Data Privacy & Cyber Security


How companies collect and use consumer data – and how they inform consumers of those practices – is increasingly in the public eye. With several high profile data mining debacles, online privacy is a hot topic among government regulators, consumer advocacy groups and industry leaders. It’s also a topic generating attention among consumers. These days, consumers are more regularly reading websites’ and apps’ terms and conditions, which they used to hastily click through. And government agencies and private groups are policing companies’ practices to monitor whether companies are complying with their own privacy policies.

Companies doing business online need to think hard about their privacy policies. Increasing numbers of enforcement actions to ensure companies comply with privacy policies leads to the reality that companies also need to vet their data collection and usage practices.

Ifrah Law offers extensive experience in drafting privacy policies for various clients and website operators, as well as in litigation of privacy matters dealing with issues of data and information. Attorneys represent businesses and individuals with counsel on information storage and rights of retrieval, including criminal background websites and children’s privacy protections online through COPPA.

Publications + Presentations
July 20, 2015 | Publication

The Spy In Your Pocket

Read more

Case Studies

Takedown Notice Success for an International VIP

When a blogger posted information from a hacked computer about an important Middle Eastern leader, Ifrah Law was asked to help. The site contained threats to the national security of the politician’s country as well as the United States – and to the life of the politician. The matter needed immediate attention and we responded to get the site (and others where the statements had been posted) taken down.

The case was made more complex when two web hosting companies created a sub-domain for the website, and refused to disclose their users – as is their privacy policy.

But the law offers some remedies of its own. One is the Digital Millennium Copyright Act (DMCA), which is U.S. copyright law as well as part of two World Intellectual Property Organization (WIPO) treaties. The DMCA assigns no liability to an Internet service Provider (ISP) for transmitting information that may infringe a copyright, but it forces the ISP to remove materials from users’ websites that appear to be copyright infringement. The DMCA provides for a takedown notice to be sent to an infringer’s ISP.

Ifrah Law successfully utilized takedown notices with two of the blogger’s ISPs as well as Facebook and is pursuing other sites. We impressed upon the web hosting companies that the content posed an immediate threat to national security. We also emphasized to one company that the blogger had violated their terms and conditions.

Privacy issues on the Internet may be rampant, but they do not have to be a fact of life.

Ensuring TCPA Compliance for a Global Provider of Customer Management Services

On behalf of our client, a leading provider of customer management services with call centers around the world, Ifrah Law led a full-scale review of its customer communications to ensure that they comply with federal and state requirements, including those of the TCPA and the FTC’s Telemarketing Sales Rule (TSR). We addressed the many different types of calls that the company undertakes on behalf of its varied customer base – service calls, appointments, live sales calling and pre-recorded calls – to ensure that its call centers are using consistent protocols and controls in the United States, and that these protocols are in compliance with the TCPA and TSR. Our client trusted Ifrah Law with this extensive project due to our long history with managing TCPA matters – we have been involved with the TCPA since its inception in 1991 – and due to our prior work for the client, including successfully representing the client in two FCC inquiries.

We worked with the company’s Director of Privacy to develop a thorough understanding of the types of calls that the company makes for its customers, and the contractual protections that are in place and which could be revised to protect the company further. A critical aspect of this project was to educate leaders within the company that there are different TCPA requirements based on the type of call: technology used, person being called, whether the call is pre-recorded or live; mobile or business. We also wrote the call center guidelines and controls to ensure that all employees – from those being trained to the marketing team – had the same information regarding how to handle different types of customer call projects.

This large-scale process took a year to complete. Once the documentation was finalized, our client was ready to begin a company-wide training program on the guidelines, well in advance of TCPA rule changes.

Blog Posts
September 26, 2017

GDPR D-Day: If Not Prepared, It Could Cost You Europe

GDPR D-Day:  If Not Prepared, It Could Cost You Europe

GDPR D-Day: May 25, 2018. If you are not prepared, the results could cost you Europe. In the U.S., we’ve had a pretty business-friendly approach to consumer data protection. And while federal and state authorities have their respective consumer protection laws, there is no single federal law that clearly defines U.S. policy on how consumer… Read More

October 4, 2017

Customer Data Collection: GDPR Changes Everything.

Customer Data Collection: GDPR Changes Everything.

Beginning on May 25, 2018, companies which process the personal data of European Union residents will be expected to comply with the General Data Protection Regulation, or GDPR. Even companies located in the United States are subject to this regulation, and violating its terms may result in class actions and hefty fines. If your company… Read More

April 22, 2017

The FTC’s Role in Privacy

The FTC’s Role in Privacy

Acting Chairman of the Federal Trade Commission, Maureen Ohlhausen, answered questions about the FTC’s current role in data privacy before a crowded audience at the April 2017 IAPP Global Privacy Summit in D.C.  Below are some take-aways we wanted to share from Commissioner Ohlhausen’s talk: Even if out of ISP oversight, the FTC is actively… Read More

January 12, 2017

Online Reviewers Get New Protections

Online Reviewers Get New Protections

Your business booked a large charity event.  However, the customer contact turns out to be a nightmare. She complains (during and after the event) that the service was slow, the food looked and tasted like a frozen meal, and the drinks were watered down.  She even claims she was overcharged.  You reviewed the situation and,… Read More

January 4, 2017

Can Your Pacemaker Be Hacked?

Can Your Pacemaker Be Hacked?

Tom Kellermann, CEO of Strategic Cyber Ventures guest co-authored this post. A famous Homeland episode involved a terrorist gaining access to the Vice-President’s pacemaker.  Accessing medical devices to wreak havoc was one of the motivations behind certain provisions of the Digital Millennium Copyright Act (aka the DMCA).  The DMCA makes it “illegal to circumvent technological… Read More