Home About Us Practice Areas Resources News & Events Tools

Numerous other laws, regulations, rulings, and industry standards govern companies compliance requirements. Ensuring compliance with applicable requirements is essential to limit a company's exposure to numerous risks, including:

 

  • Fines, Penalties or Prison Terms - Failing to comply with regulatory requirements may result in fines and penalties. In certain countries, there might be prison terms.

 

  • Goodwill - Breaches of information privacy or security laws are likely to become known by the public. They will negatively affect the image and brand of the organization.

 

  • Financial Loss - Breaches of security can cause substantial losses to customers or employees (identity theft, time lost in seeking to reinstate accounts and service) as well as to the company itself (loss of customers, decreased customer loyalty, loss of sales, obligation to compensate customers and third parties for damages).

 

  • Stakeholder Loss – Privacy or security breach may have a negative impact on the stock of an organization, resulting in a loss of market capitalization.

 

  • Business Partner Confidence - Business partners who share personal information and become aware of the company's compliance problems may lose confidence and trust, and seek other business partners.

 

Prudent business practices call for periodic privacy and security risk assessment, in the regular course of business, or when major changes are being proposed to existing business activities in order to ensure compliance with applicable laws. The Federal Trade Commission and sectoral information security laws require most companies to have in place information security policies and procedures to ensure adequate protection of the personal information entrusted to them.

The Security Breach disclosure laws are requiring organizations to publicly disclose security breach incidents that might have caused certain sensitive personal information to be disclosed to unauthorized third parties. A company’s task in the event of such an incident is extraordinarily complex. Each of the State laws applies to a different set of data, and has different requirements. Ensuring compliance in an emergency is so complex that companies are well advised to prepare in advance incident response plans with a detailed outline of the activities and disclosures required.

Our extensive experience with the wide range of national and foreign information privacy and security laws allows us to assist clients with the myriad of the ever evolving laws that govern the collection, use, storage, transfer or destruction of personal data in the most efficient manner. We can assist with the following:

 

  • Compliance with Applicable Laws and Standards
    • Financial information privacy or security (Gramm Leach Bliley)
    • Healthcare information privacy or security (HIPAA)
    • Children Online Privacy Protection Act privacy or security (COPPA)
    • FACTA Document Destruction Regulations
    • EU Data Protection
    • E-Commerce Directives
    • Security breach disclosure laws
    • Document shredding laws
    • Industry standards, e.g. PCI
    • Privacy and Security Policies
    • Review of Privacy Policies and Security Policies to ensure compliance with applicable laws
    • Development of compliant policies

 

  • Security Breach Disclosure Laws
    • Responses to a data security breach
    • Preparation of security incident response plans

 

  • Anti Spam Laws
    • Review and analysis of advertising and e-marketing practices to ensure compliance with applicable anti-spam laws
    • Development, establishment and institutionalization of policies and procedures to achieve compliance with CAN SPAM Act

 

  • Document Management
    • Development of document retention programs and data destruction programs
    • Compliance with shredding laws

 

  • International
    • Counsel on compliance with foreign data protection laws
    • Develop personal information transfer procedures and agreements to address restriction to data transfer imposed by certain data protection laws
    • Safe Harbor self-certification program
    • Global privacy policies and procedures
    • Registration with foreign data protection agencies

 

  • Awareness and Training
    • Counsel and training on US and foreign privacy and security laws
    • Counsel on the effect of privacy and security laws on the creation, maintenance and use of databases of employee information, client information, marketing databases
    • Requirements and restrictions affecting inter-company and intra-company transfers of data, personal information transfer agreements
    • Requirements and restrictions affecting mergers & acquisitions, outsourcing and similar agreements
    • Training and education with respect to CAN SPAM Act compliance.
Services5
Outsourcing
Compliance
Information Security
Information Privacy
IT Contracts
IT LAW GROUP

Compliance

International

© 2008 IT Law Group.

All Rights Reserved.

Site Map
Privacy Policy
Notices
Directions
Home About Us Practice Areas Practice Areas Resources News & Events Tools