Mike’s practice focuses on privacy and cybersecurity issues.

Mike  advises clients on a diverse range of global privacy and information security issues. A significant focus of his practice is assisting a variety of clients, from multinational companies to startups, with evaluating and managing privacy and cybersecurity risks and policy issues. Much of his work has centered on navigating complex privacy and cybersecurity issues on behalf of companies in the financial services industry as well as companies engaged in cutting-edge technologies and information practices, such as AI/machine learning, biometrics, geolocation tracking, and Internet of Things (IoT) devices.

Mike has extensive experience advising clients on compliance with federal, state and international privacy and data security laws. He also regularly assists companies with building and implementing their privacy and information security programs and addressing related governance issues, including developing written policies and procedures; designing incident response programs and conducting breach response preparedness activities; developing cross-border data transfer solutions; preparing data protection impact assessments; and developing and enhancing vendor management programs. He also regularly assists clients with negotiating and drafting privacy and data security terms in commercial contracts and M&A transactions.

Mike’s practice also focuses significantly on helping clients manage large-scale cybersecurity incidents, including advising on data breach response and notification obligations, providing advice regarding communications strategies, engaging third-party experts, and responding to US and international regulatory inquiries and investigations.

Mike also has significant experience advising clients on electronic monitoring and surveillance issues, including legal issues and risks associated with the Electronic Communications Privacy Act (ECPA) and Foreign Intelligence Surveillance Act (FISA).

Mike is a certified information privacy professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).

In addition, Mike maintains an active pro bono practice. He has represented pro bono clients in asylum cases and has advised a variety of issues, including privacy and cybersecurity obligations and US national security policies and regulations.

Relevant Experience

  • Advising numerous clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act (CPRA), and the Virginia Consumer Data Protection Act, including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
  • Advising multiple technology and financial services companies, on developing and managing global privacy programs, including assessing global legal requirements and developing compliance roadmaps, conducting data protection impact assessments, implementing privacy governance structures, designing policies and procedures, and creating training programs.
  • Advising financial services clients on compliance and managing risk associated with privacy, data security and incident response requirements, including under the Gramm-Leach Bliley Act and its implementing regulations and guidance and the New York State Department of Financial Services cybersecurity regulations.
  • Advising numerous clients on building compliance programs and managing risk associated with biometric technology initiatives.
  • Assisting numerous client with implementing AI governance programs and evaluating AI-related legal risks.
  • Represented multiple clients, including in the financial services, consumer technology, critical infrastructure, and retail sectors, on global privacy and data security matters, including implementing and enhancing global data protection programs, advising on relevant privacy and cybersecurity requirements, and assisting with data security incidents.
  • Advised several fintech companies on global privacy and data security issues, including regulatory compliance, data sharing arrangements, cyber preparedness, and incident response.
  • Assisted a global retail and technology company with a cybersecurity incident affecting approximately 150 million user accounts, managing response efforts including notification, follow-up investigations by regulators and data protection authorities, and resulting litigation.
  • Advises multinational companies on privacy and cybersecurity due diligence issues.
  • Advises clients on managing U.S. and international regulatory inquiries in connection with information security incidents, including FTC and state Attorney General investigations and enforcement actions.
  • Advises technology companies, retailers, consumer goods companies and financial institutions on data breach response, including preparation of required notifications pursuant to state breach notification laws, call center training and development of media strategies.
  • Represented numerous multinational companies with managing and responding to global security incidents, including ransomware, credential stuffing attacks, and advanced persistent threats.
  • Provides advice on cybersecurity risks, including proactive breach readiness activities such as developing data breach toolkits, reviewing incident response plans and preparing tabletop exercises.
  • Drafts comprehensive data protection policies, standards and procedures in connection with corporate privacy and information security programs.
  • Assists numerous clients with implementing a vendor management program, including evaluating and negotiating privacy and data security provisions in vendor agreements.
  • Advises clients on risk mitigation and compliance strategies associated with monitoring and surveillance issues.
  • Advises clients on their international data transfer strategies, including mechanisms for addressing the Court of Justice of the European Union’s Schrems II ruling.

Awards & Recognition

  • Recommended for Cyber Law (Including Data Privacy and Data Protection), Legal 500 United States, 2023
  • Recognized in Global Data Review’s 2021 40 Under 40 List