Practice Areas

Data Privacy & Cyber Security

Data Privacy cover image

Data Privacy & Cyber Security

How companies collect, use, and share personal data, how secure their data systems are, and how transparent they are about their data privacy and security practices, are popular public and legal issues. With several high-profile data breaches and data mining scandals, online privacy is a hot topic among legislatures, government regulators, consumer advocacy groups, and industry leaders. Privacy concerns also generate the attention of consumers. Indeed, consumers more regularly read websites’ and apps’ terms and conditions and privacy policies, which they used to largely ignore.

Companies need to be vigilant about their data privacy and security policies and practices. Government agencies and private groups are policing those practices to monitor whether companies are complying with their own policies and promises and maintaining industry standards on data security. Corporate and consumer customers expect organizations to maintain significant data security practices. Increasing enforcement actions and private lawsuits (including large class actions) have compelled companies to better vet their data collection and usage practices, engage experienced legal counsel and outside privacy vendors, and ensure their practices match their public-facing policies.

Ifrah Law has extensive experience in data privacy and cyber security law and is recognized as an industry leader. Practice Group Leader, Michelle Cohen, was recently appointed by OneTrust, a leading privacy, security and third-party risk technology platform, as a D.C. Chapter Chair of “Privacy Connect,” a global community of privacy, security and marketing professionals focused on tools and best practices. Michelle has also been recognized by the National Law Journal as a “Top Rated Lawyer” multiple times. She is featured as technology law policy expert on “Sourcelist,” through the Brookings Institution. Since 2008, Michelle has been certified as a Certified Information Privacy Professional – CIPP (US), through the International Association of Privacy Professionals (IAPP). Associate Nicole Kardell currently co-chairs IAPPs Washington D.C. KnowledgeNet chapter, which regularly hosts meetings and seminars regarding cutting-edge privacy topics in the D.C. area for privacy professionals Nicole has been certified as a CIPP (EU) privacy professional for several years Nicole and Michelle author the OneTrust DataGuidance privacy law overview for the District of Columbia.

Our Data Privacy and Cyber Security Team regularly advises organizations on developing industry-appropriate protocols, drafting privacy policies, and preparing for, and responding to data breaches. Our attorneys counsel businesses and individuals on information storage and rights of retrieval and deletion. Our clients span many industries, including fintech companies, healthcare companies, non-profit organizations, and social media influencers. In our Chambers-ranked Gaming practice, our clients are often required to collect substantial personal information to verify age, geolocation, and in furtherance of AML requirements. We help these businesses ensure that their practices comply with the evolving privacy and data security requirements, including substantial new state requirements.

Case Studies

Swift Resolution of a Potential TCPA Class Action

A plaintiff alleged that Ifrah Law’s longtime client, a company that provides fax and voice broadcast services to Fortune 500 businesses, sent faxes to her cellular phone without consent and in violation of the federal Telephone Consumer Protection Act of 1991 (“TCPA”). Claiming she represented a class who had also received these faxes, she sought statutory damages under consumer protection laws aimed at preventing unsolicited communications.

Years earlier, Ifrah Law had helped this client anticipate potential challenges under the TCPA, and helped mitigate its risk by ensuring its business model fit within the “fax broadcaster defense,” which protects innocent fax broadcasters from TCPA liability.

During discovery for this putative class action, it became apparent that our client had instituted superior compliance protocols, and the matter settled swiftly for a nominal amount.

Read Case Study +

Successful Use of the Digital Millennium Copyright Act (DMCA)

When a blogger posted email exchanges directly from a hacked computer, and the exchanges contained copyrighted material, Ifrah Law utilized the Digital Millennium Copyright Act (DMCA). DMCA takedowns are a powerful tool in data piracy issues, providing a process for a copyright owner to give notification to an online service provider concerning alleged copyright infringement.

Ifrah Law sent DMCA notices to the two web hosting services in California and Pennsylvania, requesting the immediate takedown of the sites due to copyright infringement. Almost immediately upon receiving the request, the web hosts took down the site or the offending material. We sent a similar notice to Facebook, which took down the offending material, as well.

Copying and stealing of content does not have to be taken for granted on the internet. Trademarks and intellectual property can and should be protected. You can stop it, and Ifrah Law can show you how.

Read Case Study +

Takedown Notice Success for an International VIP

When a blogger posted information about an important Middle Eastern leader on a site containing threats to both the national security of the politician’s country as well as the United States – and to the life of the politician – Ifrah Law immediately responded to get the information taken down. However, two web hosting companies created a sub-domain for the website, and refused to disclose their users.

We argued that the content posed an immediate threat to national security, and the blogger had violated one site’s terms and condition. We invoked the Digital Millennium Copyright Act (DMCA), which forces an internet service provider (ISP) to remove information from users’ websites that may infringe a copyright, as well as provides for a takedown notice.

Ifrah Law successfully utilized takedown notices with two of the blogger’s ISPs, plus Facebook and other sites.

Read Case Study +