Data Privacy

Proactive Legal Services

The legal framework for data privacy, both domestically and abroad, is constantly evolving. Trying to stay on top of this shifting landscape involving changing technologies and legal requirements can be in a word – overwhelming. In the past year alone, state and federal regulatory changes have altered the legal and compliance obligations of many companies across a broad range of industries. Additionally, the courts have already begun to issue consequential opinions and decisions that have placed heightened liability on companies to protect sensitive personal data.

With growing concerns related to the use of data and an increasing role of data protection regulations, XPAN Law offers clients the guidance their business needs to navigate this range of domestic and international privacy regulations. Internationally, XPAN Law works with clients in the area of privacy compliance for the European Union General Data Protection Regulation (“GDPR”). Our attorneys are highly knowledgeable in other regional privacy regulations, including China, Japan, Australia, and Canada.

Domestically, XPAN Law works closely with clients in areas of national privacy regulations such as HIPAA and COPPA, as well as state-specific privacy regulations that include the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), Nevada’s Internet Privacy Law, Colorado’s Privacy Act (“CPA”), and Virginia’s Consumer Data Protection Act (“CDPA”).

We guide clients in understanding the technological, administrative, and legal implications of data protection regulations while also taking into account the unique blueprint and needs of their business. Our team works diligently across numerous industries and regions to help clients develop effective cross-border data management policies and practices.

Privacy Litigation

As each state develops laws to address consumer privacy, the collection, storage, use, and sharing/disclosure of personal data triggers a host of legal obligations for organizations. Couple that with the fact that these laws can be aggressively enforced though actions by government agencies, data subject access requests, and class action lawsuits, it becomes clear why companies need trusted, experienced legal advisors they can rely on to address any privacy or security issues.

XPAN Law attorneys have experience handling security and privacy data breaches that implicate both domestic and international laws. We lean on our years of legal experience and understanding of those legal obligations together with our technical know-how to provide our clients with trusted guidance. Our attorneys handle complex litigation matters and governmental investigations arising out of large, multi-layered data breaches.

XPAN Law can address complex class action matters and governmental investigations by the Office for Civil Rights (“OCR”), the United States Federal Trade Commission (“FTC”), the Federal Communications Commission (“FCC”), the European Union Data Protection Authorities (“DPA”), and by state attorneys general. Likewise, our firm prepares and advises clients in contract disputes with vendors and business partners that arise from data breaches.

XPAN Law assists clients in every industry, regardless of company size, to analyze and properly respond to privacy issues. We take pride not only in our responsiveness but also in being keenly aware of corresponding legal obligations and potential liabilities that surface under specific circumstances particular to that client or industry. We use our global knowledge and experience to address issues involving the European Union’s General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), Colorado’s Privacy Act (“CPA”), Virginia’s Consumer Data Protection Act (“CDPA”), and the Health Insurance Portability and Accountability Act (“HIPAA”), along with other federal and state regulatory schemes that include reporting requirements.

To the organizations we represent, XPAN Law is more than just a law firm. We are both trusted advisors and relentless legal advocates ready to assist a company’s board of directives or decision-makers with any cyber or privacy issues they come across. While we stress being proactive, our firm’s knowledge and strategic focus on data privacy, along with our skilled preparation and readiness, affords our clients a clear advantage in having experienced counsel that has the ability to immediately react to a data breach and respond thereafter to any consequential legal ramifications. XPAN Law does so with guided practical solutions unique to the blueprint of the business.

Legal Services

  • Data Categorization/Data Mapping
  • Regulatory Impact Assessments
  • Data Privacy Liability Insurance Assessments
  • Draft Data Privacy/Security Provisions
  • Draft Master Service Agreements
  • Negotiate Contracts
  • Draft Data Processing Addendums and Amendments
  • Address Regulatory Compliance Implementation
  • Create Internal Data Privacy Programs
  • Draft Internal Compliance Documents
  • Create Vendor Management Programs
  • Regulatory Audits
  • Data Privacy Breach Response
  • Contract Disputes
  • Shareholder Disputes
  • Class Action Litigation
  • Consumer Fraud Litigation
  • Tabletop Exercises
  • Data Privacy Impact Assessments

Regulations, Laws, and Statutes

  • Health Insurance Portability and Accountability Act (“HIPAA”)
  • California Consumer Privacy Act (“CCPA”)
  • California Privacy Rights Act (“CPRA”)
  • Colorado Privacy Act (“CPA”)
  • Virginia Consumer Data Protection Act (“CDPA”)
  • General Data Protection Regulation (“GDPR”)
  • Nevada’s Internet Privacy Law
  • New York SHIELD Act
  • New York Department of Financial Services Cybersecurity Regulation 500
  • Telephone Consumer Protection Act (“TCPA”)
  • State Data Breach Notification Laws

Recent Articles