Overview

Sam has deep experience drafting privacy and data security policies and procedures in compliance with applicable laws, and counseling clients to navigate and comply with state, federal, and international privacy laws, including the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), and China’s Personal Information Protection Law (PIPL). Sam works with clients to revise online privacy notices, implement processes to respond to consumer rights requests, negotiate privacy terms in vendor contracts, and prepare for and respond to cybersecurity incidents. In addition, Sam has experience in advising businesses on legal issues related to cutting-edge technologies, such as artificial intelligence (AI) and machine learning, biometrics, the metaverse, and smart cities.

Sam is an IAPP Certified Information Privacy Professional and Manager (CIPP/US, CIPP/E, CIPP/C, CIPP/A, CIPM). He is also a principal of Hunton Andrews Kurth’s Centre for Information Policy Leadership (CIPL), a global privacy and data policy think tank, and has written over 100 CIPL white papers on data protection issues.

During law school, Sam worked with the Stanford Center for Internet & Society and Penn Law’s Center for Technology, Innovation and Competition and undertook internships with the privacy office of Shell Oil as well as Matheson, one of Ireland’s leading law firms.

Experience

  • Advises clients on compliance with state privacy law requirements, including the CCPA of 2018, the California Privacy Rights Act of 2020, and other emerging comprehensive state privacy laws, including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
  • Assists clients to evaluate AI-related legal risks with the onboarding, development, and deployment of AI applications and tools, as well as with creating AI policies and building AI governance programs.
  • Guides companies in developing and managing global privacy programs, including assessing global legal requirements and developing compliance roadmaps, conducting Data Protection Impact Assessments, implementing governance structures, designing policies and procedures, and creating training programs.
  • Counsels clients on their international data transfer strategies, including requirements to certify to the Data Privacy Framework (DPF), implement standard contractual clauses, and conduct PIPL data transfer security assessments.
  • Advises a luxury retailer on global privacy and security issues and compliance with global data privacy requirements, including US state privacy laws, the EU GDPR, China PIPL, and global marketing rules, and advises the company on its privacy policies, vendor contract negotiations, and cybersecurity issues.
  • Assists clients with managing and responding to global security incidents, including compliance with breach notification requirements and responding to regulatory inquiries.

Insights

Events & Speaking Engagements

  • May 22, 2024
    Event
  • May 23, 2022
    Event
    Speaker
    Managing Privacy and Security Developments in the Rest of the World, Practicing Law Institute’s Twenty-Fourth Annual Institute on Privacy and Cybersecurity Law
  • March 3, 2022
    Event
    Speaker
    PIPL: 4 Months into China’s New Privacy Law, Hunton Andrews Kurth Centre for Information Policy Leadership Webinar
  • August 10, 2021
    Event
    Speaker
    APEC CBPR: Convergence with Other Global Privacy Frameworks, 43rd APEC Digital Economy Steering Group Data Privacy Sub-Group Meeting
  • April 12, 2021
    Event
    Speaker
    Data Privacy Governance, Carnegie Mellon University Information Networking Institute
  • October 3, 2019
    Event
    Speaker
    US and International Enforcement Actions, National Defense Industrial Association Privacy Symposium
  • May 24, 2019
    Event
    Panelist
    International Developments Impacting Canada, IAPP Canada Privacy Symposium
  • July 10, 2018
    Event
    Speaker
    Kids and the GDPR: Special Considerations, American Bar Association GDPR Minute Series
  • April 16, 2018
    Event
    Speaker
    Customer Profiling Under GDPR: What’s Allowed, What’s Forbidden, and What’s Unclear, RSA Conference GDPR Essentials Seminar

Publications

Education

LLM, University of Pennsylvania Law School, 2017

LLM, Queen Mary University of London, 2016

LLB, University College Cork, 2014

Admissions

New York

Languages

Additional Service Areas

Jump to Page