Privacy

Customer information has become one of the hottest commodities of the 21st century.   A number of recent federal and state privacy initiatives, as well as emerging international privacy laws, however, impact the ability to use, market and sell such customer information.  In order to help companies make sense of these new, complex and sometimes inconsistent privacy laws, our Technology and Intellectual Property Group provides counsel regarding a number of emerging privacy areas including:

  • The Gramm-Leach-Bliley Act
  • The Federal Trade Commission Act
  • The Health Insurance Portability and Accountability Act
  • The European Union Privacy Directive and Safe Harbor
  • The Fair Credit Reporting Act
  • The Children's Online Privacy Protection Act
  • Numerous state law initiatives 


We have assisted a wide variety of companies in identifying which privacy laws may impact their business.  In addition, we have drafted, and assisted in the implementation of, privacy policies for businesses ranging from Internet start-ups to established brick and mortar companies.  Furthermore, the Technology and Intellectual Property Group has presented a number of seminars to clients, as well as attorneys, in connection with these emerging privacy laws.

Client Alert: New Laws Prohibit Certain Data Transfers to China, Russia, Iran, and other Foreign Adversaries of the U.S.

In addition to its well-publicized move to prohibit more than 150 million Americans from posting embarrassing dance videos of themselves on TikTok (at least while it is Chinese-owned), the U.S. federal government recently adopted two significant federal data transfer prohibitions: (1) the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (“PADFA”); and (2) an Executive Order entitled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” Any organization that currently shares, or is considering sharing, sensitive personally identifiable information with anyone in China, Russia, Iran or any other “foreign adversaries” of the United States should determine whether these new prohibitions require them to change their data transfer activities.

Client Alert: Maryland Considers Adoption of Biometric Data Privacy Act

If your organization collects or uses, or is thinking about collecting or using, biometric data, such as fingerprints, DNA scans, retinal scans or voice prints obtained from customers, employees or others, the Maryland Biometric Data Privacy Act (the “Biometric Act”) currently under consideration by the Maryland General Assembly should be of keen interest to you. If adopted, House Bill 33  (“HB 33”) (and its companion, Senate Bill 169), would regulate “private entities’” which collect or possess biometric data and subject those who violate those regulations to investigations and claims brought by the Maryland Attorney General or private litigants.

Client Alert: Virginia Privacy Law Takes Effect January 1, 2023

With the passage of the Virginia Consumer Data Protection Act (Va. Code Ann. §§ 59.1-575 to 59.1-585) (“VCDPA”) on March 2, 2021, Virginia residents now have certain rights regarding their personal information, while business entities conducting business in Virginia may have new and additional data collection and protection obligations, if they meet certain jurisdictional thresholds.  
 
VCDPA will become effective on January 1, 2023.  As a result, organizations conducting business in Virginia may need to review their data collection and processing obligations for applicability of the VCDPA, and in preparation for the VCDPA taking effect.
 
This brief article is intended to highlight certain key requirements of the VCDPA.

Client Alert - The Colorado Privacy Act: Both Bark and Bite

Europe began the trend, California followed suit shortly after, and now the flood gates have opened.  Colorado is the third state that is on the brink of enacting a strict and extensive privacy law that has significant implications for a wide variety of organizations that control or process personal data.