Legal Services
The clients we serve
We have worked with a wide variety of organizations spanning nearly every industry -- from the largest multinational corporations in the world to the smallest startups and nonprofits. We have had the privilege of serving the most innovative and trusted companies around the world, often helping navigate the landscape of law and cutting-edge technologies. We have worked with clients in pharmaceutical and medical device, life sciences, health technology, laboratory and diagnostic services, hospitality, food and restaurant, retail, sports, social media, and technology industries, and universities and their foundations, and including both for-profit and non-profit entities.
A broad spectrum of digital governance matters
Crosley Law Offices has positioned itself at the intersection of technology, data, and law. Our team advises clients on a variety of matters under the broad umbrella of digital governance. Examples of specific matters or projects include:
-
U.S. state and federal privacy compliance
-
Global privacy compliance, including experience with the EU GDPR, UK GDPR, Brazil's LGPD, and China's PIPL
-
Developing and helping operate internal oversight review board structures, policies, and procedures
-
Digital litigation and incident response management, including preparation for and response to privacy litigation, deep fake intrusions and incidents, and allegations of AI harms.
-
Developing digital governance maturity model programs to assist companies in practically assessing and tracking program maturity and compliance with state, federal, and global laws
-
Interacting and convening meetings with government agencies and authorities around the world, on behalf of clients
-
Website and mobile app assessment and inventory to manage digital risk, including cookie, pixel, and SDK compliance and consent management
-
Drafting public-facing privacy documents, including required privacy statements, cookie statements, consumer health privacy policies, and retention policies
-
Assisting teams to develop standards around marketing messaging that meets requirements under state laws, TCPA, CANSPAM, EU GDPR, and others
-
Drafting internal privacy policies and documents, including data subject response procedures, record of processing activity, and standard operating procedures
-
Developing and implementing privacy impact assessments (PIAs) and high-risk assessments (also called Data Protection Impact Assessments, or DPIAs)
-
Drafting, editing, or negotiating data protection addendums (DPAs) that meet changing legal requirements and anticipate developments from pending regulations
-
Completing risk assessments against well-known frameworks, such as NIST
-
Completing audits for compliance with the HIPAA Privacy, Security, and Breach Notification Rules
-
Data breach incident response, investigation, and notification
-
Incident response management, including development or testing of incident response plans and running tabletop exercises
-
Website and mobile app management, including audits of cookie behavior and working links
-
Cross-border data flows, including advising on the EU-US Data Protection Framework, transfer impact assessments, and standard contractual clauses
-
Creating and/or delivering training on privacy and security updates, including—for example—updates on emerging topics such as artificial intelligence, children’s data, biometric data, or trends in digital litigation.
Our unique approach to serving clients – virtual and in-person privacy secondments
While we often serve in a traditional capacity as outside counsel for our clients, we also offer either in person or virtual privacy secondments with experienced privacy officers with 20 plus years of experience in company privacy leadership roles and senior attorneys with deep experience in secondment positions. We offer both hourly and project-based rates depending on the type and scope of work. To inquire about these arrangements, please contact us.
Crosley Law Offices is an IAPP corporate member.