Data security & privacy
As the regulation of how businesses use, store, and transmit data becomes more complex, companies and executives must navigate between state-specific and industry-level privacy and data security regulations. Foundry Legal has these covered.
Whether it’s a compliance question, an overhaul of data security policies, or an incident response and possible breach notification, Foundry Legal attorneys are up to speed on the latest changes and can assist. We have experience engaging with federal and state regulatory agencies and law enforcement authorities, a deep understanding of civil remedies available under state and federal laws, and experience advising companies in social media, defense, and financial services industries on legislative and regulatory developments. Some of the firm’s capabilities include:
- Data incident investigations, forensic review, and breach coaching
- State, federal, and international breach notification requirements
- Compliance with SEC disclosure obligations relating to cybersecurity
- Assessing security implications of cross-border transactions involving access to sensitive technologies
- Online privacy policies and terms of use
- Negotiating and drafting data protection addenda and software-as-a-service agreements
- Cyber risk management, including preparation of risk assessments and information security policies
- Advice and counsel pertaining to the European GDPR, California’s CCPA, HIPAA, GLBA, FERPA, as well as many other statutory and regulatory regime

California Consumer Privacy Rights Act – Text Only
The following is for reference purposes only and should not be relied upon by anyone to be complete or accurate. NOTE: Some of these statutes have
Colorado AG publishes data security best practices
Covered entities that maintain
protected personal or personally identifying information (PII) must take reasonable steps to protect that information, to dispose of it when it is no longer needed, and to promptly notify Colorado residents when their information is at risk of misuse by unauthorized third parties.