Overview

Lisa chairs the firm’s top-ranked global privacy and cybersecurity practice and is the managing partner of the firm’s New York office. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. Chambers USA quotes clients who call her a “market leader,” noting that she is “widely considered the best.” Another client reported that “she is a strong leader with fantastic advice. She does great work on advisory boards and her leadership in the industry has really moved it forward.” Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, which is given to only one lawyer each year for exceptional achievements, and noted that a peer enthused, “Lisa Sotto is a legend.” Clients have called Lisa “the high priestess of privacy” and “the queen of breach.” She was named among The National Law Journal’s “100 Most Influential Lawyers,” an honor bestowed on practicing attorneys who are making the biggest impact in the legal world.

A preeminent lawyer and dynamic problem solver, Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on the California Consumer Privacy Act of 2018 and other comprehensive state privacy laws, GLB, HIPAA and state health privacy laws, COPPA, CAN-SPAM, FCRA, VPPA, data breach notification laws, and other U.S. state and federal privacy and cybersecurity requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Through the firm’s privacy and security in M&A transactions team, Lisa also guides clients on risks and potential liabilities associated with inadequate privacy and data security practices in high-stakes corporate transactions. She conducts all phases of data privacy assessments and information security policy audits. She also develops corporate records management programs, including policies, records retention schedules and training modules.

Lisa has been rated the “No. 1 privacy professional” in all surveys by Computerworld magazine. She is recognized by Chambers and Partners as a “Star” performer (the highest honor) for privacy and data security—the only privacy lawyer in the United States to receive this distinguished ranking. She also is ranked among the leading lawyers in Band 1 for incident response. Lisa is recognized as a leading lawyer for cyber crime, data protection and privacy by The Legal 500 United States. In addition, Hunton Andrews Kurth’s privacy and cybersecurity practice has received the topmost national rankings in privacy and data security both from Chambers and Partners and The Legal 500.

Lisa speaks frequently at conferences, has testified regularly before the US Congress and other legislative and regulatory agencies, is the author of numerous treatises and articles, has been tapped to lead several industry committees and organizations, is sought after by media outlets and industry publications for her professional insights, and appears regularly on national television and radio news programs. She is the editor and lead author of the Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business.

Experience

  • Appointed by Secretaries Mayorkas, Nielson, Johnson and Napolitano as Chair of the US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (2012-present); previously served as Vice Chair (2005-2009).
  • Testified in FTC Hearing on Competition and Consumer Protection in the 21st Century, focusing on the US framework related to consumer data security.
  • Testified before the European Commission and five EU Supervisory Authorities during the Annual Review of the EU-US Privacy Shield.
  • Selected by the European Commission and US Department of Commerce as one of a small group of 16 arbitrators in connection with the EU-US Privacy Shield Framework Binding Arbitration Program.
  • Selected to represent the US Chamber of Commerce in Brussels to present “Global Best Practices Around Data Breach Notification,” a report prepared by Hunton Andrews Kurth LLP and the Chamber.
  • Selected to represent the US Chamber of Commerce in Indonesia to present “Business Without Borders: The Importance of Cross-Border Data Transfers to Global Prosperity,” a report prepared by Hunton Andrews Kurth LLP and the Chamber.
  • Selected as member of US government delegation to Brazil to brief Brazilian government officials on US privacy and cybersecurity policy.
  • Selected to advise Commissioner Shimpo of the Personal Information Protection Commission of Japan on US privacy and data security law.
  • Selected to advise the Serbian government on global data protection law and to draft the country’s data security and breach notification laws. Lisa was sponsored by the USAID-funded Judicial Reform and Government Accountability Project.
  • Testified before US House of Representatives, “Data Protection and the Consumer: Who Loses When Your Data Takes a Hike?”
  • Testified before US Department of Health & Human Services’ Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics regarding RFID use in health care.
  • Testified before CSIS Commission on Cyber Security for the 44th Presidency.
  • Briefed the Secretary of the Army’s cyber strategic group on current issues in cybersecurity
  • Briefed congressional staffers in preparation for data breach hearings held by the House of Representatives Committee on Homeland Security, Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, and in connection with drafting of a comprehensive privacy bill.
  • Selected to advise DHS’s Homeland Security Science and Technology Committee (HSSTAC) regarding Third Party Pre-Screening Program.
  • Selected by US Government Accountability Office to provide advice for a GAO study on data security breaches.
  • Selected by US Office of Management and Budget to participate in OMB analysis of DHS Privacy Office.
  • Routinely assists clients in developing policy positions regarding privacy and cybersecurity legislative and regulatory proposals both in the US and abroad.
  • Advising over 80 clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act of 2020 (CPRA) and other state privacy laws, including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
  • Advises clients on FTC, OCR, SEC and state Attorney General (including Multistate Taskforce) investigations and enforcement actions for alleged data security and privacy violations.
  • Advises clients on managing FTC Consent Orders and CIDs in connection with data security incidents.
  • Advises major health care providers and health plans on all aspects of HITECH security breaches, including OCR and state enforcement.
  • Advises numerous major retailers, financial institutions and other companies on proactive cybersecurity readiness, including developing and conducting full-scale tabletop exercises for C-suite executives and boards of directors.
  • Since 2005, advised on over 3,000 cybersecurity and data breach incidents in the United States and abroad, including many of the world’s seminal events (such as the Colonial Pipeline ransomware incident and Yahoo! breaches affecting 3.5 billion user accounts).
  • Advised well-known telecom manufacturer on extensive APT attack involving significant loss of intellectual property.
  • Advised numerous major retailers on security breaches resulting from criminal tampering of POS terminals, including FBI involvement, forensic investigations, breach notification and PR efforts.
  • Advised Texas State Comptroller in connection with well-known data security incident involving 3.5 million state workers.
  • Advised many multinational clients on EU-US Data Privacy Framework and Privacy Shield certifications and annual recertifications.  
  • Counseled numerous technology companies (both as publishers and advertisers) on data collection and sharing issues (including online behavioral advertising and Big Data initiatives), and the collection and use of geolocation data.
  • Counseled major consumer goods companies on privacy issues associated with the use of radio frequency identification (RFID) and data collection from mobile devices.
  • Advised multiple clients on employee monitoring and surveillance issues under federal, state and international laws, and prepared related policies (including BYOD).
  • Conducted comprehensive privacy and information security policy assessments of major US electric utility and retail and consumer goods companies, including extensive data flow mapping, remediation, and development and implementation of multiple privacy, information security and records management policies and procedures. 
  • Served as HIPAA privacy counsel to large health care system, including over 40 hospitals and long-term care and assisted living facilities, and major academic medical center.
  • Developed and implemented comprehensive global records management program in over 100 countries for one of world's largest software companies (under court supervision), including preparation and implementation of policies and procedures, numerous records retention schedules, in-person and web-based training and audit program.  

Books

  • Editor and lead author, Privacy and Cybersecurity Law Deskbook (1,400-page treatise and annual updates), Aspen Publishers, Wolters Kluwer Law & Business, 2010-2024
  • Contributing editor and co-author, Data Protection & Privacy, United States, Getting the Deal Through, 2014-2021
  • Co-author, Navigating The Digital Age, The Definitive Cybersecurity Guide For Directors and Officers Vol. 3, Lessons From Today’s World, How to Manage a Data Breach, January 2021
  • Co-author, Cybersecurity and Data Breach, Bloomberg BNA Privacy & Data Security Portfolio Series, 2019
  • Co-author, Chapter 11 European Union Data Protection, Data Security and Privacy Law: Combating Cyberthreats, West, Thomson Reuters, 2010
  • Co-author, Data Security Handbook, ABA Section of Antitrust Law, 2008
  • Co-author, Privacy Primer: An Overview of Global Data Protection Laws, 2006

Media Appearances

  • Priestess of Privacy, Penn Law Journal (Sotto Featured), August 19, 2019
  • Thought Leaders in Privacy, DataGuidance (Sotto interviewed), May 1, 2017
  • Bisnow Morning Brief NY, “16 Things You Need to Know This Morning” (Sotto interviewed), February 6, 2017
  • Electronic Discovery Institute’s Distance Learning Initiative, Information Security 101 (Sotto interviewed), February 2017
  • Interview, Cybersecurity Risks and Legal Landscape, KUCI 88.9 FM (National Public Radio), “Privacy Piracy: Protect Your Privacy in the Information Age” (Sotto featured in 30-minute interview), July 25, 2016
  • Mimesis Law’s Cy-Pher Executive Roundtable, What Do You Do With A Hacked Law Firm? (Sotto interviewed), June 10, 2016
  • Mimesis Law’s Cy-Pher Executive Roundtable, Are Law Firms Soft Targets For Hackers? (Sotto interviewed), May 23, 2016
  • CASE in POINT, “Understanding New Threats to Privacy and Cybersecurity” (Sotto interviewed), March 3, 2015
  • HuffPost Live, Regulator Warns of 'Cyber 9/11' Attacks on Banks (Sotto interviewed), March 2, 2015
  • AskForbes Twitter Chat, What Companies Should Do When They’re Breached, August 26, 2014
  • Interview, Female Powerbrokers Q&A: Hunton & Williams’ Lisa Sotto, Law360, December 4, 2013
  • Interview, Cybersecurity Risks and Legal Landscape, KUCI 88.9 FM (National Public Radio), Privacy Piracy: Protect Your Privacy in the Information Age (Sotto featured in 30-minute interview), June 3, 2013
  • Interview, Should There Be a “Right to be Forgotten” Online? (Sotto interviewed), CBSnews.com, May 10, 2013
  • Legal Trends Roundtable: Parts 1-5, 2013 The Year Ahead in Privacy and Data Security (Sotto interviewed), com, January-February 6, 2013
  • Privacy Law Expert: Many Companies Waiting for a Hack (Sotto interviewed), Bloomberg Law, November 1, 2012
  • Radio Television of Serbia, Data Protection Act Good (English translation) (Sotto interviewed), July 18, 2012
  • B92 (Serbian radio and television broadcaster), Careful Sharing Data (English translation) (Sotto interviewed), July 18, 2012
  • Privacy Bill of Rights: A Step Forward, “Can’t be a Back-Burner Issue,” Privacy Lawyer Argues (Sotto interviewed), March 20, 2012
  • Interview (podcast), Privacy Bill of Rights: Not Be-All, End-All, Security Media Group, February 24, 2012
  • Breach Response: The Legal View, Fast Action Can Save Reputation and Ensure Compliance (Sotto interviewed), com, December 15, 2011
  • Breach Response: Reputational Risk, Your Organization’s Name Hinges on Data Value and Security (Sotto interviewed), com, November 30, 2011
  • Law360, Q&A with Hunton & Williams’ Lisa Sotto (Sotto interviewed), November 4, 2011
  • KUCI 88.9 FM, Protect Your Privacy in the Information Age (Sotto featured in 30-minute interview), September 19, 2011
  • FoxLive.com, Is There Need for a Data Privacy Law? (Sotto interviewed), September 6, 2011
  • End to End Trust, Microsoft Corporation, regarding cross industry collaboration and a safer Internet (Sotto interviewed), September 2009
  • CNN’s American Morning, Privacy in the Obama Administration (Sotto interviewed), December 8, 2008
  • ClearChannel Radio, “Tech Talk with Craig Peterson,” regarding the use of RFID in health care (Sotto interviewed), March 4, 2006


Accolades

Honors & Recognitions

  • Recognized as Hall of Fame for Cyber Law (including Data Privacy and Data Protection) (2020-2024) and as a Leading Lawyer (2013-2019) and for Cyber Crimes (2009-2016), and Recommended for FinTech (2019-2024), Legal 500 United States
  • Recognized as a Star Individual in Privacy & Data Security, USA-Nationwide (2013-2024); Band 1 (2007-2012); as a Star Individual in Privacy & Data Security: Cybersecurity, USA-Nationwide (2024); and as a Leader in Privacy & Data Security: Incident Response, USA-Nationwide (2021-2023), Chambers USA
  • Recognized as a Star Individual in Privacy & Data Security, USA (2015-2024); Band 1 (2007-2013); and as a Leader in Privacy & Data Security: Incident Response, USA (2022-2024), Chambers Global
  • Recognized as one of the world’s leading practitioners in Who’s Who Legal Thought Leaders: Data 2019-2024; and Who’s Who of Information Technology Lawyers 2011-2023
  • Honored as a Client Choice Award winner by Lexology, 2022
  • Recognized as a Distinguished Leader by New York Law Journal, 2022
  • Named a “Client Service All‐Star” by BTI, 2022
  • Recognized as a Leader in Legal: Data Protection & Cyber Security, USA; Band 1, Chambers FinTech, 2019-2024
  • Recognized as a Women in Data by Global Data Review, 2022
  • Selected for Outstanding Contribution to the Legal Profession, Chambers and Partners, 2021
  • Recognized among Women in IT Security as a 2020 Veteran, SC Media, 2020
  • Recognized among Women in Security PowerPlayers, SC Media, 2019
  • Named among the 100 Most Influential Lawyers, National Law Journal, 2013
  • Named among Incident Response 30, Cybersecurity Docket, 2016 and 2018
  • Named among the 500 Leading Lawyers in America, Lawdragon, 2014-2016
  • Named among Cybersecurity & Data Privacy Trailblazers, National Law Journal, 2015
  • Named among 45 Regulatory & Compliance Trailblazers, National Law Journal, 2015
  • Named among the 75 Outstanding Women Lawyers, National Law Journal, 2015
  • Named among Attorneys Who Matter, Ethisphere Magazine, 2009, 2012, 2013, 2015
  • Voted Number 1 in all Computerworld polls of global privacy advisors
  • Named among Women in Law, Lawyer Monthly Magazine, 2017
  • Selected among New York County Lawyers Association’s Outstanding Women in the Legal Profession, December 11, 2017
  • Selected as Lawline’s Top 20 Women Faculty of 2016, April 18, 2017
  • Selected for Expert Guides’ “Best of the Best Expert Guide” as a Top 30 Privacy and Data Protection Practitioner Worldwide, 2017-2019
  • Recognized as one of the world’s leading practitioners in The International Who’s Who of Information Technology Lawyers 2011-2021, Who’s Who Legal, ABA Section of International Law and the International Bar Association
  • Selected as a Super Lawyer for Technology Transactions Law, The New York Times Magazine, 2006-2023
  • Selected as one of The Top Women Attorneys for Information Technology/Outsourcing in the New York Metro Area, Super Lawyers
  • Honoree, Empire State Counsel Program, New York State Bar Association, Pro Bono Affairs, 2011, 2014
  • 2000 Champion of Justice Award, New York City Bar Association, 2000
  • Designated a Privacy Law Specialist, International Association of Privacy Professionals, American Bar Association Accredited Lawyer Certification Program
  • Certified Information Privacy Professional/United States (CIPP/US and CIPM), International Association of Privacy Professionals
  • Westin Emeritus Fellow, International Association of Privacy Professionals
  • Fellow of Information Privacy, International Association of Privacy Professionals

Affiliations

Professional

  • Chair, US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, 2012-present; appointed to Committee by Secretaries Mayorkas, Nielson, Johnson, Napolitano, Chertoff and Ridge; Chair, Policy Subcommittee, 2010-2012; Committee Vice Chair, 2005-2009; Member, Cybersecurity Subcommittee, 2013-present (requiring Top Secret security clearance)
  • Member, New York State Department of Financial Services’ (NYDFS) Financial Innovation Advisory Board, 2022-Present
  • Chair, New York Privacy Officers Forum, 2007-present
  • Lead Advisor, DataGuidance US Panel of Experts, 2008-present
  • Member, American Law Institute
  • Fellow, American Bar Foundation
  • Member, Board of Directors, International Association of Privacy Professionals, 2010-2015
  • Member, Board of Directors, Identity Theft Resource Center, 2010–2012

Insights

Events & Speaking Engagements

  • October 23, 2024
    Event
    Speaker
    Cybersecurity: Incident Response, Cornell Tech
  • October 15, 2024
    Event
    Panelist
    Cybersecurity Regulatory and Legal Landscape, Hellman & Friedman Annual CISO/CIO Summit
  • October 11, 2024
    Event
    Speaker
    Cribl Cybersecurity Month Interview 
  • October 10, 2024
    Event
    Panelist
    Managing Data Privacy in the Age of AI Innovation, Retail Industry Leaders Association 2024 Retail Law Conference
  • September 26, 2024
    Event
    Speaker
    Cyber Attack Tabletop, Global Privacy Assembly Dialogues
  • September 23, 2024
    Event
    Chair
    Practicing Law Institute: Cybersecurity 2024: Managing Cybersecurity Incidents
  • September 23, 2024
    Event
    Speaker
    Cyber Attack Tabletop, Practicing Law Institute’s Cybersecurity 2024: Managing Cybersecurity Incidents
  • September 19, 2024
    Event
    Panelist
    Liquid Energy Pipeline Association’s Annual Business Conference, Pipeline Security Session
  • Event
  • June 18, 2024
    Event
    Speaker
    Cyber Attack Tabletop, CrowdStrike CrowdTour
  • June 17, 2024
    Event
    Speaker
    US Privacy Law and Policy: Navigating Increasingly Complex Terrain, Hunton Andrews Kurth/CIPL Webinar
  • June 5, 2024
    Panelist
    Cybersecurity Incident Response and Preparedness, Chief Privacy Officers Council, The Conference Board
  • May 21, 2024
    Event
    Speaker
    Preparing for the Inevitable: Managing a Cybersecurity Incident, Practicing Law Institute’s Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law
  • May 20, 2024
    Event
    Chair
    Practicing Law Institute: Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law
  • May 17, 2024
    Event
    Speaker
    Cybersecurity 2024: The Threat Environment and Legal Landscape, NYC Bar Association
  • May 9, 2024
    Event
    Panelist
    Cybersecurity Panel, HealthTrust Advisory Summit 2024
  • May 2, 2024
    Event
    Panelist
    CISO Roundtable: Navigating the Cyber Threat Landscape from Boardroom to Server Room, Kaseya Connect Global 2024
  • May 2, 2024
    Event
    Speaker
    HIP, HIP-AA, Hooray! A Plan Sponsor’s Guide to HIPAA Privacy and Security Compliance, Hunton Andrews Kurth Presentation
  • April 26, 2024
    Event
    Panelist
    Tribeca Cybersecurity Summit 2024, New York Law School
  • April 9, 2024
    Event
    Speaker
    Digital Threat Landscape and Cyber Breach Scenario, KPMG Board Leadership Conference
  • March 3-5, 2024
    Event
    Chair
    2024 Cambridge Forum for Cybersecurity Leaders, Washington D.C.
  • February 20, 2024
    Event
  • February 8, 2024
    Event
    Speaker
    The Current Threat Landscape & Key U.S. Cybersecurity Legal Developments, Midwest Legal Conference on Data Privacy & Cybersecurity
  • February 7, 2024
    Event
    Speaker
    Achieving Regulatory Compliance in the Face of AI-Enhanced Cybercrime, Acronis Compliance Webinar
  • February 1, 2024
    Event
    Speaker
    IAPP KnowledgeNet ‘Data Privacy Day’, IAPP
  • December 6, 2023
    Event
    Speaker
    Guarding the Privacy and Security of Business Metaverse Applications, The Metaverse Spectrum Conference
  • December 4, 2023
    Event
    Speaker
    Managing Risks in Today’s Retail Cybersecurity Landscape, National Retail Federation Webinar
  • November 8, 2023
    Event
    Chair
    Practicing Law Institute: Cybersecurity 2023: Managing Cybersecurity Incidents, San Francisco
  • November 1, 2023
    Event
    Panelist
    AI: Privacy, Data Protection and Transparency Think Tank, ACI’s Inaugural National Conference on AI Law, Ethics and Compliance
  • October 30, 2023
    Event
    Panelist
    Data Privacy and Cybersecurity Law Update, National Basketball Association
  • October 24, 2023
    Event
    Guest Lecturer
    NYU Master of Science Program in Cybersecurity Risk and Strategy
  • October 12, 2023
    Event
    Speaker
    Cybersecurity Awareness, Collective Health Webinar
  • September 29, 2023
    Event
    Chair
    Practicing Law Institute: Cybersecurity 2023: Managing Cybersecurity Incidents, New York
  • September 27, 2023
    Event
    Panelist
    Lifecycle of a Cyber Attack, Duke Georgetown GMU and FBI AIA Cybersecurity Conference
  • September 22, 2023
    Event
    Panelist
    Cybersecurity Breakout Session, 2023 PCCE Directors' Academy, New York University School of Law
  • July 18, 2023
    Event
    Speaker
    Cybersecurity Update, Perspectives on Privacy, London
  • June 15, 2023
    Event
    Speaker
    Cybersecurity Update, New York Privacy Officers’ Forum
  • May 31, 2023
    Event
    Speaker
    Generative AI: Managing the Legal Risks, Hunton Andrews Kurth Webinar
  • April 18, 2023
    Event
    Speaker
    U.S. Privacy Landscape: Overview of State and Federal Privacy Laws, Information Systems Security Association (ISSA) Privacy Special Interest Group Webinar
  • April 14, 2023
    Event
    Panelist
    Tribeca Cybersecurity Summit 2023, New York Law School
  • March 10, 2023
    Event
    Speaker
    Cybersecurity Law Update and Incident Response Considerations, The Austin CyberSecurity Council
  • March 2, 2023
    Event
    Speaker
    From Safe Harbor to Privacy Shield to the Trans-Atlantic Data Privacy Framework: The Saga Continues, Hunton Andrews Kurth Webinar
  • February 26-28, 2023
    Event
    Chair
    Cambridge Forums Cybersecurity Leaders’ Roundtable
  • January 10, 2023
    Event
    Speaker
    Accountability in Cybersecurity and Privacy: Keeping Your Name Out of the Headlines
  • December 15, 2022
    Event
  • December 14, 2022
    Event
    Speaker
    Practical Privacy: What You Need to Know NOW about GDPR, CCPA and Emerging Regulations, ResNexus Webinar
  • November 21, 2022
    Event
    Guest Lecturer
    Current Issues in Cybersecurity and Privacy Law, Georgetown Law School
  • October 24, 2022
    Event
    Guest Lecturer
    NYU Master of Science Program in Cybersecurity Risk and Strategy
  • October 18, 2022
    Event
  • September 30, 2022
    Event
    Speaker
    Cyber Attack Tabletop, Practicing Law Institute: Cybersecurity 2022: Managing Cybersecurity Incidents
  • September 30, 2022
    Event
    Chair
    Practicing Law Institute: Cybersecurity 2022: Managing Cybersecurity Incidents
  • September 29, 2022
    Event
    Panelist
    Board Oversight of Privacy and Cybersecurity Risks, Bloomberg Law In-House Forum
  • June 30, 2022
    Event
  • June 30, 2022
    Event
    Featured Speaker
    Practical Privacy: What You Need to Know NOW About GDPR, CCPA and Emerging Regulations, 2022 HITEC Conference
  • June 28, 2022
    Event
    Panelist
    2022 Cybersecurity Update, American Petroleum Institute Pipeline Leadership Meeting
  • June 21, 2022
    Event
    Speaker
    Navigating the New Digital Battlefield, Information Security Media Group’s Northeast US Summit
  • May 25, 2022
    Event
    Speaker
    NYS as an Innovation Hub: Cybersecurity, Fintech, and NFTs, NYSBA Business Law Section: 2022 Virtual Spring Meeting
  • May 24, 2022
    Event
  • May 23-24, 2022
    Event
  • May 13-14, 2022
    Event
    Chair
    Cambridge Forums Cybersecurity Leaders’ Roundtable
  • May 14, 2022
    Event
    Discussion Leader
    Cybersecurity Issues in M&A Transactions, Cambridge Forums Cybersecurity Leaders’ Roundtable
  • May 13, 2022
    Event
    Discussion Leader
    The Art of Global Incident Response, Cambridge Forums Cybersecurity Leaders’ Roundtable
  • March 10, 2022
    Event
    Speaker
    American Bankers Association’s Bank General Counsels Group: Monthly Forum
  • March 10, 2022
    Event
    Panelist
    CISO Street Panel – Ransomware, Kiteworks
  • March 9-10, 2022
    Event
    Speaker
    Fireside Chat: You’ve Been Breached: Putting Together Your Best Response Team, Information Security Media Group Middle East Summit
  • February 7, 2022
    Event
    Co-presenter
    The New California, Virginia, & Colorado Laws – What’s Changed, What’s the Same and What To Do Now?, Minneapolis CLE’s 2022 Midwest Legal Conference on Privacy and Data Security
  • January 26, 2022
    Event
    Speaker
    Ready for Ransomware? Designing an Incident Response Playbook and Insurance Program for Today’s Biggest Threat, Risk Tech 2022 Virtual Event
  • January 25-26, 2022
    Event
    Speaker
    Cyber Attack: Essentials of Putting Together the Best Team You Hope You Never Need, Your Incident Response Team, ISMG Virtual Financial Services Summit
  • December 9, 2021
    Event
    Speaker
    A New Standard of Care? White House/NIST Frameworks for Private Sector Cybersecurity, National Association of Attorneys General Cybersecurity Seminar
  • December 3, 2021
    Event
  • November 9, 2021
    Event
    Speaker
    Ransomware, DDoS and Privacy: The Legal Opinion by Lisa Sotto, Information Security Media Group’s New York Summit
  • November 7-9, 2021
    Event
    Chair
    Cambridge Forums Cyber Security Salon
  • October 28, 2021
    Event
  • October 26, 2021
    Event
    Speaker
    The Clock Is Ticking: Ransomware Attack Simulation, Retail Industry Leaders Association (RILA) Retail Law Conference, Tuesday
  • October 12, 2021
    Event
    Panelist
    Managing Enterprise Risks Associated with Cyber and Physical Security, Energy Bar Association’s 2021 Mid-Year Energy Forum
  • October 6, 2021
    Event
    Keynote Speaker
    Cybersecurity Days 2021 Technical Forum, The Ohio State University
  • September 30, 2021
    Event
    Speaker
    The Cyber Threat Landscape, Practising Law Institute: Cybersecurity 2021: Managing Cybersecurity Incidents
  • September 30, 2021
    Event
    Chair
    Practising Law Institute: Cybersecurity 2021: Managing Cybersecurity Incidents
  • September 23, 2021
    Event
    Guest Lecturer
    U.S. Privacy Landscape, MIT Sloan School of Management
  • September 15, 2021
    Event
    Speaker
    Global Cybersecurity Compliance Integrity – USA Perspective, Events4Sure RoundTable Discussion
  • August 11, 2021
    Event
  • July 2021
    Event
    Speaker
    Cybersecurity and Privacy Presentation, CultureClub
  • June 28, 2021
    Event
    Speaker
    Data Privacy Litigation & Regulation – How Do the UK and US Compare?, 11KBW Information Law Virtual Conference 2021
  • June 16, 2021
    Event
    Speaker
    CEOs’ Concerns on Cyber Security & Data Privacy: Implications and Actions for General Counsel & Law Firms, Cyber Security & Data Privacy ConfEx, USA
  • June 10, 2021
    Event
  • May 25, 2021
    Event
    Speaker
    Enterprise Data Security eSummit: Scaling Data Protection Beyond Discovery and Classification, SC Magazine
  • May 19, 2021
    Event
    Speaker
    U.S. Regulatory and Industry Trends Impacting Digital Advertising, Hunton Andrews Kurth Presentation
  • May 17-18, 2021
    Event
    Chair
    Practising Law Institute: 22nd Annual Institute on Privacy and Data Security Law
  • May 17, 2021
    Event
    Speaker
    The California Consumer Privacy Act and the California Privacy Rights Act: Latest Developments
  • April 22, 2021
    Event
  • April 7-9, 2021
    Event
    Speaker
    Cybersecurity Issues in M&A Transactions, Cambridge Forums Cyber Security Salon
  • March 30, 2021
    Event
  • March 25, 2021
    Event
    Guest Lecturer
    Developing a Framework for Privacy Compliance, Privacy Law Seminar, Cornell University
  • March 17, 2021
    Event
    Speaker
    Preparing for Compliance with the California Privacy Rights Act (CPRA), Lexology Data Security & Privacy Policy Outlook Webinar
  • March 2, 2021
    Event
    Speaker
    Digging Through Data: Challenges and Benefits of Audits and Compliance, Women in Security and Privacy (WISP)
  • February 4, 2021
    Event
    Guest Speaker
    NIST Cybersecurity Framework, Cybersecurity Law Course, American University
  • November 19, 2020
    Event
  • November 12, 2020
    Event
    Speaker
    US Privacy in the Wake of the 2020 Election, CIPL Roundtable Webinar
  • October 30, 2020
    Event
    Speaker
    The California Consumer Privacy Act: Compliance Challenges, AXA XL Webinar
  • October 28, 2020
    Event
  • October 23, 2020
    Event
    Speaker
    Data Audits and Unscrambling the Digital Eggs, Privacy+Security Forum
  • October 7, 2020
    Event
    Speaker
    Cybersecurity and Privacy: A How-To-Guide, NFP Corp. Webinar
  • September 24, 2020
    Event
    Speaker
    Cyber Attack Tabletop, Practising Law Institute: 21st Annual Institute on Privacy and Data Security Law
  • September 24, 2020
    Event
    Chair
    Practising Law Institute: Cybersecurity 2020: Managing Cybersecurity Incidents
  • September 24, 2020
    Event
    Speaker
    Cybersecurity 2020: Managing Cybersecurity Incidents, Practising Law Institute (PLI)
  • September 17, 2020
    Event
    Speaker
    Health Data Privacy: International Trade Administration Lunch and Learn
  • September 16, 2020
    Event
    Speaker
    CCPA Enforcement Trends: National Retail Foundation IT Security Council Meeting
  • September 8, 2020
    Event
    Guest Speaker
     NIST Cybersecurity Framework, Cybersecurity Law Course, University of Baltimore School of Law
  • August 17-18, 2020
    Event
    Chair
    Practising Law Institute: 21st Annual Institute on Privacy and Data Security Law
  • August 17, 2020
    Event
    Speaker
    The California Consumer Privacy Act: Compliance Challenges, Practising Law Institute: 21st Annual Institute on Privacy and Data Security Law
  • July 23, 2020
    Event
  • June 23, 2020
    Event
  • June 17, 2020
    Event
    Speaker
    The CCPA Is Here – Are You Litigation-Ready?, Practising Law Institute Briefing
  • June 9, 2020
    Event
    Speaker
    How Will Covid-19 Change the Federal Privacy Debate?, CIPL Virtual Roundtable
  • May 20, 2020
    Event
  • April 19, 2020
    Event
    Speaker
    Privacy and Cybersecurity: The New Frontier, University of Notre Dame Webinar
  • April 2, 2020
    Event
  • March 19, 2020
    Event
  • February 26, 2020
    Event
    Panelist
    Privacy and Beyond: Enforcement and Regulation, 2020 PLUS Cyber Symposium
  • February 24, 2020
    Event
    Speaker
    Cybersecurity: US and Global Landscape, University of Pennsylvania Law School
  • February 13, 2020
    Event
    Speaker
    Hot Topics in Privacy and Cybersecurity Law, Never Stop Learning at Goldman Sachs
  • February 10, 2020
    Event
  • January 22, 2020
    Event
    Speaker
    Cybersecurity Oversight and Governance: Managing the Risk, S4x20 ICS Security Conference
  • November 21, 2019
    Event
  • November 18, 2019
    Event
    Panelist
    Seismic Shifts in Privacy: California and Beyond, The Center for Technology, Innovation and Competition
  • November 14, 2019
    Event
    Speaker
    The New Age of Privacy, Hunton GC Privacy and Data Security Event
  • November 6, 2019
    Event
    Speaker
    CCPA Amendments and Regulations – Managing the Changes, New York Privacy Officers’ Forum Leadership Series
  • October 24, 2019
    Event
    Speaker
    Advancing Compliance and Promoting Privacy through Constructive Engagement between Regulators and Industry, Centre for Information Policy Leadership/Google Side Event, 41st International Conference of Data Protection and Privacy Commissioners
  • October 24, 2019
    Event
    Speaker
    What is Accountability? Addressing the Confusion, Finding Consensus, Centre for Information Policy Leadership Side Event, 41st International Conference of Data Protection and Privacy Commissioners
  • October 24, 2019
    Event
    Speaker
    Building Bridges: Common Approaches to Data Governance, US Chamber of Commerce, 41st International Conference of Data Protection and Privacy Commissioners
  • October 15, 2019
    Event
    Chair
    PLI’s Cybersecurity 2019: Managing Cybersecurity Incidents
  • October 15, 2019
    Event
    Speaker
    Cybersecurity: US and Global Legal Landscape, PLI’s Cybersecurity 2019: Managing Cybersecurity Incidents
  • September 13, 2019
    Event
    Chair and Speaker
    Cybersecurity: US and Global Legal Landscape, PLI’s Cybersecurity Summit 2019
  • September 6, 2019
    Event
    Keynote Speaker
    AmCham China, 2019 Cyber Security and Privacy Protection Salon
  • September 6, 2019
    Event
    Presenter
    Overview of US and EU Data Protection Law, 360 Corporation (Beijing)
  • September 5, 2019
    Event
    Presenter
    Hot Topics in US and EU Privacy and Cybersecurity Law, In-House Counsel by Data Protection Officer (Beijing)
  • July 11, 2019
    Event
    Panelist
    Data Globally, #DataDoneRight, US Chamber of Commerce
  • June 20, 2019
    Event
    Speaker
    Executive Management, the ABA’s 4th National Institute on Cybersecurity & Data Protection: A Law Firm’s Responsibility in Managing Data Risk
  • June 19, 2019
    Event
    Panelist
    Digital Risk Management, AIG
  • June 11, 2019
    Event
    Panelist
    Whose Data Is It, Anyway?, Edison Electric Institute’s Annual Convention (EEI 2019)
  • June 4, 2019
    Event
  • May 21, 2019
    Event
    Chair
    PLI's 20th Annual Institute on Privacy and Data Security Law
  • May 20, 2019
    Event
    Speaker
    Complying with the California Consumer Privacy Act and other US Privacy Developments, PLI's 20th Annual Institute on Privacy and Data Security Law
  • May 16, 2019
    Event
    Speaker
    Risk Management & Cybersecurity - Growing Threats and How to Address Them, MLP & Energy Infrastructure Conference (MEIC 2019)
  • May 14, 2019
    Event
    Speaker
    Dyal Capital Partners, California Consumer Privacy Act of 2018
  • April 26, 2019
    Event
    Speaker
    Data Law and Transnational Business, NYU Law and Guarini Global Law & Tech Global Data Law Conference
  • April 8, 2019
    Event
    Panelist
    Data Protection in the Global Marketplace, Cardozo Data Law Initiative
  • March 19, 2019
    Event
  • March 13, 2019
    Event
    Co-presenter
    Contracting Considerations Under the GDPR, PLI Webinar
  • February 27, 2019
    Event
    Speaker
    Cybersecurity: The Current Threat, Never Stop Learning (NSL) Salon
  • January 24, 2019
    Event
    Speaker
    Texas Cybersecurity Forum, Navigating An Evolving and Complex Legal Landscape
  • January 24, 2019
    Event
    Speaker
    Texas Cybersecurity Forum, Cyber Attack Simulation
  • January 15, 2019
    Event
    Speaker
    National Retail Federation, Cybersecurity: Incident Response and Proactive Readiness
  • December 7, 2018
    Event
    Panelist
    New York City Bar Association, Corporate Counsel Symposium, Disaster Planning
  • November 16, 2018
    Event
    Panelist
    12th Annual Leading Law Firms Conference, Sandpiper
  • November 15, 2018
    Event
    Speaker
    The California Consumer Privacy Act: Impact and Implications, New York Privacy Officers’ Forum Breakfast Briefing
  • November 14, 2018
    Event
  • November 9, 2018
    Event
    Panelist
    National Association of Women Lawyers Annual General Counsel Institute, Burke Williams & Sorensen
  • November 6, 2018
    Event
  • November 6, 2018
    Event
    Speaker
    PLI’s Cybersecurity 2018: Managing Cybersecurity Incidents, Cybersecurity Attack Simulation
  • October 23, 2018
    Event
    Panelist
    Data Protection Seminar, EU’s General Data Protection Regulation, Spain-US Chamber of Commerce
  • October 11, 2018
    Event
    Panelist
    Law Firm Symposium, GDPR Panel, Aon Risk Solutions
  • October 3, 2018
    Event
    Speaker
    FireEye Cyber Defense Summit, SEC Guidance, Mandiant
  • September 21, 2018
    Event
    Speaker
    Intellectual Property, Media & Entertainment Law Journal 29th Annual Symposium, Fordham University School of Law
  • September 7, 2018
    Event
  • June 18, 2018
    Event
    Panelist
    New Jersey Attorney General’s 2018 Computer Crimes Symposium, After the Breach: Working with Law Enforcement
  • June 6, 2018
    Event
    Panelist
    Bloomberg Law, Cross-Border Deals Forum 2018: Applying Emerging Technologies for Efficiency & Success
  • June 5, 2018
    Event
  • June 5, 2018
    Event
    Speaker
    Hunton Andrews Kurth Webinar, Cybersecurity Governance
  • May 16, 2018
    Event
    Speaker
    New York State Bar Association Webinar, Navigating Global Privacy and Security
  • May 8, 2018
    Event
    Speaker
    Hunton Andrews Kurth Webinar, The Top Ten Cyber Security Pitfalls in 2018 (And The Best Practices to Address Them)
  • May 2, 2018
    Event
    Speaker
    BDO Webinar, GDPR Obligations, Governance and Response
  • April 30, 2018
    Event
    Panelist
    PLI’s Investment Management Institute 2018: Technology in the Asset Management Industry
  • April 24, 2018
    Event
    Speaker
    Columbia Law School, Cybersecurity 2018
  • April 16, 2018
    Event
    Panelist
    2018 Women in Retail Leadership Summit, Sharing our Power & Vision
  • April 11, 2018
    Event
    Panelist
    University of Pennsylvania Law School, Looking Back At The Changes In Law And Technology Over The Past Ten Years
  • March 21, 2018
    Event
    Speaker
    MUFG, Data Privacy and Data Protection Seminar
  • March 13, 2018
    Event
    Panelist
    Thinking Out Loud - The Art of Risk, Bernstein
  • March 12, 2018
    Event
    Panelist
    Credit Suisse COO Conference, GDPR: What Do We Need to Know
  • March 7, 2018
    Event
    Speaker
    Hunton & Williams, SEC Cybersecurity Guidance Webinar
  • February 22, 2018
    Event
    Speaker
    KKR, Risk Manager Webinar, The Global Cybersecurity Landscape
  • February 8, 2018
    Event
    Speaker
    Dyal Capital, GDPR and NYDFS Regulations – Navigating Global Privacy and Security
  • January 26, 2018
    Event
    Speaker
    Centre for Information Policy Leadership, Data Breach Notification under the GDPR
  • January 9, 2018
    Event
    Speaker
    Hunton & Williams, Real Estate and Cyber Attacks: Why You’re Not Above the Risk
  • December 12, 2017
    Event
    Panelist
    Credit Suisse COO Conference, Navigating the EU’s GDPR
  • December 7, 2017
    Event
    Speaker
    TPG Global, You’ve Been Hacked – What’s New
  • December 5, 2017
    Event
  • December 5, 2017
    Event
    Speaker
    Deloitte’s GDPR Breach Notification: A How-To Guide
  • December 4, 2017
    Event
    Speaker
    Dominion Energy Services, Inc., Managing the Current Privacy and Data Security Environment
  • November 30, 2017
    Event
    Speaker
    New Jersey CXO Executive Summit,  GDPR and Beyond – Navigating Global Privacy
  • November 17, 2017
    Event
    Speaker
    TPG Global, GDPR Training Webinar
  • November 15, 2017
    Event
    Speaker
    Bloomberg BNA, Ensuring Data Protection in Cross-Border M&A
  • November 14, 2017
    Event
    Speaker
    Tech Up for Women Conference, Cyber Security Overview
  • November 14, 2017
    Event
    Panelist
    ISMG Health Security Summit Panel
  • November 6, 2017
    Event
    Panelist
    NYDFS and Other Cybersecurity Regulations, PwC Webcast
  • November 1, 2017
    Event
    Speaker
    General Counsel Cybersecurity Forum
  • October 25, 2017
    Event
    Panelist
    U.S. Chamber Institute for Legal Reform, 18th Annual Legal Reform Summit, Preparing for an Expedition: Emerging Technologies and Liability
  • October 23, 2017
    Event
    Panelist
    NAAG Fall Consumer Protection Conference, What You Need to Know Right Now About Ransomware
  • October 18, 2017
    Event
    Speaker
    ACA Aponix’s Preparing for Growing Cyber Threats, You’ve Been Hacked
  • October 16, 2017
    Event
  • October 3, 2017
    Event
    Panelist
    Association of Corporate Counsel, Navigating Demands for Ransom and Other Ethical Challenges in Cyber Investigations
  • September 26, 2017
    Event
    Speaker
    Centre for Information Policy Leadership, GDPR Impact and Implementation
  • September 15, 2017
    Event
  • September 15, 2017
    Event
    Speaker
    PLI’s Cybersecurity 2017: Managing Cybersecurity Incidents, Cyber Attack Simulation
  • August 9, 2017
    Event
  • August 8, 2017
    Event
    Panelist
    ISMG Fraud & Break Prevention Summit: How to Effectively Work with Law Enforcement and Regulators on Cybersecurity Incidents
  • August 8, 2017
    Event
    Panelist
    New York City Bar, Careers in Cybersecurity & Data Security
  • July 26, 2017
    Event
  • June 27, 2017
    Event
    Speaker
    Executive Roundtable: Cybersecurity Trends and Legislation, Stroz Friedberg and Palo Alto Networks
  • May 31, 2017
    Event
    Speaker
    PLI’s 18th Annual Institute on Privacy and Data Security Law, Cybersecurity: Managing the Risk & Cyber Attack Simulation
  • May 30-31
    Event
    Chair
    PLI’s 18th Annual Institute on Privacy and Data Security Law
  • April 19, 2017
    Event
    Speaker
    Managing Privacy and Data Security Risks in M&A Transactions: A How to Guide, IAPP Global Privacy Summit
  • April 19, 2017
    Event
    Panelist
    IAPP Global Privacy Summit, A Discussion on Change: What to Expect in the 2017-2020 Cybersecurity Landscape
  • April 18, 2017
    Event
    Moderator
    Privacy Leaders Council: How to Prepare for the GDPR, Retail Industry Leaders Association
  • April 5, 2017
    Event
  • April 5, 2017
    Event
    Speaker
    Hunton & Williams Webinar: Managing Privacy and Data Security Risks in M&A Transactions
  • March 1, 2017
    Event
    Speaker
    Hunton & Williams LLP’s Director Institutional Shareholder Event, Cybersecurity Considerations for Directors
  • February 28, 2017
    Event
    Panelist
    New York City Bar Association, Will the Surveillance State Doom Transatlantic Data Transfer? The Future of the U.S. - E.U. Privacy Shield Agreement
  • February 22, 2017
    Event
    Speaker
    Seeking Solutions: Attributes of Effective Data Protection Authorities, Chamber of Commerce
  • February 9, 2017
    Event
    Panelist
    I’ve Been Hacked! Creating Your Incident Response Plan, 2017 Centerbridge Cyber Summit
  • January 18, 2017
    Event
    Speaker
    Towards Darkness or Light? Balancing Liberty and Security in the Fight Against Cybercrime, Federal Bar Council

Publications

News

Education

JD, University of Pennsylvania Law School, Law Review

BA, History, Cornell University, distinction in all subjects

Admissions

New York

Jump to Page