button: about usbutton: expertisebutton: representative clientsbutton: presentationsbutton: newsbutton: articles and formsbutton: networkbutton: photo gallery

button: technology and international distributionbutton: representative transactionsbutton: data protection and privacybutton: export controls and national securitybutton: dispute resolution and arbitration
 Data protection and privacy issues have become increasingly important in the worldwide business environment. In the United States, there are a growing number of U.S. federal and state laws relating to privacy protection, including (i) Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), (ii) Children’s Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA), (iii) and Gramm-Leach-Bliley (GLB) Act, and a multitude of state privacy laws.

The State of California, in particular, has enacted several significant data protection and privacy laws in recent years, including (i) California Database Protection Act (CDPA), (ii) California Online Privacy Protection Act (OPPA), (iii) Direct Marketing Disclosure Statute (DMDC), (iv) Consumer Protection Against Spyware Act (CPACSA), and other privacy-related legislation.

The European Union Data Protection Directive (Data Protection Directive) has resulted in Europe becoming one of the most highly-regulated jurisdictions in the world when it comes to data protection requirements. European data protection regulations now overlay on most types of corporate data, employment and human resource records, sales and marketing documentation and governs many aspects of data processing, including privacy disclosures, data access, cross-border data transfers, and retention. Other countries including Argentina, Australia, and Canada have followed Europe’s lead. In response to Directive’s sweeping requirements and impact on the EU-based operations of U.S. multinationals, the U.S. and the European Union negotiated a “Safe Harbor Framework” that provides a mechanism for U.S.-based companies to comply with the operative provisions of the Data Protection Directive by self-certifying compliance in its privacy policy and meeting other internal compliance standards.

Stephen LaCount has assisted companies with the formulation and implementation of policies and best practices, including privacy and data protection policies and adherence to local, national, and international data protection and privacy laws. He has extensive experience with matters pertaining to cross-border data transfers, data collection and processing, integrity and authentication; security and encryption; and access and retention. He also guides clients in the drafting and implementation of website privacy policies and terms of use, compliance with the U.S. Safe Harbor Framework, the CAN-SPAM Act and California privacy law requirements.

Stephen LaCount has written extensively on privacy law and data protection. His client Alerts can be accessed in the Articles library.

  
button: site map button: directions button: contact button: legal notices