Areas of Expertise
Privacy Compliance
If your company collects personal information from California residents (defined broadly to include for example, name and email), then you need to post a privacy policy that meets certain criteria.
If your company is a ‘covered business’ as defined by the California Consumer Protection Act (CCPA) then there are several steps that need to be taken including proper disclosures in your privacy policy, certain written agreements with vendors considered to the “Service Providers” under CCPA, and operationalizing your business to respond to security breaches and consumers requests related to their personal information.
If your company solicits goods or services from EU residents then you need to be compliant with the EU’s General Data Protection Regulation (GDPR). In simple terms, the GDPR requires a compliant privacy notice (often referred to in U.S. as a privacy policy) and certain written agreements with subprocessors. An analysis under GDPR of whether your company is acting as a data controller or data processor is important. If the former, then it is also necessary to identify the applicable legal basis for collecting the personal data. If a company is relying on legitimate interests as the basis it needs to have conducted appropriate due diligence and analysis to support that finding. Also internal practices including record keeping, data mapping, and personnel training are a key part of our privacy compliance. Finally your company needs to operationalize the business to respond to security breaches and data requests.
Jenny has significant experience counseling small to medium size companies on their CCPA & GDPR compliance strategy. This includes drafting their privacy policy (or notice under GDPR), and model written agreements with subprocessors (often referred to as Data Processing Addendums), and offering them sound advice on the GDPR internal practice requirements. She can provide recommendations for outsourcing data mapping and other GDPR technical requirements.
She has counseled companies on the upcoming California Consumer Protection Act (CCPA) and their compliance strategy. Similar to GDPR compliance, she can recommend outsourcing vendors for data mapping and other CCPA technical requirements.
In technology transactions, she has deep experience with data protection issues both on the customer and the vendor side of technology agreements.
Technology Contracts
JLSheridan Law supports her clients by:
Developing contract templates including SAAS; on premises software licensing and click through Terms of Service agreements; and
Reviewing and negotiating all commercial & technology related agreements including:
SaaS (software-as-a-service) agreements;
End User License Agreements (and other on premises software agreements);
Reseller & Distribution Agreements;
Referral Agreements;
Professional Services Agreements (including Independent Contractor Agreements);
Nondisclosure Agreements (NDAs);
Online Terms of Service/Terms of Use; and
DPAs (Data Processing Addendums for GDPR and/or CCPA).
JLSheridan Law can train your in-house negotiators on best practices for drafting and negotiating commercial technology agreements.
Intellectual Property Counseling
Jenny has built IP portfolios from the ground up as well as refined existing ones to be more aligned with the company’s strategic goals. Her contemporaneous teaching experience offers an awareness of current legal trends and approaches to new problems.
She offers strategic advice on IP protection including patent, trademark, copyright and trade secrets.