Through Pullman & Comley’s practices counseling clients in the IT/technology, health care, financial services, marketing/market research, and numerous other industries, our attorneys regularly assist clients that collect and use large amounts of personal data and contact consumers through a variety of media.  We field questions regarding the expanding web of state, federal and international privacy and data security regulations.  Our goal is always to offer practical advice that enables our clients to comply with these laws while achieving their business goals.

Members of our Privacy and Data Security practice are skilled corporate counselors and litigators. We advise our clients on how to structure privacy-law compliant products, services and marketing campaigns, including developing effective privacy and cybersecurity policies and consumer consents.  Our attorneys also have experience negotiating data privacy and data protection provisions in contracts and performing privacy due diligence in M&A transactions.  When a data breach occurs, we have the experience to conduct investigations and counsel clients on these matters and the skill sets to identify, monitor and address related legal challenges early on. 

Specifically, our attorneys have experience counseling clients with the following concerns:

  • Federal and state breach notification laws;
  • Unfair and deceptive trade practice laws (such as the FTC Act and CUTPA);
  • State personal information and privacy laws (such as, California’s Consumer Privacy Act (the CCPA), Massachusetts’ Standards for the Protection of Personal Information, and Connecticut’s Act Concerning the Confidentiality of Social Security Numbers);
  • Healthcare privacy and security laws – HIPAA and similar state laws;
  • Direct marketing – faxing, telemarketing, email and text message marketing (e.g., the Telemarketing Sales Rule, CAN-SPAM, Telephone Consumer Protection Act (TCPA), Junk Fax Prevention Act and similar state laws); 
  • S. financial privacy and security laws – Gramm-Leach-Bliley;
  • Child privacy laws – COPPA;
  • Educational privacy laws – FERPA;
  • Consumer privacy laws, such as the Fair Credit Reporting Act;
  • Compliance with data protection standards (such as PCI DSS, NIST and ISO 27001);
  • International privacy and data security laws (such as the EU’s General Data Protection Regulation (GDPR) and Cookie Law, Canada’s PIPEDA and similar laws in other countries), and transborder data flow mechanisms (such as EU model contracts and the Department of Commerce’s EU-U.S. and Swiss-U.S. Privacy Shield Frameworks);
  • Workplace privacy and employee monitoring; 
  • Behavioral advertising – FTC’s and DAA’s Behavioral Advertising Privacy Principles 

News & Insights


Case Studies

Practice Contact

Related Areas

Publication Signup
Jump to Page