Examples of Marla’s experience include:

• Advised clients on drafting policies and procedures and developing internal compliance programs with respect to a broad range of data protection laws, statutes, and regulations, including consumer privacy requirements, data breach preparation and response, data subject requests, digital marketing and targeted advertising, health care privacy laws, vendor management and data processing agreements, international data transfers and localizations, and written information security plans.
• Assessed and identified the current state of an organization’s policies and procedures to determine its compliance with the CCPA.
• Assessed whether a business’s data processing and cybersecurity measures satisfy federal, state, and foreign laws and regulations and industry standards.
• Assisted businesses in responding to data subjects invoking rights under the GDPR, including a data subject’s requests for access and/or erasure.
• Assisted global enterprises in designing and implementing GDPR compliance programs, policies, and procedures.
• Drafted multiple joint controller and controller-to-processor data processing agreements for global corporations and their third-party service providers and contractors.
• Drafted new or supplements to existing internal policies and procedures to address how an organization will intake, process, and respond to CCPA data requests (e.g., access, portability, erasure).
• Drafted online terms and conditions and privacy policies for domestic and global companies.
• Drafted webpage privacy policies for companies marketing and selling goods, services, and products in the European Economic Area (EEA).
• Prepared and negotiated third-party service provider agreements to address data privacy and information security, data breach liability, and confidentiality.
• Provided businesses, including private investment firms, with data privacy and cybersecurity due diligence risk assessments in the M&A context.
• Provided recommendations, including representations and warranties, to purchasing companies to mitigate data privacy and cybersecurity risks when purchasing target companies.
• Provided contractual terms for an organization to use with its third-party vendors to ensure they address each party’s obligations pursuant to the CCPA and responsibilities related to data processing, assistance, and security.