Privacy and Data Security Law Attorney

Internet Privacy and Data Security Lawyer


Hinch Newman assists Internet marketers and companies of all sizes with data privacy and security issues.  The firm advises clients with preventive privacy compliance issues and defending regulatory investigations pertaining to alleged unfair data security practices.

An online privacy and cybersecurity law firm, Hinch Newman assesses clients' domestic and global data collection, use and disclosure practices.  The firm drafts website privacy policies, conducts advertising and disclosure clearance reviews, develops and implements corporate information security protocols, drafts commercial marketing agreements, and keeps clients abreast of emerging state, federal and international data use legal requirements.

The firm also possesses significant experience with tracking and online behavioral marketing technology platforms utilized by Internet marketers in conjunction with advertising campaigns.

Exceptional Coverage and Foundational Understanding


The firm’s practice provides exceptional coverage of substantive areas of state, federal and international privacy and data security laws, including various legal structures, digital advertising and marketing, behavioral advertising, geo-location data and social media issues.  

We counsel clients on laws and regulations governing GDPR-requirements, information management, data inventory, data sharing and transfers, data collection and retention, user preference management, privacy program development, written information security plans, data breach notification and incident response programs, workplace privacy, online privacy and privacy policies, vendor management, standard contract provisions, international data transfers, U.S. Safe Harbor and Privacy Shield, Children’s Online Privacy Protection Act (COPPA), Telemarketing Sales Rule, Telephone Consumer Protection Act (TCPA), Do Not Call registry (DNC), FTC and state attorneys general privacy enforcement actions, private rights of action, unfair and deceptive trade practices, and other theories of legal liability.

See the FTC’s Privacy & Data Security Update (2018), here.

Children’s Online Privacy Protection Act (COPPA), Telemarketing Sales Rule, Telephone Consumer Protection Act (TCPA), Do Not Call registry (DNC), FTC and state attorneys general privacy enforcement actions, private rights of action, unfair and deceptive trade practices, and other theories of legal liability.

Privacy Litigation


Hinch Newman knows how to apply privacy laws and regulations, from jurisdictional laws and consumer protection statues to legal requirements for handling and transferring data.  In addition to data privacy legal regulatory compliance, this substantive knowledge enables the firm to represent clients in a broad spectrum of cybersecurity-related litigation matters.

The firm is skilled in handling complex privacy-related litigation matters, including allegations of “unfair and deceptive” business practices, Telephone Consumer Protection Act class action defense and various common law privacy torts.

Information Risk Minimization


The firm works closely with clients on multiple aspects of information risk management, and privacy and data security legal and regulatory compliance.  The foregoing includes issues such as data asset inventories, vendor assessment, data use disclosures and information governance. 

We have also represented tech entrepreneurs against government investigations related to malicious cyber-related incidents, and work with clients to implement marketing solutions, consumer-facing disclosures and marketing materials.

You need an experienced Internet privacy and data security attorney  who can assist with specific online marketing and eCommerce measures to protect and manage sensitive information. If the information falls into the wrong hands, it can lead to fraud or identity theft.  The cost of a security breach can be measured in the loss of your customers' trust, which makes safeguarding personal information just plain good business.

State Legislation


Internet marketers that partner with vendors, service providers or other marketers are faced with privacy and data security compliance risks.  Where regulatory protocols exist, they must be incorporated into business operations, monitored and adhered to.  State-specific requirements such as those enacted in California, Colorado, Massachusetts, Nevada and Vermont must be afforded special attention as all have pioneered privacy and cybersecurity legislation.

Privacy lawyer Richard B. Newman provides counsel on the GDPR, CCPA, and other consumer privacy legislation.

California's Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et seq. requires U.S. companies to implement a number of privacy initiatives designed to provide California residents landmark data privacy rights in the United States. 

With limited exception, the CCPA applies to "businesses" that collect and sell consumers' “personal information” or disclose personal data for business purposes.  The California law contains expansive definitions for key terms and considerations, including, what business are covered under the law, who qualifies as a "consumer," what constitutes a "sale," and what constitutes "personal information.”  The CCPA does not apply to   information that is subject to other federal regulation, including, the Health Insurance Portability and Accountability Act, the Gramm-Leach Bliley Act, the Fair Credit Reporting Act or the Drivers’ Privacy Protection Act.  The CCPA, however, does apply to entities covered by these laws to the extent they collect and process other personal information about consumers.

At its core, the CCPA provides consumers with a number of rights, including a right to transparency about data collection, a right to request the deletion of their information, a right to opt-out of having their data sold and an opt-in requirement for minors.  Without limitation, consumers have the right to know whether their personal information is being collected, what information is being collected, for what purposes it is being used and/or sold, the categories of sources from which that information is collected, and the categories of third party transferees with whom  the information is shared.

The CCPA also contains provisions that prohibit businesses from discriminating against consumers for exercising their rights, including by charging consumers that opt-out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data.

A deliberate and strategic approach is complying with the CCPA is of paramount importance for digital marketers.  Consult with an experienced privacy law attorney to address issues such as, without limitation, updating privacy notices and policies, updating data inventories and business processes, identifying what categories of personal information are transferred to third parties, implementing appropriate protocols to ensure that consumers are afforded applicable statutory rights and updating third party vendor and client contracts.  In situations where third parties have paid for consumer data, processes must be implemented in order to address opt-out and deletion requests. 

Additionally, employees handling consumer inquiries are required to be trained with respect to the CCPA's requirements.

The CCPA also contains a data broker registration component.  Those that qualify as "data brokers" are required to register with California’s Attorney General for a fee and provide various pieces of information that will be included on a publicly available directory, such as the data broker’s name and primary physical, email and Internet website addresses.  Data brokers will be required to register by January 31 of each year.

Vermont is the only other state in the nation for a data broker registration law.  The Vermont law also requires "data brokers" to register annually with the Vermont Attorney General and pay an annual registration fee.  It requires, without limitation, the disclosure of information regarding practices related to the collection, storage or sale of consumers' personal information, as well as practices, if any, for allowing consumers to opt-out of the collection, storage or sale of personal information.  The law also requires data brokers to develop, implement and maintain a written, comprehensive information security program that contains appropriate physical, technical and administrative safeguards designed to protect consumers’ personal information.

Hinch Newman works with digital marketers to achieve compliance with data privacy laws, such as the CCPA and its data mapping, privacy policy, website disclosure and data broker registration obligations.  Contact a privacy attorney for assistance developing and implementing practical privacy policies compliant practices.

General Data Protection Regulation (GDPR) Compliance


The General Data Protection Regulation is the framework for European Union privacy and data protection.  It applies to companies with an establishment in the EU, as well as those outside the EU that offer products and services to EU data subjects or monitor the behavior of EU data subjects, and consequently, process personal data of EU data subjects.  For those that are covered by the GDPR, compliance is essential.

You need an experienced privacy and data security lawyer with a solid understanding of the scope of the GDPR, how “personal data” is defined, the enhanced rights for data subjects, notice requirements, privacy by design, accountability, breach notification, penalties, and requirements for data controllers and data processors.  Hinch Newman works with clients to evaluate whether they are subject to the new rules, how they can comply, current privacy and data protection policies and procedures, gaps remediation strategies and best practice implementation.

Please contact us at (212) 756-8777, via email to info@hinchnewman.com or via our Online Case Submission Form.    

Please contact us at (212) 756-8777, via email to info@hinchnewman.com or via our Online Case Submission Form.