Legal advice on data, privacy and cybersecurity issues in the following contexts:
- Counseling. Product development, compliance, marketing, and data strategy
- Transactions. Commercial, venture financing, M&A, and public offerings
- Incident response. Planning and breach counseling
- Regulatory. Investigations, enforcement actions, and rulemaking
Legal expertise includes:
- Holistically addressing privacy and AI laws in the U.S. and other global markets, including General Data Protection Regulation (GDPR), the EU AI Act, and data protection laws in Canada, LATAM and APAC.
- Cross-border data transfers
- State comprehensive privacy laws, including the California Consumer Privacy Act (CCPA)
- State AI laws
- Wiretap and invasion of privacy laws
- Children's privacy laws, including Children's Online Privacy Protection Act (COPPA) Age-Appropriate Design Codes, and K-12 privacy laws
- Direct marketing laws, including TCPA, state telemarketing laws, CAN-SPAM Act and UK/EU ePrivacy rules
- Financial privacy laws, including Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA)
- Healthcare privacy laws, including HIPAA and state consumer healthcare privacy laws
- State data broker laws
- FTC privacy and data security enforcement
- Data security and breach notification laws
- SEC cybersecurity rules and reporting requirements
Domain expertise in multiple data-driven technologies, including AI/ML, biometrics, adtech, AR/VR, autonomous vehicles, IoT devices, medical devices, cleantech, video games, and cloud/SaaS.