We tailor our advice to your organization’s unique culture and priorities so we can help you reduce your company’s privacy and security exposure and accomplish your business objectives.
A Robust, Diverse Team
We have a large team of attorneys and other professionals who are entirely focused on counseling you on applicable state, federal and international privacy and security laws. We come from a variety of backgrounds, focus on specific sectors and laws, and bring you a holistic approach that draws on our combined experience, ensuring efficiency and collaboration.
Whether it’s considering a new privacy law or applying existing regulations to new technologies (such as AI and blockchain), our team analyzes, presents, and publishes on cutting-edge privacy and security challenges. We leverage this knowledge to provide you with forward-looking legal advice that positions you to comply with today’s laws and prepare for tomorrow’s.
Areas of Practice
Children & Student Privacy (COPPA, FERPA)
Communications Privacy (Cable Act § 551, CPNI § 222)
Electronic Communications Privacy (ECPA, CFAA, SCA)
Federal Trade Commission Act (FTC Act)
Financial Privacy (FCRA, FDCPA, GLBA, CFPB)
Health Information Privacy (HIPAA, HITECH Act)
Marketing and Consumer Privacy (CAN-SPAM, TCPA, TSR)
Video Privacy Protection Act (VPPA)
Biometric Privacy Laws
Breach Notification Laws
California Privacy (CCPA, CalOPPA Cal. B&P Code § 22575, Cal. Penal Code §§ 637-38, CA Shine the Light Cal. Civ. Code § 1798.83, Song-Beverly / Receipt Requirements)
Computer Trespass Statutes
Data Security Laws (e.g., 201 CMR 17.00)
Employee Privacy Laws
Record Disposal & Destruction Laws
Social Media Monitoring Laws
Social Security Number Use & Disclosure Laws
Unfair or Deceptive Acts or Practices (UDAP)
Video/Media Privacy Protection Acts
Wiretap & Electronic Communications Laws
Canadian Anti-Spam Law (CASL)
EU Cookie Directive
EU Privacy Shield
General Data Protection Regulation (GDPR)
Digital Advertising Alliance (DAA) Self-Regulatory Principles
Network Advertising Initiative (NAI) Code of Conduct
NIST Cybersecurity Framework
Payment Card Industry Data Security Standard (PCI DSS)
Privacy & Security Law Blog
The DWT HIPAA Audit Toolkits
- Actively counseling clients in a number of industries, including telecommunications, advertising, and retail, regarding their California Consumer Privacy Act (CCPA) compliance strategy. Our work includes providing assessments of the risk and operational impact of the new law, designing information governance strategies that embed privacy in data management, and drafting disclosures and consumer response protocols.
- Serve as lead privacy counsel and coordinate privacy work across a telecommunications conglomerate to ensure a consistent approach in operations and public policy advocacy. The team advises on models for data collection and use across multiple platforms (cable, Internet, online services) in ways that respect consumer privacy, protect consumer data, and meet current and evolving federal, state, and self-regulatory privacy requirements. The firm also advises on public policy and assists in advocacy at the federal, state, and even municipal levels.
- Advise multinational technology company on application of privacy and security laws, such as HIPAA and the EU General Data Protection Regulation (GDPR), to cutting edge technological innovations in the healthcare sector, such as the use of artificial intelligence and cloud initiatives. DWT assisted the client in developing a negotiating playbook for implementing GDPR data processing agreements (DPA) with the client’s vendors and served as "escalation" counsel for complex DPA-related questions.
- DWT assisted a major American daily newspaper in developing and implementing its GDPR compliance program with respect to its journalistic activities, digital advertising operations, and publishing platform services for other media organizations. This ensured compliance and mitigated liability under data protection law for the client’s activities across Europe.
- Serve as primary outside counsel on privacy & security matters for one of the top hospital systems in the country. We provide ongoing counsel on HIPAA, information security, information sharing agreements, incident response, GDPR, 42 C.F.R. part 2 (governing alcohol and drug use disorder treatment records), and other privacy and security matters. Client also looks to us as trusted advisors for privacy implications before rolling out new apps and technology.
- Serve as healthcare counsel to an American multinational investment bank and financial services company, assisting it with its own HIPAA compliance, negotiating HIPAA agreements with customers, addressing requirements related to federal insurance programs in customer contracts, and addressing other health information privacy laws, such as 42 C.F.R. part 2 (governing substance use disorder treatment records).
- Provide privacy and security advice to technology start up, which provides electronic medical record technology to cancer clinics and seeks to leverage health data to improve cancer treatment. Work includes internal counsel, drafting policies and procedures, incident response, and negotiating business associate agreements with customers.