Understand Your Data Privacy Lifecycle
- How each piece of data is collected (such as via websites, web forms, email, automated processes, and mobile apps)
- What categories of data are collected (commercial, biometric, Internet activity, unique persistent identifiers, etc.)
- What specific data is collected (name, address, email address, phone number, IP address, etc.)
- How informed consents are obtained and stored
- Whether the company collects any “sensitive data,” such as credit card information, social security numbers, health information, etc.
- How the company uses each piece of personal data collected
- Where each data subject resides (U.S. – CA, CO, VA and other states, Canada, EU, etc.) to evaluate compliance with all applicable data privacy laws
- Third parties to whom personal data is disclosed and/or sold (including “subprocessors”)
- How each third party will use, disclose, retain, and delete such personal data, as specified in the company’s agreement and data processing addendum (DPA) with each third party
- Whether the company is able to process “do not track” elections
- How the company will process requests from data subjects to access, delete, and change their personal data
- What the company’s data retention policy is, where data is stored, how (including encryption details), and how/when such personal data is deleted
- What are the company’s data breach notification and remediation processes
- Whether the company uses anonymized, de-identified and/or aggregated data and, if so, for what purpose(s)
Conduct a Data Mapping Exercise
A member of our California team, Virginia Fournier is a seasoned technology and privacy attorney with over 25 years of legal and business experience in the industry. She regularly handles a wide range of technology-related matters, including negotiating and drafting complex licensing agreements, compliance, data security and privacy, and intellectual property issues. Virginia is also a Certified Information Privacy Professional (CIPP/US).
This publication should not be construed as legal advice or a legal opinion on any specific facts or circumstances not an offer to represent you. It is not intended to create, and receipt does not constitute, an attorney-client relationship. The contents are intended for general informational purposes only, and you are urged to consult your attorney concerning any particular situation and any specific legal questions you may have. Pursuant to applicable rules of professional conduct, portions of this publication may constitute Attorney Advertising.