Data Privacy & Cybersecurity Law

Our Data Privacy & Cybersecurity Practice is at the forefront of addressing the escalating and complicated landscape of international privacy and cybersecurity legal frameworks.

We focus on equipping a diverse range of clients, from budding startups to established Fortune 500 companies, with the necessary tools and strategic guidance to navigate the legal intricacies of this area.

Our approach extends beyond legal counsel; we provide assistance and guidance on the technical aspects of compliance implementation. We empower our clients to use their commitment to privacy compliance as a competitive advantage, all while carefully considering their specific business needs, budget, and risk approach.

As entrepreneurial attorneys with practical business experience, we provide pragmatic legal and technical guidance that aligns with your unique strategic objectives.

DSAR Management

Enhance DSAR Efficiency:

Strategic Development of Comprehensive Structures for Data Subject Access Request Management

Privacy Officer as a Service

Optimize Compliance Processes:

Cost-Effective POaaS for Streamlined Regulatory Data Privacy Management

Rapid Data Breach Incident Response

Minimize Liability in Data Breaches:

Comprehensive Proactive Planning and Rapid Response for Data Breaches and Security Incidents

Privacy Program Management

Strategic Compliance Alignment:

Develop and and Execute Privacy Strategies, Oversee Compliance Projects, and Provide Specialized Risk Management Insights.

Vendor and Third Party Management

Optimize Vendor Compliance:

Strategic Implementation of Regulatory-Compliant Vendor Management Structures

Policy Formation

Tailor Your Privacy Framework:

Custom Policy Development and Strategic Program Management for Unique Business Needs

Legal Consultation and Guidance

Navigate with Expertise:

Comprehensive Legal Advisory Services on Global Privacy and Cybersecurity Regulations

Governance

Establish Robust Governance Frameworks:

Ensure Sustained Compliance with Data Protection and Privacy Regulations for Your Business

Training and Workshops

Privacy Education for Business:

Interactive Workshops and Tailored Training Programs on Best Practices and Compliance

Data Privacy & Cybersecurity Team

Nicole L. Newman, CIPP-E, CIPP-US
Data Privacy & Cybersecurity Attorney

Nicole is a Data Privacy and Cybersecurity attorney with over twenty years of experience. She holds Certified Information Privacy Professional (CIPP) credentials for both the EU and US, granted by the International Association of Privacy Professionals (IAPP), and has been an active participant in the IAPP since its inception.
Nicole’s background in privacy law enables her to provide experienced and knowledgeable counsel. Her expertise encompasses a wide range of privacy and data breach notification laws, including HIPAA HITECH, GLBA, FACT Act red flags rule, FERPA, and CCPA, as well as data breach response management.
Her approach is client-specific, focusing on legal and business needs to ensure practical, compliant solutions that align with business objectives. As a fractional data privacy officer, Nicole offers pragmatic advice on complex issues, emphasizing strategies that prioritize transparency, reporting, and continuous monitoring. Her experience in project management and strategic business operations informs her view of privacy as a strategic initiative vital to organizational success.

David Pierce, MBA
Privacy, Advanced Technology, & Intellectual Property Attorney

David leverages his technology background to interpret complex data protection laws and assess the intricacies of modern digital ecosystems, particularly in the context of widespread AI adoption. His natural problem-solving skills drive him to explore diverse client use cases for data and develop tailored solutions.
Beyond his focus on technology and privacy, David’s previous attainment of a CISSP certification highlights his dedication to remaining current with cybersecurity best practices, thereby augmenting his capacity to offer advanced privacy counsel.

Joshua Slovin
Advanced Technology & Corporate Attorney

Josh provides legal counsel on data privacy, cybersecurity, and technology transactions across various industries, including artificial intelligence, facial recognition, consumer goods, and e-commerce. He focuses on understanding each client’s business model to offer practical strategies that reduce liabilities and risks associated with data privacy.
His expertise includes developing data privacy and security compliance programs, ensuring adherence to and advising on existing and emerging privacy and data protection laws and regulations, including the GDPR and U.S. federal and state laws, including the CCPA.
Josh excels in creating specialized documents like data processing addendums, intracompany agreements, cross-border transfer mechanisms, privacy policies, and privacy impact assessments. He also advises on updating company practices to comply with evolving privacy laws.

Core Services

Legal Consultation and Guidance

Expert guidance on key privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley Act (GLBA), backed by our extensive experience and deep understanding of privacy practices.

Our team provides valuable insights into the legal implications of data processing activities, offering support in advocating for robust privacy programs to executives and boards. We support the privacy aspects of Trust Certifications such as Security Organization Controls (SOC), International Standards Organization (ISO) frameworks, and National Institute of Standards and Technology (NIST) guidelines.

Ensure your data processing addenda and related contracts are expertly developed, assessed, and negotiated for interactions with customers, vendors, and partners, including comprehensive fallback provisions crafted by our legal and negotiation teams.

Governance and Compliance

Receive assistance in establishing and refining governance structures to ensure sustained compliance, including the setup of ongoing monitoring and assessment mechanisms.

Gain expert guidance in implementing Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (TIA) frameworks, ensuring your business navigates customer or regulatory requirements effectively.

Stay informed and compliant with our monitoring of regulatory changes and requirements, ensuring your business is always ahead of legal obligations.

Policy Formation and Review

Tailored creation, review, and updates of privacy program policies to meet your specific business requirements.

Formation data processing agreements, consent forms, and other essential legal documents, all compliant with applicable data privacy regulations.

Comprehensive risk assessment of privacy policies ensure alignment with current legal requirements and industry best practices to minimize potential legal exposures.

Streamlined policy integration aligna your existing business processes with new privacy policies, ensuring seamless operational adaptation and compliance.

Training and Workshops

Our skilled team develops workshops, webinars, and training modules educate stakeholders on privacy best practices, recent regulatory changes, and potential risks. These interactive sessions specifically target industry-specific privacy concerns, empowering businesses to tackle unique sector challenges.

Tailored internal training programs ensure that teams stay well-informed and prepared. Workshops feature practical exercises in implementing privacy policies, providing businesses with actionable insights and immediate application skills. Scenario-based training provides hands-on experience in managing real-world privacy and data protection issues.

Follow-up support and resources after training guarantee continuous learning and adaptation to the evolving privacy landscape.

Regulatory Services

Privacy Program Management

Tailored development of a privacy program roadmap aligns with your company’s objectives and regulatory requirements, ensuring strategic progression in compliance.
Oversight and monitoring of privacy compliance program rollouts, coupled with risk and best practice advisement, optimize program effectiveness for clients.
We assure timely delivery of services while maintaining the highest quality standards, meeting client needs and regulatory demands with precision.

Privacy Officer as a Service

Privacy Officer as a Service (POaaS) is a cost-effective solution for fulfilling appointed and identified regulatory data privacy officer requirements.
In this role, our team serves as a designated Privacy Officer on a fractional basis for clients, offering ongoing advice, counsel, and reviewing data protection agreements at a reasonable, fixed ongoing fee.
Bundle POaaS with a Virtual Chief Information Security Officer (vCISO) service, creating a comprehensive solution through a dedicated and trusted technical partner for enhanced data protection and security management.

Rapid Data Breach Incident Response

Rapid Data Breach Incident Response is a vital service for proactive planning and swift action in the event of data breaches and security incidents.
In this capacity, our team leads and guides clients through data and security breach incidents, ensuring compliance with legal obligations and minimizing potential liabilities.
We also design incident response plans and facilitate mock breach exercises and post-mortem activities, offering a comprehensive approach to enhance preparedness and resilience.

DSAR Management

DSAR Management involves creating a structured approach to respond to Data Subject Access Requests (DSARs) as required.
In this service, we assist and advise businesses in handling DSARs efficiently, ensuring compliance within stipulated time frames.
Our team drafts and creates DSAR processes and legally compliant response flows, streamlining DSAR management for effective and timely responses.

Vendor & Third- Party Management

Implementation of regulatory compliant structures for managing vendors and third parties, combined with thorough third-party privacy assessments and audits, ensures sustained compliance and risk mitigation.
The review and negotiation of data processing agreements, business associate agreements, and essential data privacy addendums with vendors and third parties form a critical part of our service, guaranteeing alignment with privacy regulations.
The establishment of compliant Vendor and Third-Party management programs is key, concentrating on resolving deficiencies and creating executable strategies for clients’ ongoing management.

Navigate Privacy & Security Regulations with Confidence

Receive expert guidance from our experienced Data Privacy and Cybersecurity Attorneys
to ensure compliance with evolving regulations.