Skip to main content
Professional background
Biography image

ThoraKnight, Ph.D.

New York

O 212.908.3971

M 646.689.3502

ThoraKnight, Ph.D.


Focus Areas

  • Assisted U.S. chemical and manufacturing company in responding to Akira ransomware including notifying impacted data subjects and regulatory authorities.
  • Assisted a global manufacturer in responding to ransomware attack by Black Basta that encrypted its VMware ESXi including providing formal notification to data subjects and regulators.
  • Assessed whether inclusion of social security numbers on health plan communications transmitted via mail from business associate would be considered a data breach for purposes of federal and state data breach notification laws for a U.S.-based publicly traded multinational corporation.
  • Assisted consumer goods company in investigating and responding to data breach arising from unauthorized access to, and exfiltration of, customer data from the company’s third-party e-commerce platform due to compromise of an employee’s account credentials.
  • Assisted global manufacturing company with response to the inadvertent disclosure of export-controlled data to foreign nationals.
  • Assessed and identified the current state of organizational policies and procedures across different sectors including manufacturing and consumer to determine its compliance with the CCPA, CDPA, CTDPA and VCDPA.
  • Reviewed and revised a global manufacturing company’s existing website data protection policy to reflect EU/UK GDPR, CPRA and VCDPA requirements.
  • Drafted internal policies and procedures on how an organization would intake and respond to data subject rights requests, including access, deletion/erasure, correction and opt-outs.
  • Drafted website policies and internal data flow guidelines for a consumer goods company and subsidiary operating in the US and Canada.
  • Assisted in data protection due diligence by analyzing third-party cookies, pixels, and tags deployed on target’s websites.
  • Conducted targeted advertising data protection impact assessment (DPIA) for a global brand.
  • Assisted client that engages in direct-to-consumer e-commerce transactions of consumer goods draft and implement data protection impact assessment policy to comply with U.S. state law, including the California Consumer Privacy Act.
  • Drafted data protection impact assessment to be used for multiple clients in the e-commerce area who engage in targeted advertising through the use of third-party cookies, pixels and tags.
  • Drafted multiple cybersecurity incident notification letters to assist client comply with data breach, with special emphasis on furnishing notice based on multiple and discrete data sets compromised, including social security numbers, driver’s license numbers, financial account and routing numbers, and alien identification numbers.
  • Assisted multinational corporation update its mobile application terms of use and data processing addendum to include new EU and UK cross-border clauses.
  • Assisted clients review, amend and negotiate data processing agreements.
  • Provided formal data breach notifications to individuals and regulatory officials in response to cybersecurity events.
  • Drafted online terms and conditions, privacy policies and cookie policies for domestic and global companies.
  • Conducted risk analysis concerning client’s information practices and, more specifically, data protection impact assessment (DPIA).
  • Prepared data transfer impact assessment (DTIA) for exporting personal data from the European Economic Area (EEA) into the United States.
  • Assisted companies in vendor due diligence, including assessing third-party data processing activities and facilitating data protection contractual requirements.
  • Assisted in data mapping exercises to identify the purpose, scope and legal authorization for client’s data processing activities.
  • Drafted policies and procedures and develop internal compliance programs to fulfill domestic and international laws and statutes, including consumer privacy requirements; employee data privacy notices and policies; digital marketing and targeted advertising.
  • Assisted clients to remove spoofing websites through dispute resolution and legal processes.
  • Assisted chemical company in responding to a cyber incident in accordance with federal regulations and state law.
  • Provided legal analysis to a global manufacturing company on California’s legal consent requirement for two-party phone monitoring.
  • Assisted a global software company in determining whether an unauthorized access to a personnel database constitutes a breach under the General Data Protection Regulation (GDPR) that warrants notification to data subjects and the supervisory authority.
  • Assisted companies in responding to serious data events, including ransomware attacks and other incidents involving the unauthorized access, acquisition, or disclosure of personal data or confidential information.
  • Drafted new, or supplemented existing, internal policies and procedures to streamline client’s intake and response process to data privacy requests (e.g., access, portability, erasure).
  • Provided legal analysis on whether an opt-out from a marketing message applies to an entire organization, or just the specific affiliate who was sending the messages within the CANSPAM law.
  • Assisted global manufacturing company in responding to a Lockbit 3.0 ransomware and extortion attack, including providing formal notification to data subjects, regulators and credit monitoring agencies.
  • Assisted global manufacturing company respond to a Royal ransomware and extortion attack, including retaining an independent incident response consultant and preparing incident notification to individuals and regulatory officials.
  • Drafted webpage privacy policies for e-commerce companies marketing and selling goods, services and products in the EEA.
  • Assisted global software company evaluate whether potential data processing activities implicates federal surveillance law.
  • Assisted educational institution to determine whether disclosure of educational records constitutes a breach that implicates federal and state breach notification laws.
  • Drafted technology agreements, including end-user license agreements for websites and mobile applications.
  • “Information Privacy: A Review of Levels of Analysis and Theories in IS,” New York Celebration of Women in Computing Conference, 2021
  • Co-creator, poster: “Assessment of Post-deployment AI Ethical Risks,” presented at Society for Risk Analysis 2020 Risk Science for Sustainability conference, 2020
  • “Privacy: A Conceptual Analysis at the Intersection of Information Science, Psychology & Law,” New York Celebration of Women in Computing Conference, 2019

Professional Associations

  • American Bar Association: member, Young Lawyers & Professionals Advisory Panel, Privacy and Information Security Committee (2021–2022) (2022-2023); Young Lawyer Representative, Advertising Disputes and Litigation Committee (2021–2022)
  • International Association of Privacy Professionals
  • New York State Bar Association
  • New York City Bar


  • State University of New York at Albany, Ph.D., 2024
  • State University of New York at Buffalo, J.D., 2018
  • State University of New York at Buffalo, M.B.A., 2018
  • University of Phoenix, B.S., 2010

Bar Admissions

  • New York