This site uses cookies to enhance site navigation, analyze usage, improve functionality, and better your experience on the site. By continuing to browse the site, you consent to our use of cookies. Please see our Cookie Policy for more information about our use of cookies.

Privacy & Data Security

Privacy and data security issues impact every organization. Every company is a “data company” and is responsible for safeguarding and responsibly handling personal information. Davis Graham and Stubbs LLP’s privacy and data security practice partners with clients to streamline compliance practices and address requirements from the patchwork of U.S. and international laws governing the collection, use, storage, transfer, and disposal of personal information.

Many of our team members hold advanced certifications in privacy, including the CIPP/E, CIPP/U.S., CIPM, and FIP designations. To keep abreast of the latest data trends and technologies, our attorneys are involved in numerous privacy leadership and industry groups, including the International Association of Privacy Professionals’ Education Advisory Board and the Colorado Technology Association.

Core Competencies

  • Data inventory and risk assessment
  • Policy drafting
  • Information governance and records retention
  • Information security policies and assessments
  • Incident response planning and data breach response and notification
  • Vendor management
  • Contract drafting and negotiation
  • Due diligence in M&A transactions
  • Employee training
  • Cyber insurance coverage analysis

Representative Experience

  • Assist client in the life science, financial services, retail, technology, and hospitality industries in developing privacy compliance programs, both generally and with specific focus on GDPR and CCPA. This includes drafting policies; preparing and negotiating vendor agreements; developing procedures for handling individual inquiries; updating incident response procedures; and conducting employee training.
  • Advise clients on international data protection requirements, including implementing legal mechanisms for the transfer of data from the EU, Latin America, and Asia to the U.S.; addressing direct marketing requirements, including under the ePrivacy Directive; drafting individual consent requests and protocols for requesting and documenting the same; and developing procedures for data subject access requests.
  • Assist clients in developing data inventories and data maps, including designing a protocol, conducting interviews with stakeholders, and documenting data, systems, and flows.
  • Draft records retention policies and update retention schedules. Work with clients on data disposal policies.
  • Development and implement risk assessment programs, both project-specific and enterprise-wide, including creating a risk methodology, preparing questionnaires, working with stakeholders, identifying risks, and developing risk mitigation plans.
  • Draft online privacy notices addressing requirements in the U.S. and internationally; prepare layered privacy notices.
  • Develop compliance programs for the handling of biometric data.
  • Design and update vendor management programs, including due diligence procedures, contract drafting and negotiation, and monitoring of vendor compliance.
  • Prepare incident response plans for a variety of organizations and assist with response to data security incidents and breach notification in multiple jurisdictions.
  • Draft information security policies and direct information security assessments.
  • Work with clients to conduct, or respond to, due diligence inquiries for M&A transactions.
  • Conduct company-wide and targeted employee training.

Related Attorneys

person image - Trent Martinet

Trent Martinet

Partner, Intellectual Property, Technology Transactions, Finance & Acquisitions, Mergers & Acquisitions
303.892.7343
person image - Alex Paalborg

Alex Paalborg

Associate, Technology Transactions, Intellectual Property, Mergers & Acquisitions
303.892.7248
person image - Adrienne Kovac

Adrienne Kovac

Associate, Finance & Acquisitions, Mergers & Acquisitions, Public Companies & Capital Markets, Intellectual Property, Technology Transactions
303.892.7363
person image - S. Lee Terry, Jr.

S. Lee Terry, Jr.

Partner, Asset Management, Finance & Acquisitions, Mergers & Acquisitions, Private Equity & Venture Capital, Public Companies & Capital Markets, Securities Enforcement & Litigation, Intellectual Property, Technology Transactions, Executive Compensation, Crisis Management
303.892.7484

Search Davis Graham & Stubbs

Attorneys

Events

Pages

Articles
Search Attorneys & Website