Comprehensive Assessments - Engages in comprehensive privacy and information security assessments of clients in various industries, charting flows of personal information from collection to disposition in order to identify compliance and risk issues related to use, storage, transmission, disclosure and disposal of data.

Information Security - Counsels clients on compliance with various information security requirements, including the HIPAA Security Rule, agency guidance related to the HITECH Act, the Gramm-Leach-Bliley Safeguards Rule, the Red Flags Rule, the Payment Card Industry Data Security Standard, and various state laws and regulations specifying appropriate information security controls.

Breach Response - Assists clients in preventing, preparing for and responding to actual and suspected information security breaches.

Health Care - Counsels clients on compliance with health privacy laws, including HIPAA, the HITECH Act, the Privacy Rule, the Security Rule, the Breach Notification Rule, and various state laws governing the use and disclosure of health data.

Financial Services - Counsels clients on compliance with the Gramm-Leach-Bliley Act and underlying Privacy and Safeguards Rules, the Fair Credit Reporting Act and underlying Affiliate Marketing Rule and FTC Disposal Rule, and various state laws governing the use and disclosure of consumer financial information.

Workplace Privacy - Assists employers in addressing workplace privacy, such as compliant monitoring of employee Internet and email usage, provision of appropriate privacy notices, implementing a HIPAA-compliant group health plan, and appropriate employee training on privacy and information security considerations.

Online Privacy - Counsels clients regarding online operations, including preparation of website privacy notices, compliance with the Children’s Online Privacy Protection Act and the California Online Privacy Protection Act, the use of social networking tools or behavioral advertising to promote the business, and other web-related compliance obligations.

Marketing - We assist our clients to help ensure their direct marketing does not run afoul of the disparate federal regulations pertaining to direct marketing, including email marketing and mobile marketing via SMS or Mobile Service Commercial Message.

Records Management - Designs and assists in implementation of comprehensive records management programs including preparation of policies, procedures and records retention schedules.

International - Develops global compliance programs for clients, including legalizing data flows from the European Union using model clauses, relying on data subjects’ consent or by certifying compliance with the U.S. Department of Commerce's Safe Harbor program. Assists clients in all aspects of implementing Safe Harbor compliance.

Recent Speaking Engagements

04/17/09 Privacy and Information Security: Compliance and Risk Mitigation in Website Operations, Mobile Marketing and Information Security Breach Response, North Carolina Bar Association

04/03/09 Online Privacy and E-Marketing: Avoiding the Sharks While Surfing the Web, North Carolina Bar Association

01/26/09 Enforcement Actions and Developments in State Law Beyond the Breach, Carolina Privacy Officials Network

2008 and 2009, Guest Lecturer, Privacy Law Seminar, University of North Carolina School of Law

09/30/08 Assessing Your Organization's Compliance with the HIPAA Security Rule: Being Proactive and Achieving Compliance in the Face of Increased Enforcement Risk, Lorman Seminar

08/07/08 Affiliate Marketing Rule: Applicability and Requirements, Association of Corporate Counsel Committee on IT, Privacy and eCommerce