Focus Areas
- Review and revise a global manufacturing company’s existing website data protection policy to reflect EU/UK GDPR, CPRA and VCDPA requirements.
- Draft internal policies and procedures on how an organization would intake and respond to data subject rights requests, including access, deletion/erasure, correction and opt-outs.
- Draft website policies and internal data flow guidelines for a consumer goods company and subsidiary operating in the US and Canada.
- Assisted in data protection due diligence by analyzing third-party cookies, pixels, and tags deployed on target’s websites.
- Conducted targeted advertising data protection impact assessment (DPIA) for a global brand.
- Assist client that engages in direct-to-consumer e-commerce transactions of consumer goods draft and implement data protection impact assessment policy to comply with U.S. state law, including the California Consumer Privacy Act.
- Draft data protection impact assessment to be used for multiple clients in the e-commerce area who engage in targeted advertising through the use of third-party cookies, pixels and tags.
- Draft multiple cybersecurity incident notification letters to assist client comply with data breach, with special emphasis on furnishing notice based on multiple and discrete data sets compromised, including social security numbers, driver’s license numbers, financial account and routing numbers, and alien identification numbers.
- Assist multinational corporation update its mobile application terms of use and data processing addendum to include new EU and UK cross-border clauses.
- Assist clients review, amend and negotiate data processing agreements.
- Provide formal data breach notifications to individuals and regulatory officials in response to cybersecurity events.
- Draft online terms and conditions, privacy policies and cookie policies for domestic and global companies.
- Conduct risk analysis concerning client’s information practices and, more specifically, data protection impact assessment (DPIA)
- Prepare data transfer impact assessment (DTIA) for exporting personal data from the European Economic Area (EEA) into the United States.
- Assist companies in vendor due diligence, including assessing third-party data processing activities and facilitating data protection contractual requirements.
- Assist in data mapping exercises to identify the purpose, scope and legal authorization for client’s data processing activities.
- Draft policies and procedures and develop internal compliance programs to fulfill domestic and international laws and statutes, including consumer privacy requirements; employee data privacy notices and policies; digital marketing and targeted advertising.
- Assist clients to remove spoofing websites through dispute resolution and legal processes.
- Assisted chemical company in responding to a cyber incident in accordance with federal regulations and state law.
- Provided legal analysis to a global manufacturing company on California’s legal consent requirement for two-party phone monitoring.
- Assisted a global software company in determining whether an unauthorized access to a personnel database constitutes a breach under the General Data Protection Regulation (GDPR) that warrants notification to data subjects and the supervisory authority.
- Assisted companies in responding to serious data events, including ransomware attacks and other incidents involving the unauthorized access, acquisition, or disclosure of personal data or confidential information.
- Drafted new, or supplemented existing, internal policies and procedures to streamline client’s intake and response process to data privacy requests (e.g., access, portability, erasure).
- Provide legal analysis on whether an opt-out from a marketing message applies to an entire organization, or just the specific affiliate who was sending the messages within the CANSPAM law.
- Assisted global manufacturing company in responding to a Lockbit 3.0 ransomware and extortion attack, including providing formal notification to data subjects, regulators and credit monitoring agencies.
- Assisted global manufacturing company respond to a Royal ransomware and extortion attack, including retaining an independent incident response consultant and preparing incident notification to individuals and regulatory officials.
- Drafted webpage privacy policies for e-commerce companies marketing and selling goods, services and products in the EEA.
- Assisted global software company evaluate whether potential data processing activities implicates federal surveillance law.
- Assisted educational institution to determine whether disclosure of educational records constitutes a breach that implicates federal and state breach notification laws.
- Drafted technology agreements, including end-user license agreements for websites and mobile applications.
- “Washington State Enacts My Health, My Data Act,” Thompson Hine Privacy & Cybersecurity Update, May 2023
- “Data Privacy Update: Several U.S. States Enact Privacy Legislation in 2023,” Thompson Hine Privacy & Cybersecurity Update, May 2023
- “California and Colorado Finalize Privacy Regulations,” Thompson Hine Privacy & Cybersecurity Update, April 2023
- “California Consumer Privacy Act Enforcement and Preparing for 2023 Data Privacy Rules,” Pratt’s Privacy and Cybersecurity Report, January 2023
- “CCPA Enforcement and Preparing for 2023 Data Privacy Rules,” Thompson Hine Privacy & Cybersecurity Update, September 2022
- “California Issues New Draft Privacy Regulations,” Thompson Hine Privacy & Cybersecurity Update, June 2022
- “Connecticut Enacts New Consumer Data Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, May 2022
- “New York Enacts Employee Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, May 2022
- “Artificial Intelligence, Personal Data, and Developments in U.S. Law,” PRIS News Flash, March 28, 2022
- “Utah Enacts New Consumer Data Privacy Law,” Thompson Hine Privacy & Cybersecurity Update, March 2022
- “Responding to COVID-19: Privacy Implications of the Rapid Adoption of ICTs”
- Co-author, “Older Adults Use of Technology for Decision-Making: A Systematic Literature Review,” ResearchGate, October 2022
- Co-author, “Illuminating Privacy and Security Concerns in Older Adults’ Technology Adoption,” ResearchGate, October 2022
- “Data Ownership: Legalities Concerning Wearable Technologies,” Privacy Concerns Surrounding Personal Information Sharing on Health and Fitness Mobile Apps, 2021
- Co-author, “Coronavirus Pandemic: The Use of Technology for Education, Employment and Livelihoods,” Journal of Assistive Technology, 2021
- Co-author, “Chapter 5: Responding to COVID-19: Privacy Implication of Adopting ICTs,” Social Vulnerability to COVID-19: Impacts of Technology Adoption and Information Behavior, 2021
- “Information Privacy: A Review of Levels of Analysis and Theories in IS,” New York Celebration of Women in Computing Conference, 2021
- Co-creator, poster: “Assessment of Post-deployment AI Ethical Risks,” presented at Society for Risk Analysis 2020 Risk Science for Sustainability conference, 2020
- “Privacy: A Conceptual Analysis at the Intersection of Information Science, Psychology & Law,” New York Celebration of Women in Computing Conference, 2019
Professional Associations
- American Bar Association: member, Young Lawyers & Professionals Advisory Panel, Privacy and Information Security Committee (2021–2022) (2022-2023); Young Lawyer Representative, Advertising Disputes and Litigation Committee (2021–2022)
- International Association of Privacy Professionals
- New York State Bar Association
- New York City Bar
Education
- State University of New York at Albany, Ph.D., expected December 2022
- State University of New York at Buffalo, J.D., 2018
- State University of New York at Buffalo, M.B.A., 2018
- University of Phoenix, B.S., 2010
Bar Admissions
- New York
- Washington State Enacts My Health, My Data Act,
Privacy & Cybersecurity Update
, May 8, 2023 - Data Privacy Update: Several U.S. States Enact Privacy Legislation in 2023,
Privacy & Cybersecurity Update
, May 4, 2023 - California and Colorado Finalize Privacy Regulations,
Privacy & Cybersecurity Update
, April 27, 2023 - California Consumer Privacy Act Enforcement and Preparing for 2023 Data Privacy Rules,
Pratt’s Privacy and Cybersecurity Report
, December 20, 2022 - CCPA Enforcement and Preparing for 2023 Data Privacy Rules,
Privacy & Cybersecurity Update
, September 7, 2022 - Connecticut Enacts New Consumer Data Privacy Law,
Privacy & Cybersecurity Update
, May 12, 2022 - Utah Enacts New Consumer Data Privacy Law,
Privacy & Cybersecurity Update
, March 24, 2022