Privacy Laws, Data Privacy & Protection

Susan is a Certified Information Privacy Professional. She has achieved two certifications from the International Association of Privacy Professionals: one in privacy laws (CIPP/US), and another in data privacy and protection management (CIPM).

CCPA, FCRA, GLBA, Dodd Frank, TCPA, HITECH, AML, CAN-SPAM, HIPPA, PIPEDA, GDPR: these are the acronyms for the various consumer, financial and privacy laws Susan counsels on regarding data access requests, disclosures and privacy risk assessments. Susan advises on applicable data protection practices, reporting requirements and drafts appropriate documentation such as notices and disclosures for websites, business agreement provisions, and employee or independent contractor relationships. Susan can also help you with achieving compliance in data protection programs by developing policies, standard contractual provisions and disclosures and educational workshops for management, leadership, business units and staff.

Experienced working in, and conducting business via virtual and cloud platforms, Susan also advises on best practices for data protection, management and storage, and preserving confidentiality in work from home and remote environments. Susan works directly with clients, and also provides consultations to other professionals for their client matters.

As Privacy Counsel, Susan handles a broad range of responsibilities providing legal guidance on global projects affecting privacy, data protection and security. Experienced in providing advice to clients on different legal risks and obligations under privacy and data security laws in the U.S. and Europe (including CCPA and GDPR), Susan advises on and helps clients manage internal privacy policies, procedures and data lifecycle, security and privacy. Susan proactively helps to minimize risk of a breach by developing, enhancing, and scaling your existing global privacy program from privacy operations and documentation to employee training on data privacy and security to policy enforcement as well as privacy compliance program monitoring, auditing and conducting third-party risk assessment(s). More specifically, duties Susan can handle for your business or organization in data privacy and protection are:

  • Develop and implement external privacy notices.
  • Conduct assessments of existing privacy and data protection programs for possible risk of privacy violations and provide recommendations for remediation or correction(s).
  • Provide privacy and data security subject-matter expertise and guidance to colleagues (including commercial, product and employment counsel), sales and procurement, product and engineering (by design) teams.
  • Draft provisions and provide privacy subject-matter support in negotiation of contracts for sales and vendor management.
  • Respond to privacy and security related customer and regulatory inquiries and investigations, and draft regulatory filings, coordinating appropriate responses with global positions.
  • Draft external privacy notices and disclosures, and manage/update internal policies and procedures to ensure compliance with global laws bearing on privacy and cybersecurity.
  • Monitor and ensure a program's ongoing compliance and education of staff on same when new laws, regulations or court decisions are issued.
  • Work directly with Human Resources, Product Engineering, Compliance, Marketing and Customer Service teams to scope and perform periodic data privacy assessments, mitigation and remediation, including data privacy by design and default, accountability and compliance monitoring, and the mitigation of privacy and security risks.
  • Provide updates on relevant consumer protection, privacy and data security laws and regulations, industry approaches to privacy program management, and on privacy and security technological developments, threat vectors, and evolving industry standards to provide an ongoing ability to provide sound compliance advice.
  • Due Diligence for Sellers/Buyers in Potential Mergers, Acquisitions and Sales. If you are thinking about buying, selling or merging a business, Susan can help conduct a thorough due diligence of both the proposed purchased assets and assumed liabilities of the business and the data protection and privacy information flows to minimize risk and potential liability.

Incident Response. Should you have already discovered a possible data incident at your business or organization, Susan can direct forensic investigation of the situation under the privilege and work product protections. Among the other matters Susan can handle for you in this realm:

  • Advise you as to legal obligations concerning the notification requirements for affected consumers, business partners and regulators.
  • Oversee the notification of third parties to communicating with applicable authorities and law enforcement and responding to regulatory inquiries involved in enforcement actions arising from the incident or breach.
  • Defend and represent your interests in state or Federal regulatory enforcement action as a result of a data breach or alleged data privacy violations.
  • Analyze and review agreements for indemnification and other contractual liability issues relating to a data breach.

Third Party Vendor Relationships. Outsourcing business functions as well as engaging in cloud service providers has become commonplace during the pandemic. Before engaging in a contractual relationship with a third party vendor wherein personal information of a customer, client or patient is to be shared, it is important to confirm that appropriate data protections and privacy policies are followed by the vendor. This checklist contains a summary of factors that can impact the Third Party Vendor relationship. Susan can advise on your specific third party vendor relationship and the applicable laws as well as help you negotiate appropriate protections in your contract.

Contact Us


Susan Berson
(816) 510-0179 (Mobile)

This website provides general information about legal issues and developments in the law. Such materials are for informational purposes only and may not reflect the most current legal developments. These informational materials are not intended, and must not be taken, as legal advice on any particular set of facts or circumstances. You need to retain an attorney for advice on specific legal issues.

© 2017 - 2021 Berson Law LLC