Experience

Data Governance Research for Consumer Rewards Program

Researched discrete data governance issues for an organization’s consumer rewards program. Analyzed issues at the intersection of state and federal gift certificate and consumer rewards laws.

GDPR Training for Multinational Nonprofit

Delivered GDPR training to a multinational nonprofit concerning the encryption of sensitive personal information including arrest records, convictions and victim health information.

Counsel to Expert Witness in Multistate Data Breach Settlement

Advised an expert witness for U.K.-based insurance companies in a case brought in the U.K. courts by the insurers in connection with a multistate data breach enforcement action where the personal information of millions of consumers was exposed. Counsel was provided in regard to U.S. law concerning Section 5 of the Federal Trade Commission Act, the data breach and data security statutes of the 40 states whose attorneys general filed complaints, and the potential insurability of penalties in each of the states. The settlement reached in the case was due in large part to the insurability analysis, which was key during negotiations.

Created Governance Documents for National Institute of Corrections

Drafted governance documents and intergovernmental agreements relating to criminal justice information sharing among local justice and community health stakeholders adopted by the National Institute of Corrections in its revision of the Guidelines for Developing a Criminal Justice Coordinating Committee.

Advised Menswear Retailer in SMS Program Launch, Compliance

Advised a major American menswear retailer in launch a transactional SMS program allowing them to communicate via text message with customers who have opted-in. Armstrong Teasdale navigated a strict regulatory environment by identifying regulatory requirements for SMS programs, evaluating internal business processes to streamline compliance, and drafting the requisite consent language. The program required significant cross-collaboration to meet the expected deadlines.

Data Handling within a SaaS Platform and Related Agreements for Nonprofit

Represented a nonprofit administering a nationwide health care platform by developing their privacy and security compliance, inbound licensing and technology service agreements with local health centers.

Guided Multinational Technology Provider in Data Handling Review

Counseled technology services company serving the financial and health sectors on the use of AI/ML, as well as the proper use of potentially regulated data, as well as assist in response to data incident across five countries.

Privacy Compliance and Data Protection Agreements for Retail Data Analytics Firm

Provided strategic and operational support to data management client in the context of the EU GDPR and concerns over the impact of the CCPA and other state privacy laws.

Information Sharing Agreement for Criminal Justice Council

Coordinated with a multi-agency Criminal Justice Coordinating Council to draft an information-sharing agreement. Regulatory limitations on sharing certain types of protected data were balanced with the agencies' need to facilitate a free flow of information in the interest of public health and safety.

IP Portfolio Development for Cybersecurity Startup

Developed and grew intellectual property portfolio for startup company in the cybersecurity space. Identified key values for the company and prepared and prosecuted patents protecting and building on the value for the client. Obtained the first patent for the company within one year of receiving disclosure to help startup quickly obtain funding and continue strategic growth.

Advised Clients Across Sectors on Data Protection and Cookie Policies

Advised on data protection and cookie policies and related documents for companies in various sectors.

Advised Large Commercial Organisations on Data Policies and Procedures

Advised a number of large commercial organisations on their data collection, storage, processing and retention policies and procedures.

Advised on Brexit Transition, Invalidation of U.S. Privacy Shield

Advised commercial clients on the steps they need to take to deal with Brexit once the transition period expires, as well as on the implications of the invalidation of the U.S. Privacy Shield.

Advised on Data Protection Compliance and Data Flow

Advised various clients on their data protection compliance arrangements and data flow.

Advised Well-Known U.K. Institution on Data Protection, Compliance

Advised a well-known U.K. institution on data protection implementation and compliance.

Data Processing, Sharing Agreement Advice

Advised various businesses and sub-processors on data processing and data sharing agreements.

Data Subject Access Request Management

Advised organisations on how to handle data subject access requests.

ICO Complaints on Behalf of Various Clients

Handled Information Commissioner’s Office (ICO) complaints on behalf of various clients.

Interpretation of and Guidance on Compliance with Data Protection and Privacy Regulations

Provided practical, commercial advice on the interpretation of the data protection and privacy regulations to ensure that a company’s compliance with the law does not restrict its operations unnecessarily.

Advised Leading International Business in Issues Related to a U.K. Social Media Campaign

Advised a leading international business concerning issues arising out of its proposed U.K. social media campaign.

Data Warehousing System and Related Documents for Leading Behavioral Health Non-Profit

Assisted a leading non-profit behavioral health care organization in operationalizing its data warehouse, which included the drafting of the Data Use Agreement and all related policies and policies. This model is being used as the framework nationwide.

Diligence Reviews and Data Privacy Negotiations

Led diligence and deal negotiation on relevant provisions in corporate acquisitions, corporate venture, and private equity clients with respect to the privacy and security posture of target firms.

Trade Secret, Cybersecurity Protection for Real Estate Technology Industry Client

Represented leading commercial real estate industry platform and cloud service provider in transactions and disputes including the protection of trade secrets and cybersecurity breaches.

Secured Motion to Dismiss for Hospital in Protected Health Information, Termination Case

Prevailed on a contested motion to dismiss in favor of hospital client. Plaintiff alleged employment termination in part, due to our client’s allegedly inappropriate and unauthorized disclosure of protected health information. Plaintiff asserted a claim alleging breach of fiduciary duty of confidentiality, seeking both economic losses and punitive damages. Relying in part on HIPAA regulations, we filed a motion to dismiss and a motion to strike the punitive damages claims, and after oral argument, the judge granted the motion.

Expansion of Vulnerability Disclosure Program (VDP)

Assisted a client in creating user privacy policies and agreements surrounding the client’s vulnerability disclosure program. Helped the client expand that program to other entities in contract with the client.

Data Privacy Assessment for Customer Data Platform Company

Led a data privacy assessment and tracking tool implementation project for a leading cloud-based customer data platform company focusing on GDPR and California Consumer Privacy Act (CCPA) compliance. Provided drafting and negotiation assistance for a variety of commercial contracts including Master Service Agreements and Data Protection Agreements.

GDPR Compliance Program Implementation for Aviation Service Company

Facilitate the design, build-out and implementation of the client's GDPR compliance program.

Data Privacy, Antitrust and HIPAA Breach

Investigated and resolved matters involving violations of the Health Insurance Portability and Accountability Act (HIPAA), protected health information data breaches, and Office for Civil Rights (OCR) reporting and investigations, including the inadvertent misdirection of more than 1,500 patients’ protected health information and the intentional disclosure by an employee of protected health information.

Counsel to Worldwide Leader in the Payments Technology Industry

Counseled worldwide leader in the payments technology industry across a variety of practice areas in connection with technology development and licensing, and payment processing service offerings.

Data Privacy Compliance for Multinational Manufacturer

Represented multinational manufacturer in undertaking compliance with GDPR, including update of privacy policies, negotiation of data privacy addenda, and development of an international data transfer mechanism.