Varnum’s leading Data Privacy and Cybersecurity Practice Team is comprised of technology focused attorneys with extensive in-house legal experience that we leverage to bring clients actionable legal and business advice. Our team includes former lead privacy counsel from the likes of General Motors, Rivian and Meta (f/k/a Facebook, Inc.), as well as Certified Information Privacy Professionals (CIPP).
From large public institutions to private companies and startups, we assist organizations with the development of sound data privacy and security practices, along with real-time advice to address the evolving regulatory environment. Our attorneys work with clients in a range of industries including autonomous and connected vehicles, as well as the consumer data marketplace.
We routinely advise clients on the development and implementation of compliance programs built to address the cross section of the various privacy regimes, including,
- State privacy laws, including the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Delaware Personal Data Privacy Act (DPDPA), the Montana Consumer Data Privacy Act (MCDPA), the Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA), the Oregon Consumer Privacy Act (OCPA), the Tennessee Information Protection Act (TIPA), the Texas Data Privacy and Security Act (TDPSA), the Utah Consumer Privacy Act (UCPA) and the Virginia Consumer Data Protection Act (VCDPA), as well as state privacy laws in Indiana, Iowa and New Jersey
- Global privacy laws, including Europe’s General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and Brazil’s General Data Protection Law (LGPD)
- Financial privacy laws, including the Gramm-Leach-Bliley Act (GLBA) and the California Financial Information Privacy Act (CalFIPA)
- Federal Trade Commission safeguards
- Health care privacy laws, including Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) and Protected Health Information (PHI) data breach responses
- Biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA)
- Children’s privacy laws, including the Children’s Online Privacy Protection Act (COPPA) and California’s Age Appropriate Design Code
Further, we provide day-to-day counsel on all manner of privacy and cybersecurity matters, including:
- Data privacy policies and consumer-facing statements
- Drafting and negotiating complex data sharing and licensing agreements involving personal and de-identified information
- Public policy and legislative advocacy
- Privacy-related claims and disputes
- Investigations and e-discovery privacy management
- Cybersecurity guidance and internal policy development
- Data security breach preparedness and compliance, including working with forensic companies and insurers as well as developing internal and external communications
- Data breach response and assessment
- Employee privacy and data handling training
- Due diligence and warranty negotiation for mergers and acquisitions as well as cross-border data transfers
- Records management and data retention policies
- Class action defense, including lawsuits alleging unauthorized use of a pen register, trap and trace device, pixel, cookie or other tracking software
