数据隐私法律顾问

A sampling of Thomson Reuters Practical Lawresources for in-house counsel. CoCounsel Legal Complete your work withunmatched speed and precision. Accelerate your legal work with a comprehensive AI solution that helpsyou complete research, document analysis, and drafting, all in one place. Work faster Streamline complex legal work from start to finish with expert-built agentic workflows. Work confidently Get verifiable answers grounded in trusted Thomson Reuters® Westlaw and Practical Law content and expertise. Work strategically Uncover nuanced insights that enable you to make sharper, more strategic decisions. Why CoCounsel Legal? One place for all your work CoCounsel Legal helps you connect tasks and keep end-to-end workflows moving,among the Thomson Reuters and third-party tools you use every day. Continual advancement Your CoCounsel Legal subscription includes regular releases of new and updated capabilities,so you always have the latest AI technology for legal work at hand. Commitment to your success Our customer training and support team is dedicated to ensuring your adoption, onboarding, One powerful solution for legal work Seamlessly navigate and use generative AI skills from a connected, intuitivechat interface. Gain unparalleledresearch efficiencyWestlaw Advantage Work with greaterconfidence Accelerate legal tasksCoCounsel Essentials Amplify productivity with the abilityto streamline work like documentanalysis, review, and drafting.CoCounsel Essentials can help youquickly pinpoint key information, Quickly go from research tostrategy, confidently knowingresults are as thorough andaccurate as possible. By applyingthe power of agentic AI totrusted industry-leading content, Get up to speed faster on newor unfamiliar issues with expertlycreated and maintainedhow-to guidance, templates.Visualization tools, data-driven Our job is to makeyou better at yours Get expert guidance combined with legal research to quickly get up to speedand advise with confidence. Designed for in-house counsel, Thomson ReutersPractical Law Connect provides expert-written and maintained how-to guides, Practical Law know-how covers the following Practical Law Sectors coverage: •Alcohol, Tobacco & Cannabis•Construction•Financial Services•Food & Beverage•Health Care•Media & Entertainment •Antitrust•Arbitration•Bankruptcy•Capital Markets and Corporate Governance•Commercial Transactions•Corporate and M&A•Data Privacy and Cybersecurity•Employee Benefits and Executive Compensation•Government Practice: Federal•Government Practice: State and Local•Health Care Key resources Practical Law Connect resources are written andmaintained by our expert team of attorney editors “…when I engage outside counsel isalmost the most valuable time for mewith Practical Law, because, at a thousanddollars an hour, I don’t want to have toget a tutorial on things I can read aboutmyself. I need their experience and Contents Checklist:Performing Data Security Risk Assessments Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Practice Note:Developing a Privacy Compliance Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Performing data security risk Practical Law data privacy & cybersecurity Resource presented as of December 8, 2025. Seethe live, maintained resourcein Practical Law for subsequent changes.Text linkslead to related resources on A Checklist outlining key steps to take when planning andperforming data security risk assessments. It addressesdata security risk assessment requirements found in federaland state laws, industry standards, and best practices, suchas the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, theHealth Insurance Portability and Accountability Act (HIPAA) Contents •Identify Legal and Other Obligations –Review Federal and State Guidance on ProtectingPersonal Information–Consider Sector-Specific Requirements–Review Public Company Obligations Identify legal and other obligations Consider whether the organization: •Support Pre-Assessment Activities•Define Assessment Timing, Scope, and Methods•Gather Information to Support Risk Identification•Identify Risks and Compliance Gaps•Report Assessment Results•Take Action to Manage Identified Risks and •Wishes to demonstrate compliance with generallyaccepted industry standards for various legal and •Handles other organizations’ information, subject tocontract terms and conditions. If so, review contractterms to identify risk assessment requirements andstandards applied (for example terms that customers Consider sector-specific requirements Consider whether the organization is, for example: –TheGramm-Leach-Bliley Act(GLBA) and mustconduct risk assessments under the Safeguards Rule(seePractice Note, GLBA: The Financial Privacy andSafeguards Rules)–State-level scrutiny (for example, see the New York •Accepts certain forms of payment, including credit cards,othe