I advise organizations across a range of industries, especially financial services and healthcare, on data protection and privacy law, including obligations under the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Electronic Communications Privacy Act (ECPA), the Computer Fraud and Abuse Act (CFAA), the Children’s Online Privacy Protection Act (COPPA), Sarbanes-Oxley (SOX), CAN-SPAM, breach notification laws, among other Federal and state laws.
Data Breach Prevention, Response, and Litigation
I work with organizations protect them both before and after a data breach. As an attorney, I develop or improve data privacy practices and incident response plans, oversee privacy and security assessments, conduct cybersecurity tabletop exercises, and assist the Executive Leadership Team in advising its Board of Directors.
Under my supervision, my [other] company, Adamant Digital Forensics and Cybersecurity, performs information security and regulatory compliance risk assessments, the results of which may be privileged because of my involvement.
In the event of a breach, my team, which has extensive law enforcement and regulators experience, provides rapid and comprehensive incident response under the protection of the attorney-client privilege, including digital forensics investigations carried out by Adamant Digital Forensics and Cybersecurity.
I have assisted numerous organizations in response to information security incidents or breaches, including health care providers and financial institutions, to include differentiating between a security or privacy incident, determining the source and scope of the incident or breach, assessing regulatory compliance requirements, managing notifications, managing public relations, and preparing after-action reports.
Across the country, there are very few attorneys who understand the cybersecurity threat landscape, threat modeling, attack surfaces, IT and information security operations, and how these relate to legal obligations under state and Federal law As an attorney with software engineering, IT management, digital forensics, and cybersecurity background spanning 24 years, I am among those few.
I have assisted clients in a broad range of industries, including financial services, healthcare, and medical device manufactures to comply with regulatory requirements and industry standard best practices, and to implement information security policies, processes, and procedures to mitigate against cybersecurity incidents, assist with incident response after an informations security incident or data breach, and to develop after-action strategies to prevent recurrence.
I also have technical and legal experience in data encryption technology, helping U.S. manufacturers with Department of Commerce BIS and international requirements governing the import, export, sale, and use of encryption.
Legal Ethics and Attorney Disciplinary Proceedings
For the past five years, I have been an investigator with the 4th Judicial District Ethics Committee. The 4th DEC is a committee of the Minnesota Office of Lawyers Professional Responsibility, and is the largest district ethics committee in Minnesota. Approximately 45% of all lawyer complaints arise in Hennepin County, which has a corresponding percentage of attorneys.d
Through this experience, I have investigated or cast a Committee vote upon a wide range of complaints against lawyers, and have developed a deep understanding of both liabilities under and defenses to complaints against lawyers alleging violations of the Rules of Professional Conduct. Nearly all of my Findings and Recommendations to the Director of the Office of Lawyers Professional Responsibility have been adopted verbatim or substantially so in Determinations issued by the Director, indicating the soundness of my analysis and ultimate conclusions.
Because the vast majority of attorney disciplinary proceedings is conducting in writing (briefing), my appellate advocacy, legal writing, and legal research skills enable me to provide respondent-lawyers with the best possible defense.