White Glove Service. Excellent Results. Strong Reputation.

Read Our Reviews

Data Security Compliance Lawyers

June 21, 2020

New threats continue to present themselves all the time.  Because of this the data security field is constantly evolving. The federal data security compliance lawyers at our firm have the experience and insights your company needs to mitigate its risk of a breach and to avoid monumental federal penalties for non-compliance.

Businesses of all sizes in all industries should be concerned with regards to data security. If your server (or your cloud provider’s  servers) stores customers’ or patients’ personal information or if you need to protect your company’s internal sensitive and proprietary data, neglecting to place the right amount of emphasis on data security can end up in sudden, substantial, and potentially irreparable harm.

Data security is not only important from the perspective of securing the sensitive information that your business carries, but it is imperative from the perspective of federal compliance. Corporations professional practices, and other companies that neglect adequate protection of consumer dat may deal with substantial penalties. Unfortunately, there is not a clear standard for “adequate” protection, and different entities can have varying obligations based on factors ranging from the kind of information they need to secure to the size and geographic scope of their business operations. On top of this, new threats continue to reveal themselves on an almost daily basis.  All this makes maintaining compliance a rather formidable burden.

Lawyers for Federal Compliance who are Experienced in Complex Data Security Matters

The federal compliance lawyers on our team represent businesses with respect to all aspects of data protection and statutory and regulatory compliance. The clients we serve ranging from individual doctor’s offices to multinational corporations.  We provide a range of services from compliance program development and implementation to breach response and notification compliance.

The regulatory landscape for data security compliance is extraordinarily convoluted – even small businesses can be subject to a multitude of compliance requirements at the state, federal, and international levels. As regulators become more and more sophisticated in their digital monitoring and enforcement activities, businesses of all sizes are increasingly facing compliance audits and investigations. At Spodek Law Group, we can help you secure your business’ and customers’ or patients’ sensitive information.  Also, we can thoroughly document your data security initiatives to proactively demonstrate compliance in case of a federal inquiry.

What is Necessary to Become Compliant with Regard to Data Security?

In compliance matters, state, federal, and international rules and regulations focus in general on the protection of consumer data.  In the United States, the regulatory obligations are piecemeal at the federal level. Companies may potentially be subject to a host of statutory and regulatory obligations dependent upon the sectors in which they operate and the kinds of information they collect. For example, federal statutes with data security compliance implications include (but are not limited to):

CCPA (Cable Communications Policy Act)

COPPA (Children’s Online Privacy Protection Act)

DPPA (Driver’s Privacy Protection Act)

FTCA (Federal Trade Commission Act)

GLBA (Gramm-Leach-Bliley Act)

HIPAA (Health Insurance Portability and Accountability Act)

State laws have the capacity to impact companies’ data security compliance obligations on a national scale as well. The National Conference of State Legislatures (NCSL) summarized the situation this way:

“At least 25 states have laws that address data security practices of private sector entities. Most of these data security laws require businesses that own, license, or maintain personal information about a resident of that state to implement and maintain ‘reasonable security procedures and practices’ appropriate to the nature of the information and to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.”

As also stated by the NCSL, the number of states that now have data security laws on their books has doubled since 2016, and this trend toward state-level data security protection enforcement is likely to carry on for the foreseeable future. Because state laws typically apply to any entity that has access to information about in-state residents, corporations will often be forced to comply with multiple states’ laws on top of maintaining federal and international compliance.

On an international scale, the most significant concerns for companies that use and store personally identifying information (PII) come up under the European Union’s recently-enacted General Data Protection Regulation (GDPR). The GDPR provides that companies must adopt extensive policies and protections to make certain that the security of EU residents’ PII is prioritized, and the monetary sanctions attached to non-compliance can be substantial. Although many US-based companies do not face substantial compliance burdens under the GDPR (specifically businesses such as healthcare providers that only target and serve customers and patients domestically), for businesses that are subject to the GDPR, ensuring compliance must be a consistent priority.

We Assist Businesses and Professional Practices in Establishing and Maintaining Data Security Compliance

Our firm’s data security compliance services include providing advice and representation for identifying risks, setting up compliance policies and procedures, maintaining compliance on an ongoing basis, and responding to present and potential security threats. As with all other areas of our corporate compliance representation, we work one-on-one with our clients’ executive leaders, in-house counsel, and relevant stakeholders to create custom-tailored compliance solutions.

Our clients receive service from us with respect to all aspects of data privacy and security compliance at state, federal, and international levels. This includes (but is by no means limited to) providing help with:

  • Privacy and security of consumer data
  • Privacy and security of patient health information
  • Privacy and security of financial information and transaction data
  • Privacy and security of employee data
  • Governing contracting data privacy and security compliance
  • Security of corporate data and proprietary information

Due to the varying applicability of state, federal, and international data security regulations and laws and the particular demands of various businesses operating within a range of industries, no two data security compliance programs will ever be the same. In the modern world, while there industry standards exist, there is simply no such thing as a “template” data security compliance program. To ensure that we are meeting our clients’ complete set of unique needs, our federal compliance attorneys furnish services including:

Initial Needs Assessment – So as to accurately determine what data security measures are necessary, the obvious first step is to determine the nature and extent of the details within your business’s or practice’s custody or control. We carefully assess your company’s compliance requirements so that we can tailor the remainder of our services accordingly.

Documentation of Policies and Procedures – Once we get a clear understanding of the compliance needs of your business or practice, we can create customized policies and procedures designed to provide the framework your business needs to sustain compliance at the state, federal, and international levels (as regulations apply).

Service Provider Contracting – As a general rule, companies are not immune from the consequences of non-compliance if they delegate responsibility to third-party service providers. Our lawyers can negotiate critical protections into your IT service contracts and other relevant agreements to make sure you have adequate protection.

Terms of Sale and Service for Consumers and Patients – We can also draft appropriate terms of sale and service to be used in connection with your business’s or practice’s customers or patients. waivers of consumer rights are frequently unenforceable – indeed, they can potentially get companies into hot water.  Nevertheless, there are appropriate protections that can be employed to substantially mitigate companies’ risk of liability.

Website and Social Media Compliance – Websites and social media are usually overlooked in conversations about data privacy and security. That said, violations involving websites and social media are customarily the most widely publicized, and they can uyeild the most immediate and irreparable consequences as a result. Our federal compliance attorneys can assist you in ensuring that your company’s online presence does not create a liability.

Employee Training, Enforcement, and Discipline – Your data security compliance program will only make a difference if it is implemented energetically. This entails conducting initial and ongoing staff training as well as implementing appropriate measures to enforce compliance and discipline staff members who put the company at risk by committing compliance violations.

Ongoing Compliance Auditing and Needs Assessments – After a data security compliance program has been launched, frequent audits and monitoring can help ensure compliance and be proactive on potential issues. Businesses and professional practices need to continually reassess their needs as new regulations and threats emerge.

Stress Testing of Data Security Programs and Protocols – Are the logical security measures your company now has in place as strong as they need to be? Our lawyers can assist with stress testing of data security programs and protocols and give you recommendations for remedying any potential exposure risks.

General Counseling  for Data Security Compliance – As questions and possible issues arise in the realm of data privacy and security, corporations often have no time to wait. Our federal compliance attorneys are available 24/7 to give clients general data security compliance counseling on an as-needed basis.

Interaction with State, Federal, and International Authorities – If your company or practice is contacted by the Consumer Financial Protection Bureau (CFPB), Department of Justice (DOJ), Federal Trade Commission (FTC), Federal Bureau of Investigation (FBI), or any other government agency or bureau for the purpose of questioning a potential data security or privacy issue, our lawyers can speak with the authorities on your company’s behalf.



Spodek Law Group have offered me excellent support and advice thru a very difficult time. I feel I've dealt with someone who truly cares and wants the best outcome for you and yours. I'm extremely grateful for all the help Spodek Law Group has offered me. I can't recommend them enough.

~ David Bruce

Spodek Law Group was incredibly professional and has given me the best advice I could wish for. They had been helpful and empathetic to my stressful situation. Would highly recommend Spodek Law Group to anyone I meet.

~ Rowlin Garcia

Best service I ever had. Todd is absolutely class personified. You are in the safest hands with spodek. They have their clients interest in mind.

~ Francis Anim

Spodek Law Group

White Glove Service

We provide superior service, excellent results, at a level superior to other criminal defense law firms. Regardless of where your case is, nationwide, we can help you.

Get In Touch

Schedule Your Consultation

Los Angeles

555 W 5th St 35th floor, Los Angeles, CA 90013


get directions


35-37 36th St, 2nd Floor Astoria, NY 11106


get directions


85 Broad St 30th Floor, New York, NY 10004


get directions


195 Montague St., 14th Floor, Brooklyn, NY 11201


get directions

Call Us