Protecting Consumer privacy and complying with applicable data use laws is a critical part of any business. With a growing emphasis on protecting Personally Identifiable Information (PII), more privacy regulations are being put in place to safeguard PII. It is becoming increasingly important for companies to comply with privacy laws and contracts, as well as developing technologies and procedures that respect the privacy of customers, clients, and business partners worldwide.

At KJK, our legal privacy attorneys have extensive experience identifying privacy issues that relate to your business. We work with your organization to help you improve or draft new privacy policies and negotiate data collection and data sharing agreements that meet your needs and comply with all applicable privacy laws and best practices.

Information to Consider:

Types of Privacy Compliance

To understand the importance of privacy compliance, it’s helpful to get a basic understanding of the major privacy compliance laws, including GDPR, CCPA, CPRA, GLBA, FTC, PCI, HIPAA and HITECH. The KJK team can help break down these data privacy compliance regulations. In addition, we can help you negotiate data sharing, data access and data use agreements, as well as Software as a Service (SaaS) and cloud agreements that comply with domestic and international privacy laws.

GDPR & CCPA Compliance

The Global Data Protection Regulation (GDPR) went into effect in 2018, intended to redefine how to handle online user data. In 2020, the California Consumer Privacy Act (CCPA) became the first major U.S. privacy law following the European GDPR. The CCPA is sometimes regarded as a less stringent version of the GDPR. This means that if your organization already complies with GDPR, it is relatively easy to comply with CCPA too. Other states are following in the model of California and implementing their own data privacy regulations.

Unlike some “sector by sector” laws, GDPR applies to many business types and their websites, including eCommerce, nonprofits and more. Any organization that deals with the personal data of EU residents must comply, even if they aren’t based in the EU. This law controls how companies and their websites can handle personal data, from email addresses to browser history and location data. 

CCPA creates obligations for employers and entitles employees to statutory damages for data breaches. If your business operates in California, collects personal information of residents, has an annual gross income that exceeds $25 million and buys, receives, sells or shares personal information of 50,000 consumers, or derives half or more of your annual revenue from selling consumers’ personal information, you must comply with the act.

The CCPA is intended to create transparency in the state’s enormous data economy. This transparency means consumers can find out what personal data businesses have access to and which information they have sold to third parties. The California Privacy Rights Act (CPRA) enhances the CCPA. It enforces stricter protection of consumer privacy, similar to GDPR, and adds requirements for businesses.

Working with a GDPR attorney and CCPA attorney with KJK can help your business learn the detailed requirements it must follow in order to comply with these laws and safely handle the personal information of your employees and customers.

GLBA, FTC and PCI Compliance

The Gramm-Leach-Bliley Act (GLBA), which the Federal Trade Commission (FTC) enforces, regulates the kind of data that can be collected by a wide variety of financial institutions (the Privacy Rule) and what they must do to protect that information from unauthorized access or use (the Security Rule).

The GLBA applies to financial institutions that collect nonpublic personal information from their customers. Additionally, if your organization receives nonpublic personal information from a financial institution you are not affiliated with, the GLBA may limit how you can use that information.

The Payment Card Industry Data Security Standard (PCI DSS) is a security criterion intended to standardize how businesses accept, process, transmit or store credit card data in order to maintain security. Any entity that collects, stores or processes

Because there are many compliance requirements, basic requirements and test procedures, the GLBA is difficult to understand. KJK’s legal team is intimately familiar with these regulations and what your business must do to comply and can help you navigate the process.

HIPAA and HITECH Compliance

The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) create national standards to safeguard sensitive patient health information from being divulged without patient consent or knowledge. Any business in the healthcare industry must strictly adhere to the Act to assure the protection of patients’ health information while allowing for the flow of health information required to provide quality care. Taken together, the statutes and their regulations provide liability for improper disclosure of Protected Health Information (PHI), and for failing to adequately protect such information, and impose privacy requirements not only on “Covered Entities” like healthcare institutions, but on any “business associate” that received PHI from a covered entity.

As with any healthcare data security regulation, KJK can provide businesses with legal counsel, guiding them through the implementation of information security programs that ensure privacy, safety and integrity of patient health information.

Important to Know:

The Role of a Privacy Compliance Attorney

Working with a reputable privacy compliance attorney at KJK can help support your business and ensure compliance with important privacy laws.

When you hire a KJK privacy compliance attorney, we perform a range of functions, including reviewing contract provisions related to security and confidentiality and recommending changes as needed. We’ll also collect and analyze data and collaborate with others on your team to develop policies and procedures that help you build a strong privacy strategy which includes acting as Data Privacy Officer and creating programs that comply with “Privacy by Design” requirements.

Our role extends beyond simply ensuring compliance with data privacy regulations. We can help you handle complaints, data transfer problems, and review your company’s handling of confidential information to recommend improvements. We also help you grow your business, collect information responsibly and ensure that you can use the information you have collected.

Stay Compliant in an evolving landscape:

State Privacy Laws Tracker

KJK is actively tracking state privacy laws enacted across the United States to help keep our clients informed as the state privacy landscape evolves. Click on the map below for up-to-date information based on each state. We will continue to update as additional states pass legislation.



Ramifications of Non-Compliance With Privacy Laws

KJK’s privacy compliance attorneys work with businesses to ensure they operate in accordance with all applicable privacy laws and regulations because failing to do so comes at a cost.

While the consequences vary depending on the type of business and which rules and regulations you failed to comply with, most result in hefty penalties and fines. For PCI DSS violations, noncompliance can lead to an inability to collect credit cards. If you are in the healthcare industry and must comply with HIPAA, non-compliance can result in financial penalties, and a requirement for corrective action plans to bring policies and procedures up to HIPAA standards.

Similarly, failure to comply with GLBA can include fines up to $100,000 per violation, with additional fines for officers and directors. Violations can even lead to primal penalties, including up to five years of prison.

Given the serious ramifications of non-compliance, working with KJK’s attorneys is a smart choice to ensure you operate within the set standards, protect your customers’ privacy and ultimately safeguard your business.

Important to Know:

Privacy Compliance Laws for International vs. Domestic Companies

While domestic companies must adhere to the privacy rules and regulations within their home country, privacy compliance for international companies is not entirely cut and dry. eData privacy regulations may apply based not on where you are located or conduct business, but on where the data subject resides. As more economies worldwide institute data privacy laws, it may require more businesses to adopt a cross-regulatory compliance strategy. Wherever a business operates, it must follow the country’s laws to properly disseminate, collect and use data.

We’re Here for you:

Partner with KJK to Ensure Privacy Compliance

The privacy compliance lawyers at KJK have a vast knowledge of data protection, information technology and applicable laws and are available to help your business meet its privacy compliance obligations. Call us today to learn how KJK can help your organization comply and follow privacy best practices.