Online Privacy & Data Security Law

If your business or product exists on the internet, you need to protect yourself by following online privacy and data security laws; failing to do so can result in steep penalties that could threaten the life of your business.

Our skilled internet law attorneys will help you craft strong data security and privacy policies to reduce risk, or powerfully defend you in an active case.

Professional Listings
  • Best-Lawyers-Chicago-Tax-Attorney-Andrew-Gordon-Avvo
  • Andrew-Gordon-Chicago-Attorney-Super-Lawyers-Rising-Star
  • Best-Tax-Attorneys-Chicago-Lawyers-Andrew-Gordon-Justia
As Seen In

What can an online privacy lawyer do for you?

Our first mission is to proactively ensure your business is following the latest laws and regulations. Our online privacy lawyers will conduct a thorough review of your privacy policy, data collection and storage practices, and internal company policies to ensure you’re meeting the most stringent standards for online privacy and data security law.

No matter where your business is located, you’re responsible for following the law anywhere that you have customers or online users.

Does your business…

  • Collect and/or store any personal information, including email addresses, credit card information, Social Security Number, or user photographs?
  • Allow residents of California, Europe, or the U.K. to access your website?
  • Allow children 12 and under to access your website or use your app?
  • Transfer data from one location to another?

If so, a comprehensive online privacy review can save you thousands of dollars in potential penalties or lawsuits.

Contact Gordon Law Group

Submit your information to schedule a confidential consultation







Online privacy lawyer for active disputes

If you’re already facing a breach of online privacy law, our experienced and trusted attorneys will fight to protect your business and minimize disruption.

Our attorneys are licensed in Illinois state and federal courts, but we’ve also worked with local counsel on disputes in many other states. Our team represents businesses of all sizes and across industries, and we have particular insider knowledge of cutting-edge fields including ecommerce, affiliate marketing, cryptocurrency, esports, and more.

Most importantly, we’re committed to providing rapid, personal attention to every single client. When a threat to your business is giving you headaches, you can count on our team to stand by your side and provide clear guidance every step of the way.

Call us today for a confidential consultation.

Our focus on online privacy and data security

We’ve helped clients:

  • Develop ironclad compliance procedures and documentation
  • Write privacy policies, terms of service, and online agreements that follow the most stringent regulations
  • Develop employee education practices to ensure long-lasting results
  • Conduct cross-border data transfers safely and legally
  • Handle mergers and acquisitions with data security in mind
  • Comply with GDPR and other data requirements

Online privacy laws you need to know

Online privacy and data security laws should be a fundamental consideration for all businesses, websites, and digital apps. Several federal statutes govern the handling and storage of personally identifiable information. Additionally, most commercial sites must comply with a patchwork of state online privacy and data breach rules. 

For example, if your business is based in Illinois, but you allow California residents to access and interact with your website, you’re also beholden to the Golden State’s arsenal of online privacy laws.

Here are just a few of the online privacy laws that can present a legal snag for your business if you’re not careful.

Children’s Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act (COPPA), as you can probably glean from its name, protects minors’ identities online. The law applies to websites, apps, and other digital platforms that collect data from children aged 12 and under. Penalties for not complying with this federal online privacy law are steep. So, if you have a website or app that children may use, make sure it’s COPPA compliant. If you need help, get in touch today.

Financial data privacy parameter of the Gramm-Leach-Bliley Act

Also known as the Financial Modernization Act, the Gramm-Leach-Bliley Act ushered in several measures that addressed the realities of a digital, global financial market.

In addition to regulatory issues, a section of the law (15 U.S.C. Sections 6801-6809) addresses digital privacy and outlines how businesses must handle personal financial data.

Primarily, companies that collect or store users’ financial information (including credit card numbers) must implement heightened security measures to ensure the data stays safe. Additionally, the bill includes various consumer reporting, notification, and opt-out requirements.

General Data Protection Regulation (GDPR)

On May 25, 2018, the General Protection Data Regulation went into effect. Though a measure installed by the European Union, websites and digital platforms that allow EU and U.K. users must comply or risk a gigantic fine.

The GDPR’s goal is to give users control over their data. As such, the statute requires websites to provide certain information to users upon request, in addition to a handful of collection and deletion standards.

Data privacy provision of the Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) includes a strict online privacy parameter regarding “protected health information” – a.k.a. PHI. Any company or website that collects or handles PHI is bound to the law.

What information falls under the HIPAA protection umbrella? Names; Telephone numbers / contact information; Birth, death or treatment dates, and any other dates relating to a patient’s illness or care; Medical Record Information; Social Security numbers; Photographs; Voice, Facial, and Fingerprints; and Any qualifying unique identifying or account number.

Are you HIPAA compliant? Check in with legal practice with an online privacy division (like us) to make sure. We’ll review your business model and offer suggestions on how to comply with HIPAA’s privacy provisions and all other local, state, federal, and international digital and business law statutes.

California Online Privacy Protection Act (CalOPPA)

As stated, California has some of the strictest online privacy laws in the country. If you meet California’s online privacy bar, you should be good to go for all other states.

Primarily, the law makes privacy policies mandatory. Moreover, if platforms collect or store personally identifiable information (PII), then they must comply with specific digital privacy standards.

California companies aren’t the only entities bound to CalOPPA’s provisions. If your website makes money in any way — even $1 a month via advertising — and you allow California residents to access your platform, then you’re subject to California’s online privacy law.

Unsure if your app or website complies with CalOPPA? We’ll do a legal audit and determine your path to compliance.