Our Services

Provide Data Governance

We serve as external privacy experts to help you create and expand your privacy program.

  • Developing data ethics frameworks and principles that align with your mission

  • Helping you manage and respond to data rights requests

  • Assisting with responding to privacy and security questionnaires

  • Advising on designing services and offers using privacy by design principles and practices

  • Designing and building privacy preference centers

  • Conducting privacy impact assessments

  • Drafting privacy and cookie notices

Map & Assess

Knowing your data is always step number one. We can help you achieve that.

  • Assisting with data mapping exercises, including data inventories and data flow maps

  • Conducting applicability assessments of current privacy laws

  • Conducting organization-wide privacy assessments

  • Preparing strategy and risk assessments for compliance

  • Providing guidance for navigating internal and external privacy inquiries

  • Assisting with the development of privacy-related internal policies and procedures

  • Developing and helping implement procedures for evaluating third-party vendors or partners

Compliance with EU and US Privacy Laws

Complying with the legal requirements of different jurisdictions does not need to be scary. Let us break down EU’s GDPR, CCPA, and emerging privacy laws for you one step at a time.

  • Performing Controller/Processor analysis

  • Creating records of processing

  • Creating policies and procedures

  • Obtaining appropriate levels of consent

  • Creating strategies and solutions for cross-border data transfers

  • Managing vendors

  • Drafting Data Protection Impact Assessments

Transactional Work

Let us assist you in streamlining your contract work, from drafting to signature and beyond.

  • Contract drafting, negotiation, execution, and management

  • Assisting in identifying priorities and “dealbreakers”

  • Creating “playbooks” that document practices in contract drafting, negotiation, and execution

Expert Witness Services

Our Founding Partner, with support from her team, can serve as an expert witness in your pending litigation from the discovery stage through trial.

  • Indexing and reviewing relevant case documents and evidence

  • Analyzing opposing expert opinions

  • Researching questions presented

  • Applying a robust methodology to the interpretation and analysis of evidence and data

  • Writing an expert opinion

  • Providing courtroom testimony

Training & Coaching

We can provide privacy training and one-on-one leadership coaching to gain traction.

  • Designing and developing privacy and security training for your workforce 

  • Providing one-on-one leadership and development coaching for gaining traction with your team and optimizing a highly functional privacy program

Representative Experience

For not-for-profit clients, provided advice on US and EU data protection and privacy laws that apply to the non-profit sector. Work included drafting of external notices internal policies for compliance, handling of data subject access requests and erasure requests, and providing advice and support for deployment of GDPR compliance programs.
Identified and designed strategies to comply with EU  data transfer requirements, including drafting and negotiating service provider contracts and intra-group data transfer agreements. Advised post Schrems II and created guidelines to implement compliance strategies including SCCs, evaluation of surveillance risks related to different data flows and related safeguards required.
For multiple clients negotiated complex contracts involving the use of personal data including contracts related to marketing and advertising, research, and human resources. 
For various clients, assessed the applicability of GDPR, conducted gap assessments and created pragmatic roadmaps to build the processes and resources required in a manner tailored to each organization’s unique circumstances. 
Evaluated the applicability of new requirements under the ePrivacy directive to an online communication platform and related obligations. Reviewing existing data flows and devising a compliance strategy across the complex data sharing network, as well as colocation services and ISPs.
Assisted with evaluation and remediation of accidental collection by the client of the data of minors under 13 subject to COPPA and the data of minors under 16 subject to GDPR. This is a high-risk area, as COPPA fines can quickly escalate, the requirements for consent diverge across the multiple affected jurisdictions, and the impact of collection absent parental consent diverges depending on which laws apply.
Incorporated benefit organizations and corporations, including professional corporations and benefit corporations, and acted as corporate secretary.
Acted as Chief Privacy Officer and Data Protection Officer for-hire assisting with data subject rights requests, compliance program building and maintenance of records requirements.
Provided advice on the applicability of, and compliance with, COPPA to various organizations providing services to K-12 schools, including identification of a viable process to obtain verifiable parental consent. 
Assessed the applicability of GDPR, conducted gap assessments and created pragmatic roadmaps to build the processes and resources required in a manner tailored to each organization’s unique circumstances. 
Provided advice on compliance with GDPR and CCPA for cybersecurity clients providing services to governmental agencies. Work includes, but is not limited to, assessment of the applicability of GDPR and CCPA to the different products offered by each organization, as well as evaluation of specific products to identify if they fall into the category of selling under CCPA with emphasis on the review of relevant exceptions applicable in the law enforcement context.
For a tech company, providing advice on policy initiatives related to pending bills before Congress in regards to various aspects of US law, including preemption principles under US federal law.
Provided advice on compliance with applicable industry frameworks for targeted advertising and related legal obligations for an organization that manufactures health equipment used by adults and minors alike. In regards to the same client, provided advice on the applicability of, and compliance with, COPPA, including a viable process to obtain verifiable parental consent in regards to health tech products.
Advised financial institutions on US financial privacy compliance, including GLBA, CalFIPPA, PCI-DSS, etc. Work included evaluation of the applicability of, and compliance with, CCPA for activities and data outside of the scope of applicable financial industry laws (e.g., financial services provided to non-consumers, data collected outside of the context of provision of financial services, etc.)
For a global vehicle manufacturer, advised on privacy and cybersecurity matters, including evaluation of new technology, monetization of data, new services, new data collection and new marketing initiatives for privacy/cyber issues.
For government agency, provided advice on the requirements under the California Information Practices Act and the California Public Records Act. 
For not-for-profit clients, provided advice on US and EU data protection and privacy laws that apply to the non-profit sector, drafted privacy policies and disclosures. 
Identified, designed and implemented strategies to comply with EU  data transfer requirements.
Provided advice on the applicability of, and compliance with, COPPA to various organizations providing services to K-12 schools, including identification of a viable process to obtain verifiable parental consent. Drafted contractual language and COPPA notices, and provided advice on parental rights under COPPA, and how they compare/differ from data subject rights under GDPR. Work required consideration of COPPA compliance within the existing compliance framework for GDPR, as the frameworks do not fully align.
For a privacy tech start-up, provided advice in connection with business strategy alignment with legal requirements and potential market for its services based on existing security and privacy requirements under applicable law. Analyzed the applicable requirements under US and EU privacy, data protection and cybersecurity laws for a ground-breaking searchable encryption product and related key management process. Supported with marketing materials highlighting privacy features.
For various clients, assessed the applicability of GDPR and CCPA, conducted gap assessments and created pragmatic roadmaps to build the processes and resources required in a manner tailored to each organization’s unique circumstances. 
Assessed the applicability of CCPA to a law-firm client, evaluated the role that a law firm should take under CCPA (i.e., business, service provider or other) and devised a strategy for compliance with the act (including preparing a gap analysis and updating notice policies, procedures and contract terms). Provided advice on a data protection and privacy impact assessment regarding the implementation of different security-related products requiring monitoring of its network and employees. Reviewed data subject access procedures for compliance with CCPA and GDPR, and reviewed/updated records of processing. Conducted a tabletop exercise evaluation and next steps.