Data Privacy and Security

KP Law’s Privacy Practice Group provides clients with broad-ranging data privacy and security legal services.  Knowing the challenges our public and private clients face in this data-driven world, we provide comprehensive legal assistance on a wide variety of privacy matters including but not limited to data retention, data breach responses, confidential data assessments, and risk management.  We also represent clients before state and federal regulatory agencies with respect to data privacy issues.

Examples of representative Privacy Practice client services include:

  • Data privacy and risk mitigation training;
  • Drafting and adoption of data privacy policies and procedures;
  • Compliance with the Health Insurance Portability and Accountability ACT (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Omnibus Rule’s Privacy and Security requirements;
  • Mitigation and reporting of data disclosures;
  • Compliance with the Massachusetts Security Breach Law, G.L. c. 93H, and adoption and implementation of Written Information Security Programs (WISPs);
  • Risk management for the retention and use of confidential data, including protected health information;
  • Public entities’ compliance with the Massachusetts Public Records Law and the Open Meeting Law in coordination with statutorily protected privacy interests;
  • Advising clients on the Criminal Offender Record Information (CORI) law and Massachusetts Civil Fingerprinting Background Checks for employee, school personnel and occupational license applicants; and
  • Law enforcement’s collection and disclosure of confidential or personally identifiable information.