Frantz Ward’s Data Privacy & Security Practice Group navigates the complexities of data privacy and cybersecurity, helping businesses meet new and evolving data privacy compliance requirements, prepare for potential threats, and provide critical support during and after breaches. Our team offers a full range of data privacy and protection services, from developing privacy policies to ensuring compliance with state, federal, and international regulations.

Our experience includes advising on and preparing:

  • Agreements and policies related to privacy issues, including Bring Your Own Device policies, website privacy policies, e-commerce and e-communication policies, and related litigation
  • Privacy policies and website terms of use that comply with state, federal, and international regulations, such as GDPR, CPRA, and TDPSA
  • State, national, and international privacy and data security compliance counseling, risk assessment, and gap analysis
  • Administrative safeguards for data storage, permissions standards, and data management practices
  • Employee and vendor awareness training regarding data privacy and access issues
  • Insurance coverage and management of insurance claims, indemnification, and recovery
  • HIPAA compliance
  • Notice requirements in licensing and vendor agreements and response obligations after data breach or disclosure of proprietary and competitive information

Frantz Ward’s approach to data privacy ensures businesses are well-equipped to manage and protect their data in an increasingly complex regulatory environment. Our team includes an International Association of Privacy Professionals, Certified Information Privacy Professional-US (CIPP/US), and others with hands-on data breach response and management experience.

Representative Matters

  • Analyzed compliance with international, federal, and state data privacy laws regarding the use, maintenance, and storage of employees’ personally identifiable information held in employee records and health plan files for a plastics and resins manufacturer.
  • Conducted breach risk assessment and prepared data breach notices to affected individuals under applicable state law following improper access and disclosure of employee and customer personal information following a business email compromise event.
  • Prepared data breach notice to UK ICO following phishing attack against international manufacturing client.
  • Drafted privacy policies and data subject request implementation documents for an AI start-up to begin operations and sales activities in the EU to satisfy GDPR compliance obligations.
  • Review and negotiate data protection agreements and international data transfer agreements, and advise on international data transfer compliance obligations for an enterprise mobility service provider to collect and process personal data from multiple countries, including the EU, China, Australia, and Brazil.
  • Advise a multi-hospital system on its HIPAA compliance obligations, including preparing breach risk assessments for unauthorized use and disclosure of PHI and handling OCR complaints and investigations in connection with alleged HIPAA violations.