Data Privacy & Cybersecurity Compliance
- Advised clients on drafting policies and procedures and developing internal compliance programs with respect to a broad range of data protection laws, statutes, and regulations, including consumer privacy requirements; employee data privacy notices and policies; data breach preparation and response; data subject requests; digital marketing and targeted advertising; medical data, clinical trials, and healthcare privacy laws; vendor management and data processing agreements; international data transfers and localizations; written information security plans; WCAG compliance; and biometric data processing.
- Prepared data incident response plans and programs and assisted small, midsize, and large companies in responding to serious data events, including ransomware attacks and other incidents involving the unauthorized access, acquisition, or disclosure of personal data or confidential information.
- Drafted online terms and conditions and privacy policies for domestic and global companies.
- Prepared and negotiated third-party service provider agreements to address data privacy and information security, data breach liability, and confidentiality.
- Assisted government contractors with adhering to the NIST standards and other federal regulations and rules on the safeguarding of controlled unclassified information.
- Assisted organizations in establishing and maintaining insider threat programs to ensure the confidentiality and integrity of classified and other sensitive data.
- Advised clients on a broad range of data protection laws, including the FTC Act, GLBA, HIPAA, CAN-SPAM, TCPA, COPPA, CFAA, ECPA, CCPA, CPRA, VCDPA, BIPA, and other privacy legislation.
California Consumer Privacy Act (CCPA)
- Performed data mapping to identify whether an organization’s data processing activities implicate California residents and the CCPA.
- Assessed and identified the current state of an organization’s policies and procedures to determine its compliance with the CCPA.
- Drafted privacy notices and statements to address the CCPA’s notice requirement, including drafting website privacy policies, employee privacy statements, and job candidate privacy notices.
- Drafted new, or supplement existing, internal policies and procedures to address how an organization will intake, process, and respond to CCPA data requests (e.g., access, portability, erasure).
- Identified whether an organization “sells” personal information within the meaning of the CCPA, and, if so, developed mechanisms for customers to “opt in” or “opt out” of the sale of their personal information.
- Provided contractual terms for an organization to use with its third-party vendors to ensure they address each party’s obligations pursuant to the CCPA and responsibilities related to data processing, assistance, and security.
- Identified whether an organization offers financial incentives related to data processing and, if so, ensured such incentives align with the CCPA’s anti-discrimination requirements.
- Drafted new, or reviewed existing, data incident response plans to ensure they align with California’s legal requirements and best practices.
Data Breach Response Matters
- Advised a global manufacturer on responding to ransomware attack by Black Basta that encrypted its VMware ESXi; representation included retaining an IT consultant to restore data from backups and analyze logs derived from third-party security tool to identify compromised data sets, and rendering legal counsel on complying with data breach notification obligations.
- Assisted a global manufacturing client in responding to use of compromised credentials to access third-party HR data platform, including retaining third-party IT consultant to undertake log analysis, engaging platform host to assess liability and responsibility, and advising on data breach notification obligations.
- Assisted global manufacturing company in responding to a Lockbit 3.0 ransomware and extortion attack, including by retaining a third-party incident response team and ransomware negotiator, conducting OFAC checks, issuing litigation holds, and providing formal notification to data subjects, regulators and credit monitoring agencies.
- Helped global manufacturing company respond to a Royal ransomware and extortion attack, including retaining an independent incident response and digital forensic consultant, retaining a separate ransomware negotiator, leading data mining efforts, issuing litigation holds, and coordinating with foreign counsel to ensure proper data incident notifications to data subjects and regulatory officials in the United States, European Economic Area, United Kingdom, and Australia.
- Helped managed service provider respond to Conti ransomware attack that targeted third-party client’s IT environment, including by issuing litigation hold, engaging Digital Forensics and Incident Response (DFIR) vendor, analyzing export control laws related to use of DFIR vendor’s proprietary software, and drafting litigation risk assessment.
- Assisted consumer goods company in investigating and responding to data breach arising from unauthorized access to, and exfiltration of, customer data from the company’s third-party e-commerce platform due to compromise of an employee’s account credentials.
- Counseled services industry business regarding Office 365 intrusion that resulted in malicious actor disseminating fraudulent invoices to customers from spoofed Internet domain.
- Represented defense contractor in joint investigation by the Department of Defense and Federal Bureau of Investigation arising from Maze ransomware attack that potentially exposed controlled unclassified information, which resulted in the closure of the case without adverse action to client.
- Assisted global manufacturing company in responding to ransomware attack that compromised sensitive employee and customer data, partnering with European Union counsel to facilitate notifications to supervisory authorities pursuant to the European Union (EU) General Data Protection Regulation and EU Member State law.
- Counseled healthcare business associate regarding technical anomaly within its online patient portal that resulted in unauthorized disclosure of medical records and protected health information and drafted formal data breach notification communications and reports.
- Advised private sector company with respect to an incident involving the unauthorized disclosure of sensitive employee data and invoking the “good faith” exception within certain U.S. state data breach notification laws.
- Assisted global manufacturing company with response to the inadvertent disclosure of export-controlled data to foreign nationals, and drafting, preparing and submitting voluntary disclosures to federal department arising from the same.
- Assisted employee health plan in investigating and responding to data breach that occurred within business associate’s information technology environment that resulted in unauthorized access to employees’ protected health information.
- Assisted supply chain defense contractor with response to ransomware attack that compromised the confidentiality of sensitive employee data and controlled unclassified information, including drafting and submitting formal data breach notices to impacted individuals and government agencies.
Biometrics, TCPA & Privacy Litigation Defense
- Advise Fortune 50 company on implementing Windows Hello and PingID on employer-provided devices in a manner consistent with U.S. biometric data processing laws and regulations.
- Counsel global manufacturing firm on federal telecommunications law (TCPA) with respect to implementing company-wide SMS communications, including opt-in and opt-out processes.
- Assist national financial institution in responding to complaint filed in California state court that its website violated the Video Privacy Protection Act of 1998 for implementing certain third-party pixels, cookies, and tags without proper notice and consent.
- Counsel national real estate marketing firm on responding to complaint that its website violated federal and state wiretapping laws for implementing certain third-party pixels, cookies, and tags on its website without proper notice and consent.
- Advise globally recognized museum on responding to a complaint and demand that its website violated the Video Privacy Protection Act of 1998 for implementing a social media pixel on its public and private websites.
- Counsel national manufacturing company on responding to formal complaint that its website violated federal and state wiretapping laws with respect to its data processing activities.
- Assist international manufacturing company in implementing biometric processing compliance program in the employment context for its operations in the United States and Canada, including advising on implementing biometric privacy policies, obtaining employee consent for biometric collection, and publishing public notices.
- Advise Fortune 100 company on implementing Windows Hello on employer-provided devices and updating its privacy notices and obtaining employee consent related to the same.
The General Data Protection Regulation (GDPR)
- Appointed by state attorney general to assist public university assess its compliance with the GDPR and UK Data Protection Act 2018, and retain and lead local counsel with respect to the same.
- Assisted global enterprises in designing and implementing EU GDPR compliance programs, policies, and procedures.
- Drafted webpage privacy policies for companies marketing and selling goods, services, and products in the European Economic Area (EEA).
- Counseled clients on establishing and implementing procedures for exporting personal data from the EEA into the United States and other third countries.
- Assisted companies in conducting data mapping exercises to identify the purpose, scope, and legal authorization for their data processing activities.
- Drafted multiple joint controller and controller-to-processor data processing agreements for global corporations and their third-party service providers and contractors.
- Drafted employee data privacy notices for global companies that have staff or contractors in the EEA.
- Assisted multiple U.S.-based companies in evaluating whether they are legally required to appoint a Data Protection Officer (DPO) in accordance with the GDPR.
- Provided legal analysis to several global companies on whether they need to undertake a data protection impact assessment (DPIA) when implementing routine and common business practices, such as network/employee monitoring.
- Assisted businesses in responding to data subjects invoking rights under the GDPR, including a data subject’s requests for access and/or erasure.
M&A Due Diligence & Cybersecurity Risk
- Provided businesses, including private investment firms, with data privacy and cybersecurity due diligence risk assessments in the M&A context.
- Assisted in identifying a target company’s data processing activities, including how it collects, retains, and disseminates personal information.
- Assessed whether a business’s data processing and cybersecurity measures satisfy federal, state, and foreign laws and regulations, and industry standards.
- Provided recommendations, including representations and warranties, to purchasing companies to mitigate data privacy and cybersecurity risks when purchasing target companies.
Health & Medical Data Privacy
- Appointed by state attorney general to counsel public university undertaking clinical trials in the European Union and the United Kingdom with respect to its legal obligations under data protection and pharmaceutical regulations and directives and, in conjunction with local counsel, develop and implement data protection and clinical trials compliance checklist.
- Assisted covered entities in determining whether the unauthorized disclosure of protected health information constitutes a breach that warrants, in accordance with federal regulations, notification to the data subject and the Secretary of Health and Human Services.
- Assisted covered entities and business associates in determining whether their encryption protocols satisfy certain technical safeguard requirements within the HIPAA Security Rule.
- Drafted master contracts, including provisions governing data privacy and information security, for a global biopharmaceutical companies and their third-party contract research organizations.
- Provided legal analysis to a late-stage drug testing firm on leveraging exemptions set forth in the GDPR to permit it to legally retain personal information concerning drug testing.
- Determined whether a company’s notice and consent forms issued during medical clinical trial testing satisfy the EU Clinical Trials Regulation (No 536/2014) and other legal requirements.
Third Party IT Contracting
- Drafted and negotiated a wide range of technology and data protection agreements and statements of work, including end user license agreements for software and embedded technology solutions; master service agreements with IT services providers; contracts and statements of work for cloud storage, penetration testing and vulnerability scanning, and managed IT services; and personal data processing, transfer, and security agreements.
- Routinely advised clients on third-party data security standards, data confidentiality and protection obligations, limited use and ‘do not sell’ clauses, third-party data assistance, cross-border data transfers and data localization, cyber insurance, and data breach response investigation, notification, and indemnification.
- “Takeaways from Ohio court ruling on ransomware and insurance exclusions,” IAPP, February 7, 2023
- “California Consumer Privacy Act Enforcement and Preparing for 2023 Data Privacy Rules,” Pratt’s Privacy and Cybersecurity Report, January 2023
- “U.S. Government Issues Software Security Procurement Guidance,” Pratt’s Government Contracting Law Report, December 2022
- Quoted in, “3 Questions As Feds Flesh Out New Breach Reporting Rules,” Law360, September 23, 2022
- “U.S. Government Issues Software Security Procurement Guidance,” Thompson Hine Government Contracts and Privacy & Cybersecurity Update, September 2022
- “CCPA Enforcement and Preparing for 2023 Data Privacy Rules,” Thompson Hine Privacy & Cybersecurity Update, September 2022
- Quoted in, “Here’s how the Twitter whistleblower may impact Big Tech: ‘The danger is real’,” New York Post, August 23, 2022
- “California Issues New Draft Privacy Regulations,” Thompson Hine Privacy & Cybersecurity Update, June 2022
- Quoted in, “Facial Recognition Industry Could Face a Reset,” Lifewire, May 26, 2022
- Author, The Data Protection Guidebook, Thompson Hine LLP, January 2022
- “EU/UK Data Transfer Developments: In-House Counsel FAQ,” Thompson Hine Privacy & Cybersecurity Update, May 2022
- “Connecticut Enacts New Consumer Data Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, May 2022
- “New York Enacts Employee Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, May 2022
- Co-author, “Preparing For New Mandatory Cyber Reporting Rules,” Law360, March 25, 2022
- Quoted in “Rare Trial Over Law Firm Hack To Shed Light On Industry Risk,” Law360, March 25, 2022
- “The 2022 Cyber Incident Reporting Law: Key Issues to Watch,” Lawfare, March 25, 2022
- “Utah Enacts New Consumer Data Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, March 2022
- “SEC Issues Proposed Rules on Mandatory Cybersecurity Disclosure,” Thompson Hine ESG Collaborative Update, March 10, 2022, republished by Daily Securities News, March 2022
- Co-author, “Anticipating Cyberinsurance Wartime Exclusion Questions,” Law360, March 8, 2022
- Co-author, “Cyber Reporting Proposals: Assessing Liability Protections and Legal Privileges,” Lawfare, February 2022
- Quoted in “Your Webcam May Get a Whole Lot Smarter,” Lifewire, January 13, 2022
- “U.S. Government Defines “Critical Software” for Supply Chain Security Purposes,” Pratt’s Government Contracting Law Report, November 2021
- “DoD Announces (New) CMMC 2.0,” Thompson Hine Cybersecurity & Government Contracts Update, November 2021
- “Issues for Government Contractors and the Private Sector Under the Cybersecurity Executive Order,” Pratt’s Government Contracting Law Report, October 2021
- “Treasury Department Issues Updated Advisory on Ransomware Payments,” Thompson Hine International Trade Update, September 2021
- “Ohio Introduces Consumer Data Privacy Bill,” Thompson Hine Privacy & Cybersecurity Update, July 15, 2021
- Quoted in “6 Cybersecurity Events That Have Defined 2021,” Law360, July 12, 2021
- “NYC biometric law enters into force,” IAPP Privacy Tracker, July 9, 2021
- “Colorado Enacts New Data Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, June 2021
- “EU Approves New Standard Contractual Clauses for Cross-Border Data Transfers,” Thompson Hine Privacy & Cybersecurity Update, June 2021
- “New Cyber EO: Issues for Government Contractors and the Private Sector,” Thompson Hine Government Contracts Update, May 2021
- “New CCPA regulatory provisions seek to clarify business requirements,” IAPP, March 17, 2021
- “How Cos. Can Build Effective Data Privacy Appeals Processes,” Law360, March 2021
- Quoted in “In-House Counsel Face Growing Privacy, Cybersecurity To-Do Lists,” Bloomberg Law, March 2021
- Quoted in “Virginia’s New Privacy Law Is Just Different Enough to Give Compliance Headaches,” Law.com, March 9, 2021
- Quoted in “Water Plant Hack Underscores Utilities’ Glaring IT Risks,” Law360, March 5, 2021
- “Virginia Enacts New Data Privacy and Cybersecurity Law,” Thompson Hine Privacy & Cybersecurity Update, March 2021
- “Responding to the SolarWinds Breach: Compliance and Oversight Considerations,” Thompson Hine Privacy & Cybersecurity Update, December 2020
- “White House enacts IoT cybersecurity law for federal agencies,” IAAP, December 8, 2020
- Quoted in “Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits,” Bloomberg Law, November 10, 2020
- “California Voters Approve New Data Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, November 2020
- “DoD Publishes Interim Cybersecurity Rule on CMMC and DoD Assessments,” Thompson Hine Government Contracts Update, October 2020
- “California Legislature Extends CCPA’s Exemptions for Personal Information in the Employment and Business-to-Business Context,” Thompson Hine Privacy & Cybersecurity Update, September 2020
- “Final CCPA Regulations Approved, Effective Immediately,” Thompson Hine Privacy & Cybersecurity Update, August 2020
- “European Court Invalidates Privacy Shield; Upholds Model Clauses (For Now),” Thompson Hine Privacy & Cybersecurity Update, July 2020
- “CCPA Draft Regulations: Privacy Notices and Accessibility in the Employment Context” IAPP’s Privacy Tracker, July 2020
- “The new CCPA draft regulations: Identity verification,” IAPP’s Privacy Tracker, June 2020
- “From Contact Tracing to Virtual Temperature Taking: Privacy Considerations for Employers,” The Computer & Internet Lawyer, Volume 37, Number 7, July/August 2020
- “California Releases Final CCPA Regulations Ahead of July 1 Enforcement Deadline,” Thompson Hine Privacy & Cybersecurity Update, June 2020
- Co-author, “Cybersecurity Considerations for Retirement Plan Fiduciaries,” Thompson Hine ERISA Litigation Trends & Insights blog, May 28, 2020
- “The new CCPA draft regulations: Defining the scope of personal information,” IAPP’s Privacy Tracker, May 2020
- “From Contact Tracing to Virtual Temperature Taking: Privacy Considerations for Employers,” Thompson Hine Privacy & Cybersecurity Update, May 2020
- “Recent Executive Actions Focus on Bulk-Power System Grid Security and Supply Chain,” Thompson Hine International Trade Update, May 2020
- “New York’s SHIELD Act Now Effective – Take Steps to Ensure Compliance,” Thompson Hine Privacy & Cybersecurity Update, April 2020
- “COVID-19 Giveaways: Avoiding the Pitfalls of Charitable Promotions and Marketing,” Thompson Hine COVID-19 Update, April 2020
- “From Employers to Homeschooling to Healthcare: Federal Government Provides Guidance Clarifying Data Privacy Requirements During COVID-19,” Thompson Hine COVID-19 Update, April 2020
- “When Your Critical Service Providers Telecommute: Risks and Tips,” Thompson Hine COVID-19 Update, March 2020
- “Review Teleworking Cybersecurity Policies and Practices,” Thompson Hine COVID-19 Update, March 2020
- “Frequently Asked Questions About COVID-19 and Employment Privacy,” Thompson Hine COVID-19 Update, March 2020
- “California Attorney General Publishes Modifications to CCPA Regulations,” Thompson Hine Privacy & Cybersecurity Update, March 2020
- “Cyber Attackers Are Exploiting Coronavirus Fears,” Lawfare, March 2020
- “DHS issues cybersecurity warning to businesses,” IAPP’s The Privacy Advisor January 31, 2020
- Quoted in “Execs On Notice After Report of Saudi Bezos Cellphone Hack,” Law360, January 22, 2020
- “Are you prepped for the influx of IoT security laws? It starts in Calif.,” IAPP’s The Privacy Advisor, November 2019
- “California’s New Data Privacy Law Coming into Focus,” Thompson Hine Privacy & Cybersecurity Update, October 2019
- “‘Pre-Ticked’ Boxes to Obtain Cookie Use Consent Fail Under EU Law,” Thompson Hine Privacy & Cybersecurity Update, October 2019
- “Nevada’s ‘Opt-Out’ Privacy Law and the Future of Data Protection,” Thompson Hine Privacy & Cybersecurity Update, October 2019
- “California’s New Privacy Law: Recent Amendments and Approaching Compliance Deadlines,” Thompson Hine Privacy & Cybersecurity Update, September 2019
- “DOD’s Cybersecurity Maturity Model Certification and Draft CMMC Model Framework,” Thompson Hine Government Contracts Update, September 2019
- “State Biometric Privacy Legislation: What You Need to Know,” Thompson Hine Privacy & Cybersecurity Update, September 2019
- “Applying EU Guidance on Real-Time Bidding Beyond the GDPR,” Thompson Hine Business Law Update, Summer 2019
- Thompson Hine Compliance Check 2020: Data Privacy, August 2019
- “New York SHIELD Act Expands Privacy and Cybersecurity Obligations,” Thompson Hine Privacy and Cybersecurity Update, July 2019
- “Applying EU Guidance on Real-Time Bidding Beyond the GDPR,” Thompson Hine Privacy & Cybersecurity Update, July 2019
- “Washington’s New Data Breach Law Follows Enhanced Privacy Protection Trends,” Thompson Hine Privacy & Cybersecurity Update, May 2019
- “Cybersecurity, Compliance and Culture in M&A Transactions,” Thompson Hine Business Law Update, Spring 2019
- “Learning From the Past in Addressing Domestic Terrorism,” Lawfare, April 12, 2019
- “Accessing Personal Data in European Criminal Investigations,” Pratt’s Privacy and Cybersecurity Law Report, April 2019
- “Intel Chiefs Testify on Global Threats, Cybersecurity and Elections,” Lawfare, January 30, 2019
- Quoted in “‘Dark Overlord’ Hack Another Cautionary Tale For Law Firms,” Law360, January 2019
- “Preparing for Ohio’s Cybersecurity Safe Harbor Law,” Pratt’s Privacy and Cybersecurity Law Report, January 2019
- “Canada’s New Data Breach Law Creates Unique Obligations for Businesses,” Thompson Hine Privacy & Cybersecurity Update, November 2018
- Co-author, “Border searches of your e-device: encryption may be of limited value in protecting client data,” The Law for Lawyers Today, October 2018
- “California Becomes First State to Regulate Internet-Connected Devices,” Thompson Hine Privacy & Cybersecurity Update, October 2018
- “The National Cyber Strategy and Legal Reform,” Lawfare, October 8, 2018
- Quoted in “New WH Cyber Strategy Talks Big Game, But Has Big Holes,” Law360, October 3, 2018
- “Amendments to California Privacy Law Will Impact Businesses,” Thompson Hine Privacy & Cybersecurity Update, October 2018
- “Border Searches and the Limits of Encryption in Protecting Privileged Information,” American Bar Association Litigation Magazine, Summer 2018
- “Enhancing Cyber Threat Information Sharing,” Pratt’s Privacy & Cybersecurity Law Report, July/August 2018
- “California Expands Consumer Privacy Protections,” Thompson Hine Privacy & Cybersecurity Update, July 2018
- Quoted in “Data privacy at work,” Crain’s Cleveland Business, May 2018
- “Adviser: Strengthen Your Data Mapping in the Era of GDPR,” Crain’s Cleveland Business, May 2018
- “CEA Report: Cost of Malicious Cyber Activity to the U.S. Economy,” Thompson Hine Privacy & Cybersecurity Update, February 2018
- “The Uber Hack, State Enforcement and Strategic Planning,” Thompson Hine Business Law Update, Winter 2018
- “FERC Proposes Cybersecurity Incident Reporting Rule,” Thompson Hine Privacy & Cybersecurity Update, January 2018
- “Telephone Metadata and the Fourth Amendment: An Overview of Recent Case Law,” 35 St. Louis U. Pub. L. Rev 3, Fall 2015
- Co-author, “Regulating Classified and Controlled Unclassified Information,” Whistleblowers, Leaks, and the Media: The First Amendment and National Security, American Bar Association, 2014
- “Re-Examining the Falkland Islands War: The Necessity for Multi-Level Deterrence in Preventing Wars of Aggression,” 39 Ga. J. Int’l & Comp. L. 2, Fall 2012
- “The Nuclear Nonproliferation Treaty and Pakistan: Interpreting Nuclear Security Assistance Prohibitions,” 23 Fla. J. Int’l L. 2, Spring 2011
- “Sanchez-Llamas v. Oregon: A Missed Opportunity in Treaty Interpretation,” 20 St. Thomas L. Rev. 25, 2007
- “Startups Streamlined – Protecting Assets in a Digital World,” Thompson Hine LLP, August 2022
- “Data Privacy Laws & How They Apply,” Northern Ohio Security Awareness Summit, Wadsworth, Ohio, June 10, 2022
- Panel Discussion, “Managing High Risk Cyber Security Regions,” Northeast Ohio CyberConsortium, Lorain County Community College, April 22, 2022
- Co-presenter, “Responding to a Cybersecurity Incident: Reporting and Disclosure Obligations,” Thompson Hine Investment Management Coffee Chat, March 2, 2022
- “From California to New York – Complying with the Data Privacy Patchwork,” Information Security Summit, Cleveland, October 28, 2021
- Panel Discussion, “Ethics in the Digital Age,” Webinar, Baldwin Wallace University School of Business, April 22, 2021
- Panel Discussion, “Global Issues Related to Arbitrating Data Breaches and Privacy Rights,” ASIL Midyear Meeting, Case Western Reserve University School of Law, Cleveland, Ohio, October 29, 2020
- “Cyber Risk Mitigation in the Chemical Sector,” SOCMA Power Hour: A Fall Webinar Series, October 1, 2020
- “New Frontiers in Export & Technology Controls,” July 29, 2020
- “Data Privacy Trends – How to Satisfy Privacy Notification Obligations in the Employment Arena,” Association of Corporate Counsel, February 27, 2020
- “Building an Incident Response Program,” Information Security Summit, Cleveland, October 23, 2019
- “The California Consumer Privacy Act: Implementing Sustainable Compliance Solutions,” Information Security Summit, Cleveland, October 23, 2019
- Panel Discussion, “Comparing International Terrorism and Domestic Violent Extremism,” The Center for Strategic and International Studies, Washington, DC, September 16, 2019
- “The Intersection of Legal and Cyber,” CSO Xchange, Cleveland, August 7, 2019
- “Cyber Security – Are You Ready?”, SOCMA Executive Forum, University of Houston, May 23, 2019
- “Staying Ahead of the Cybersecurity Curve: Practical Tips From the Experts,” Thompson Hine LLP, Cleveland, May 16, 2019
- “Data Privacy, the CCPA and Contracts: What You Need to Know,” Association of Corporate Counsel, April 24, 2019
- “What You Need to Know about Data Privacy Laws: International, Federal, State and Local,” The Association of Test Publishers, the Innovations in Testing Conference, Featured Speaker Session, March 18, 2019
- “Meeting the Data Privacy Challenge: Complying with Multiple Laws in a Global Testing Environment,” The Association of Test Publishers, the Innovations in Testing Conference, March 19, 2019
- “Reconciling the EU GDPR and US Discovery Obligations,” The William B. Bryant American Inn of Court, January 8, 2019
- “GDPR: From Anticipation to Implementation,” Information Security Summit, October 25, 2018
- “GDPR and Privacy Law,” Information Security Summit, October 23, 2018
- “Understanding GDPR & Cyber Law,” BusinessTECH18 2018, October 18, 2018
- “Privacy & Cybersecurity Compliance,” Thompson Hine Chief Compliance Officer Forum, October 4, 2018
- “Strategies to Assess and Mitigate Cybersecurity Risks,” Ohio Electric Cooperatives, October 3, 2018
- “Cybersecurity and Private-Public Partnerships,” Society for Corporate Governance, Cleveland, June 13, 2018
- “Cybersecurity and Private-Public Partnerships,” USLFG Corporate and Securities Committee Meeting, Cleveland, May 15, 2018
- “Cyber Threats & Public Private Partnerships,” Chemistry Council of New Jersey 34th Annual Spring Conference, Princeton, New Jersey, May 1, 2018
- “Managing Tomorrow’s Cyber Threats Today,” Thompson Hine LLP, Cleveland, April 26, 2018
- Cleveland-Marshall College of Law 2018 Cybersecurity and Privacy Protection Conference, Cleveland, March 22, 2018
- “Cybersecurity Risks and Employee Benefit Plans,” WEB National Webinar, February 28, 2018
- Bar Association of the District of Columbia
- International Association of Privacy Professionals, Certified Information Privacy Professional/Government (CIPP/G), Certified Information Privacy Professional/United States (CIPP/US)
- Northern Ohio InfraGard Members Alliance
- Ohio State Bar Association
- Georgetown University Law Center, LL.M., 2011
- University of Akron School of Law, J.D., 2007,
editor, Akron Law Review
- The Ohio State University, B.A., 2004
- District of Columbia
- U.S. District Court for the Northern District of Ohio
- U.S. Court of Appeals for the Sixth Circuit
Select a filter
- California Consumer Privacy Act Enforcement and Preparing for 2023 Data Privacy Rules,
Pratt’s Privacy and Cybersecurity Report, December 20, 2022
- U.S. Government Issues Software Security Procurement Guidance,
Government Contracts and Privacy & Cybersecurity Update, September 16, 2022
- CCPA Enforcement and Preparing for 2023 Data Privacy Rules,
Privacy & Cybersecurity Update, September 7, 2022
- California Issues New Draft Privacy Regulations,
Privacy & Cybersecurity Update, June 14, 2022
- Thompson Hine Designated a Cybersecurity Breach Coach®,
Thompson Hine LLP, June 1, 2022
- EU/UK Data Transfer Developments: ln-House Counsel FAQ,
Privacy & Cybersecurity Update, May 16, 2022
- Connecticut Enacts New Consumer Data Privacy Law,
Privacy & Cybersecurity Update, May 12, 2022
- New York Enacts Employee Privacy Law,
Privacy & Cybersecurity Update, May 10, 2022
- Preparing For New Mandatory Cyber Reporting Rules,
Law360, March 28, 2022
- White House Warns of Imminent Cyberattacks; Describes Threat Mitigation Measures,
Government Contracts and Privacy & Cybersecurity Update, March 25, 2022