fair Debt Collection Practices Act (FDCPA), TCPA and CAN-SPAM; and the FCC’s CPNI rules. We help clients realize business goals, manage risk, and comply with privacy and data protection laws.

Our experienced attorneys provide creative, practical, specialized, legal counsel and support to enable our clients to successfully manage their compliance risks. Specialized in representing all aspects of the communications sector, including providers of cloud communications, broadband and Internet access, and VoIP services, we carefully weave privacy and security in all aspects of the business to minimize its exposure while advising clients how to use information in ways that benefit the business and its customers. We offer comprehensive assessments of privacy and security requirements to ensure compliance with of the myriad U.S. federal and state laws, regulations and policies addressing privacy issues, including:

  • FCC Customer Proprietary Network Information ("CPNI") rules
  • Telephone Consumer Protection Act (“TCPA”)
  • CAN-SPAM Act
  • Children’s Online Privacy Protection Act ("COPPA")
  • Federal Trade Commission (“FTC”) Fair Information Practices Principles
  • Other developments in federal laws and regulations supported by the FTC, as embodied in its 2012 Report to lawmakers and businesses: FTC Report: Protecting Consumer Privacy in an Era of Rapid Change.

Our attorneys advise on structuring and implementing a compliant privacy policy and assist clients with measures designed to safeguard customer data, such as developing employee guidelines and standards and drafting customer notifications. In addition to general compliance, our firm can evaluate and propose a compliant solution for commercial advertising campaigns. Finally, our team can help minimize losses in instances of breach by assisting with customer notification measures.

We offer guidance on an array of privacy related matters, including the following:

  • Development of data security plans
  • Compliance with federal privacy mandates, including the FCC’s CPNI rules
  • Drafting compliant privacy policies and website disclosures
  • Developing TCPA and CAN-SPAM-compliant email and Internet commerce policies
  • Handling data security breaches and privacy complaints
  • Litigating and defending privacy-related cases before the FCC, federal and state courts, Administrative Law Judges, and the FTC
  • Management of document retention policies
  • Responding to law enforcement inquiries (wiretap and communications records) and reporting security breaches
  • Compliance with state and local privacy mandates
  • Reviewing and preparing contracts addressing privacy concerns with third-party vendors
  • Creating FTC and FCC-compliant prepaid calling card disclosures
  • Non-disclosure and non-compete agreements addressing the protection of confidential information
  • Responding to legislative and regulatory initiatives
  • Encryption of sensitive information
  • Training employees and conducting security risk assessments
  • Compliance with FTC’s “Red Flag” rules and federal privacy matters related to credit, debit and stored value transactions
  • State and local laws and rules aimed at protecting consumer privacy
  • International laws associated with consumer privacy, data protection and security, including the EU Data Protection Directive
  • Payment Card Industry Data Security Standard (PCIDSS), which provides data security guidelines for companies processing credit card transactions and handling related transaction and account data
  • Mandatory and voluntary compliance plans for the Fair Debt Collection Practices Act (FDCPA)
  • Automated communications with cell phones and other wireless devices (TCPA)
  • Stored Communications Act compliance plans