Data Protection Consulting

Whether you merely need to refresh your Privacy Policy, Terms of Use and Cookie Policy, or you need Data Protection Consulting regarding compliance and best practices, a Data Protection Impact Assessment, Corporate Security or Data Breach Response Plan, we have you covered. 

PRIVACY Compliance


CalOPPA - For years the California Online Privacy Protection Act was the U.S. standard for data protection and online privacy. Enacted in 2004, CalOppa requires websites and apps to:

  • have a clear and conspicuous privacy notice regarding the collection and handling of personally identifiable information collected from users;
  • including the process by which users can request changes to personally identifiable information (if such a process exists);
  • a statement regarding how you handle 'Do Not Track' signals; and
  • that you notify affected users in the event of a data breach.

On June 28, 2018, California unanimously passed the California Consumer Privacy Act of 2018 (CCPA), the strictest privacy law in the U.S. that will go into effect in January 1, 2020 and will become enforceable on July 1, 2020.

The law has already undergone several revisions and amendments. The California privacy law is more narrow in scope than the GDPR in that it applies to certain businesses collecting or processing data from California "consumers" and their "households", which (as of September 2018) relates to California citizens, as defined by the California tax code. So while this law is extraterritorial like the GDPR, in contrast, it applies to people based on citizenship, not geographic location.

In addition to regulatory fines, CCPA creates a private right of action for consumers for data breaches while simultaneously doing away with class action waivers and mandatory arbitration clauses, which may mean big business for attorneys prosecuting data breach claims.

COPPA - The Children's Online Privacy Protection Act went into effect in 2000 and governs websites marketing to children under 13. If your site is engaged in the collection or processing of children's data, you have additional compliance obligations that require technological integrations.

As of March 2018, all 50 U.S. states have passed data breach legislation with 11 U.S. States having passed new or revised data breach legislation in 2018. These varying state laws have different definitions of data breach, timelines and responsibilities for data breach notice and compliance.


GDPR - The General Data Protection Regulation, considered the most stringent privacy law in existence, went into effect on May 25th, 2018. The regulation expanded user rights, obligations for data processors, as well as data collectors. This international regulation has brought the privacy discussion to the forefront due to hefty fines which can range from 4% of annual global turnover or roughly $24 million dollars, whichever is greater.

The 2002 ePrivacy Directive and Regulation (still in committee) are separate and distinct from the GDPR though the GDPR does redefine consent outlined in the ePrivacy Directive. This law is also known as the "Cookie Law" because it deals with tracking such as cookies, web beacons, etc. it also deals with marketing communications via email, direct mail, SMS messages and more. You should also know that in addition to the EU-wide ePrivacy Directive, member states have national laws regarding marketing communications with varying regulations regarding consent, prohibited communications and do not call registries.

Lawyers and in-house counsel unfamiliar in tech and privacy law are seeking data protection compliance for assistance in achieving and maintaining their clients' compliance.





What is the responsibility of a Data Protection Officer

Data Protection Officer is someone who is given formal responsibility for data protection compliance within a business.  – You are required to appoint a Data Protection Officer if:

  • Your organization is a public authority; or
  • You carry out large-scale systematic monitoring of individuals (for example, online behavior tracking); or
  • You carry out large-scale processing of special categories of data or data relating to criminal convictions and offenses.


Business registration attorneys and startup lawyers, assist businesses in selecting and registering their business entity. Check out our answers to your frequently asked questions below or contact Kinney Firm to see how we can assist you in launching your business.