Evans | Petree PC understands that its clients must comply with a complex array of data security and privacy laws, regulations and standards, both for its customers and its employees. We understand the problems and difficulties faced and work with clients to incorporate these issues into a realistic business context. We work with clients across many industries, including financial and business services, health care services, pharmaceutical, telecommunications, electronic commerce, and information technology.
Evans | Petree PC draws on attorneys whose experience extends across multiple areas of specialization to assist with clients with developing and implementing policies to address privacy, security, and information management risks.
Examples of our experience include:
- Counseling clients regarding health information security and
privacy issues, including HIPAA and HITECH compliance, health information
technology, health record retention and interoperability, and compliance
with state health privacy laws.
- Advising clients regarding the provision of notice under security
breach laws and reviewing and advising as to proper incident responses.
- Conducting privacy and security audits and risk assessments,
leading to advising and implementation of proper incident response
plans.
- Advising clients on identity theft statutes at both the federal and
state level as well as conducting risk assessments and advising clients on
the potential burdens imposed by these regulations.
- Advising clients regarding the Fair Credit Reporting Act (FCRA),
the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), the Red
Flag Rules, and the Gramm-Leach-Bliley Act (GLB).
- Counseling clients bout potential risks related to compliance with
the Electronic Communications Privacy Act (ECPA) and analogous state laws,
including issues related to the monitoring and/or disclosure of customer,
subscriber, and employee communications.
- Drafting and implementation of privacy and security policies for
Internet and email use by employees taking into account both client
exposure and employee safety considerations.
- Reviewing Internet-based privacy policies for compliance with
federal regulations.
- Directing or reviewing investigations, both internal and external,
regarding theft of trade secrets, client lists, and other data, both
proprietary and non-proprietary.
- Counseling clients on potential liability under the Computer Fraud
and Abuse Act (CFAA) and state regulations related to email issues, website
linking issues, network misuse, and intellectual property and trade secret
infringement.
- Developing record retention and destruction policies defining the
management, preservation and destruction of electronic records and paper
records.
- Counseling clients on both electronic and paper based data/record
security and data/record retention and destruction policies as well as
potential concerns arising from retention and/or destruction of records.
- Advising clients in the negotiation, development and maintenance of
service agreements and accountability issues with vendors providing
information technology services or other services impacting employee,
customer or proprietary information retained by the client.
- Guiding clients through privacy and data transfer and data transfer issues in conjunction with mergers and acquisitions, marketing activities and joint venture arrangements.
