The attorneys in Pullman & Comley’s Privacy and Data Security practice counsel clients concerning the expanding web of state, federal and international privacy and data security regulations.  Our clients represent a broad spectrum of industries, including the IT/technology, health care, financial services, marketing/market research fields. The attorneys in Pullman & Comley’s Privacy and Data Security practice regularly assist clients that collect and use large amounts of personal data and contact consumers through a variety of media.  Our goal is always to offer clear, practical advice that enables our clients to comply with these laws while achieving their business goals.

Our Privacy and Data Security attorneys are skilled corporate counselors and litigators. We advise our clients on how to structure privacy-law compliant products, services and marketing campaigns, including developing effective privacy and cybersecurity policies and protocols and consumer consents. Our attorneys also have experience reviewing cyber insurance policies, negotiating data privacy and data protection provisions in contracts, and performing privacy due diligence in M&A transactions. When a data breach occurs, we have the experience to conduct investigations and counsel clients on these matters, the skill sets to swiftly identify, monitor and address related legal challenges, as well as the ability to address and deal with any insurance coverage issues that may arise.

Specifically, our attorneys have experience counseling clients with the following concerns:

  • State personal information and privacy laws (such as the Connecticut Data Privacy Act, the California Consumer Privacy Act (the CCPA), and Massachusetts’ Standards for the Protection of Personal Information.
  • Healthcare privacy and security laws – HIPAA , Part 2 and medical state pricing laws
  • International privacy and data security laws (such as the EU’s General Data Protection Regulation (GDPR) and e-Privacy Directive, Canada’s PIPEDA and similar laws in other countries), and transborder data flow mechanisms (such as EU model standard contractual clauses, and the Department of Commerce’s EU-U.S., UK-U.S., and Swiss-U.S. Data Privacy Frameworks
  • Direct marketing – faxing, telemarketing, email and text message marketing (e.g., the Telemarketing Sales Rule, CAN-SPAM, Telephone Consumer Protection Act (TCPA), Junk Fax Prevention Act and similar state laws)
  • Financial privacy and security laws – Gramm-Leach-Bliley
  • Child privacy laws – COPPA
  • Educational privacy laws – FERPA
  • Consumer privacy laws, such as the Fair Credit Reporting Act
  • Compliance with data protection standards (such as PCI DSS, NIST and ISO 27001)
  • Ransomware attacks
  • Federal computer fraud and abuse act and State anti-hacking laws
  • Federal and State breach notification laws
  • Unfair and deceptive trade practice laws (such as the FTC Act and CUTPA)
  • Workplace privacy and employee monitoring
  • Behavioral advertising – FTC’s and DAA’s Behavioral Advertising Privacy Principles
  • Cookie compliance

News & Insights


Case Studies

Practice Contact

Related Areas

Publication Signup
Jump to Page