Representative Experience
  • CCPA Compliance
    • Bradley assists clients with minimizing their exposure under the CCPA in several ways, starting with helping clients analyze their data collection activities to determine whether they are subject to or exempt from CCPA compliance under certain federal data privacy rules. Bradley’s team currently assists many clients with building out enterprise-wide CCPA compliance programs and advising on strategic implementation.

      Below is a representative list of companies for which we are currently providing CCPA advice:

      • Publicly traded eCommerce and retail sports company
      • Largest U.S. online lending marketplace company
      • National and regional banks and financial services companies
      • Non-bank mortgage originators and servicers
      • Large home-builder and retail entity
      • Game-day and sporting event “rent a spot” parking application developer
      • SaaS and mobile application developer focused on payment solutions and digital gym-memberships
      • Large nationally recognized university
      • Global Wi-Fi solutions company
      • Privately-held bottling, sales, and distribution company
      • Large producer of aggregates-based construction materials
      • Large network of hospitals, home health, and hospice agencies
      • Global manufacturer and producer of educational materials and toys
      • Real estate brokerage company
      • Crowdfunding platforms and P2P payment solutions company
      • Investment management and consultant company
      • Software and applications developer for municipalities and private parking operations
  • Compliance Programs, Privacy, and Data Security Counseling
    • Strategize, build, and implement large scale regulatory compliance programs for online loan shopping marketplace, mortgage lenders and servicers, banks, retail and media companies, and technology and software companies, including privacy program development and assessments under GDPR, CCPA, GLBA, and other state and federal regulations.

      Provide risk analysis, legal advice, and compliance-by-design in building out digital platforms and electronic products and services, including drafting plain-language and layered website terms and conditions and privacy policies.

      Advised clients on creation, implementation, oversight and legal requirements relating to setting up digital and electronic document file management and digital and biometric identity storage.

      Advised clients, including financial institutions, on implementation of controls, procedures and safeguards necessary for the operation of traditional and disruptive technologies.

      Assisted in the creation and implementation of appropriate policies and procedures designed to limit transaction and reputation risk, and corresponding change control mechanisms to ensure policies and procedures are implemented throughout the appropriate business units.

      Advised clients on creation of electronic contracts and related policies and procedures and risk management relating to the roll-out and use of electronic agreements.

      Review vendor contracts and negotiate provisions pertaining to privacy and security, audits, tests, evaluations, monitoring, breach incident response, and other privacy-related obligations.

      Work with client companies of various sizes across sectors to assess and improve cybersecurity profile.

      Advised clients on compliance involving various aspects of data storage, usage, and policies for data governance.

      Assessed and provided strategic advice on privacy and cybersecurity issues raised by new business endeavors involving confidential data for domestic and international companies.

      Negotiated contracts involving complex data storage and transfer issues, including international matters. Also negotiated wide range of contracts and provisions involving IT services, SAAS, and IP rights for clients in various industries, including healthcare, real estate, telecommunications, and software.

      Serve as lead privacy counsel and advisor to a university in the development of an enterprise-wide, multi-stage compliance program incorporating privacy laws affecting the higher education space. We are also advising the university on privacy laws and regulations such as GDPR, Fair Credit Reporting Act (FCRA), and the Children’s Online Privacy Protection Act (COPPA).

      Assisting a mortgage industry client with privacy compliance issues related to the intersection of state and federal financial services privacy law, including issues related to the Gramm–Leach–Bliley Act (GLBA). We implemented best practices for the company in light of movement by the state towards comprehensive privacy laws. We have also assisted the client with numerous HR and employment law issues under the CCPA.

      Serve as lead privacy counsel for global leader and innovator of high performance Wi-Fi solutions, in the development and implementation of its GDPR and CCPA compliance programs. We are currently helping them draft and revise data processing addendums related to GDPR issues.

      Bradley provides state, national, and international regulatory compliance counselling to software company related to compliance with the GDPR and the CCPA. We work closely with the client’s business units to operationalize the statutory requirements of these privacy laws.

  • Data Breach and Incident Response
    • Managed internal investigations and incident response relating to data breaches and theft of trade secrets, including interfacing with technical experts and law enforcement.

      Advised on litigation matters involving data breaches and theft of trade secrets.

      Facilitate enterprise data-mapping, creation of system-wide security strategies, and development of data breach response plans.

      Assisted in data breach responses on behalf of clients in a number of industries that range from a small number of highly sensitive documents to millions of records.

      Advise clients on post-breach issues, including interactions with regulators, law enforcement, consumers, and other third-party companies.

      Provided counsel as part of incident response/HIPAA breach notice team, including national providers, with state by state analysis of HIPAA and breach reporting.

      Assisted security consultants regarding assessment of HIPAA standards and implementation specifications.

      Represented U.S. company in managing 50-state analysis and reporting of HIPAA privacy and security and date breach reporting.

      Assisted clients with regulatory issues related to breach notification and reporting to OCR (large and small breaches) as well as state attorneys general and health oversight agencies.

      Conducted HIPAA breach incident response reviews.

      Assisted Florida clients with breach investigations and notifications under the Florida Information Protection Act of 2014.

      Assisted large multi-specialty physician group with investigation of employee theft and unauthorized disclosure of protected health information.

  • ADA Website Accessibility
    • Represent retail company in an ADA website accessibility class action case.

      Represented publishing company in ADA website accessibility issues related to reasonable accommodation for mobile applications. Negotiations with counsel resulted in successful dismissal of claims.

      Counsel and advise mortgage servicing company advice on ADA guidelines for websites, WCAG 2.0 Level AA Success criteria, analysis of nexus to brick and mortar, and review of circuit split.