We counsel a wide range of companies about data privacy and security terms in commercial contracts. Our clients include cloud computing companies hosting third party data from around the world.
This is a volatile and rapidly evolving area, given the increasing (and inconsistent) array of potentially applicable laws, within and outside the United States (such as the California Consumer Privacy Act (CCPA) and other US State laws, the European Economic Area’s General Data Protection Regulation (GDPR), the United Kingdom’s post-Brexit data protection regime, to name just a few). We provide Health Insurance Portability and Accountability Act (HIPAA) business associate agreements (BAAs), and Gramm-Leach-Bliley Act (GLBA) advice for financial institutions and their vendors.