Legal and regulatory compliance

• Advice on the requirements of laws and regulations relating to privacy, cybersecurity or AI and compliance with those requirements
• Notices and public-facing policies
  • GLBA
  • FCRA
  • State comprehensive privacy laws
  • Website privacy policies
  • Security statements
  • Company ethical principles relating to privacy, cybersecurity or AI
• Analysis of data use, sharing and protection arrangements
  • Contractual provisions, addenda and Data Protection Agreements
  • Drafting, revising or negotiating agreements or provisions
  • Crafting template agreements or provisions
  • Cross-border transfer agreements
• Policies and playbooks around AI development and use
• Review of the consumer data rights request and response process
• Regulatory examination preparation
• Updates on impactful laws and regulations

Incident prevention and response

• Review and revision of incident response playbook
• Negotiation of contractual provisions and drafting of templates
  • Business partners
  • Service providers
• Tabletop exercises
• Breach coach
  • Quarterback response
  • Engagement of professional service providers
  • Crafting of notices and public statements
  • Public company filings
  • Work with regulators or AGS
• Post-incident evaluation and program remediation

Risk assessment of the compliance program

• Program gap analysis
• Impact assessments
  • Privacy
  • Cybersecurity
  • Al
• Vendor and relationship risk review
• Data mapping, data flow and related reviews
• Al planning and implementation

Knowledge assessment, training and awareness

• Employee training
• CLES

Advise on other strategic issues

• M&A risks relating to privacy, cybersecurity and Al
• Privacy/security by design initiatives
• Strategic compliance planning
• Board education and interaction

Hands-on support for changes in

• Business or structure
• Personnel