Represented a manufacturing company affected by a ransomware attack, counseling on state breach notification obligations and legal risk management as well as advising the client on its coordination with law enforcement efforts.

Represented a web-based (“SaaS”) software company affected by a ransomware attack, counseling on statutory and contractual breach notification obligations and communications with U.S. and Canadian customers.

Represented a large financial services company concerning a third-party vendor's breach of confidential records.

Routinely advise clients on their written information security policies and data breach response plans, and review and negotiate related contractual requirements imposed by clients’ own customers and clients.

Overhauled a web-based payments platform company’s GDPR compliance plan, including by revising its standard Data Processing Addendum offered to customers.

Counseled a health IT company on HIPAA compliance in connection with novel application offerings to facilitate collaboration and data sharing between covered entities and patients.

Routinely advise covered entities and business associates on HIPAA privacy and security obligations, including review of business associate agreements.

Routinely advise companies across industries (including highly regulated industries like health care and finance) in preparing website and mobile app privacy policies, and advise on collection and handling of consumer data.

Advised multiple clients on compliance with GDPR, including as it relates to the European Commission’s newly adopted Standard Contractual Clauses.

Advised multiple clients on compliance with CCPA, including preparing for that law’s evolution with the recently enacted California Privacy Rights Act.

Routinely conduct privacy and cybersecurity diligence in M&A transactions and negotiate related contractual representations and warranties.

Routinely review and negotiate information security and privacy addendums for clients in a wide range of industries.