Privacy & Data Security

Data is one of your most valuable assets—protect it.

At Focal, our IAPP-certified lawyers recognize that consumer expectations for data privacy have never been higher. As of 2024, one-third of U.S. states have enacted comprehensive consumer data privacy laws, leaving many businesses struggling to keep pace with ever-changing security requirements.

We make it our business to stay ahead of this rapidly evolving regulatory landscape. By proactively monitoring and managing privacy and compliance matters, we empower our clients to confidently leverage their data while complying with legislative updates and minimizing risks to their businesses and customers.

Gwen Wei, Privacy Attorney

Barb Rhoads-Weaver, Attorney

Compliance is complex—and achievable.

The rise of AI and other emerging technologies makes staying compliant feel like a moving target. Our team tracks tech developments to help clients adapt their security systems, data use, and practices to evolving regulations.

We provide expert guidance on compliance with key laws, including:

  • GDPR (EU & UK)
  • HIPAA
  • Gramm-Leach-Bliley Act (GLBA)
  • FERPA
  • TCPA
  • CAN-SPAM Act
  • COPPA
  • State privacy laws, including: CCPA/CPRA, Connecticut Personal Data Privacy and Online Monitoring Act, Utah Consumer Privacy Act, Virginia Consumer Data Protection Act (VCDPA), Washington’s My Health My Data Act

Our clients are at the forefront of technology where data security and compliance is vital. Focal helps clients mitigate risk, maximize the value of their data, and protect their brands with a full suite of privacy and security services:

Privacy notices, policies, and compliance procedures

Use of consumer data in marketing

Data protection assessments and transfer impact assessments

Data processing addenda and data transfer agreements

Consumer and data subject access requests

Use of AI to leverage existing privacy policies & procedures

Responding to suspected data breaches

Representative Work

  • Updated a SaaS company’s internal data processes to comply with a range of data protection laws, including GDPR.
  • Guided a biometric company in handling a CCPA data deletion request.
  • Drafted privacy policies for a video chat service, ensuring compliance with the federal Wiretap Act and law enforcement disclosure rules.
  • Reviewed HIPAA-related agreements for SaaS companies serving business associates.
  • Created standard Data Processing Agreements for tech companies and trained in-house teams in negotiating common revisions.
  • Advised an e-commerce company on session replay and analytics tracking tools, and helped implement risk mitigation strategies.