Polsinelli’s privacy compliance team partners with clients across a broad range of industries to help them develop and maintain their enterprise-wide privacy compliance programs in accordance with United States' comprehensive state privacy laws, including:

• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)
• Illinois Biometric Information Privacy Act (BIPA)

We advise on federal privacy laws such as HIPAA, GLBA, CAN-SPAM, FCRA, and COPAA, and also advise clients on their international privacy compliance obligations under laws such as the European Union’s GDPR and its UK equivalent and Privacy and Electronic Communications Regulations, China’s PIPL, and Brazil’s LGPD. Our deep bench of experience enables us to help clients navigate the sometimes conflicting requirements of these laws,  and develop risk-based compliance programs, which are fit not just for current obligations but are also future-proofed for emerging trends.

Alongside designing and implementing privacy compliance programs for domestic and multinational clients, we also provide day-to-day support to our clients as their outside privacy counsel, advising on issues such as:

• Cookies, web tracking technologies, and advertising technologies
• International data transfers and transfer impact assessments
• Records of processing activity and data maps
• Employee privacy requirements
• Data subject and consumer requests
• Records retention and data minimization requirements
• Data processing impact assessments
• Vendor diligence and data processing addenda
• Privacy and security training
• Legal bases for processing
• Data protection officer requirements
• Regulatory investigations