What do you do?
As I tell my daughters, who are in kindergarten and second grade, I help people understand and play by the rules around protecting data. I also help people defend themselves if someone says they aren’t playing by the rules or if someone breaks into their systems and steals their data. My kids get it, and I’ve actually overheard them playing “hacker” which is mildly amusing.
Privacy law and data security have always been really interesting to me. As a law student and young lawyer, I found myself reading about it in my spare time, but I ruled it out as a specialty because I didn’t have any technical background – I have a Master’s degree in English Literature and almost went for a PhD in literature.
When I was a junior associate in general litigation / investigations, I worked for a client who was being investigated by the FTC related to a privacy matter. I loved the work, and just kept taking as much of it as I could. Shortly after that I worked on the investigation of the Yahoo! data breaches for the independent Special Cybersecurity Review Committee of the Yahoo! board of directors. I haven’t looked back since then. Now I’ve been doing privacy and cybersecurity law for most of my career.
What’s keeping you busy?
In addition to helping out clients with recent breaches, including some high-profile supply chain attacks, I’ve been trying to keep up with the breakneck speed at which states are passing their own privacy laws.
What mentors or other influential figures have helped you get where you are today?
In law school, Professor (now Dean) Heather Gerken was a key mentor in terms of navigating the legal profession as a first generation professional and a woman. Since law school, I have worked with some wonderful mentors. Two of the most influential were the Honorable Scott M. Matheson Jr. of the U.S. Court of Appeals for the Tenth Circuit, who taught me so much about legal analysis (and sourdough) during my clerkship, and Ed McNicholas who co-leads our data, privacy, and security practice group at Ropes & Gray.
If you could change one data-related law, how and why would you change it?
The time for a federal US privacy law is here. I genuinely hope we do not end up with a patchwork of 50+ different laws for each state and territory like we have for data breach laws. (Also, it’s not exclusively data-related, but it is time to make DC a state!)
How has covid-19 affected what you do?
The work definitely has not slowed down. Like so many other people, I have been working from home, which has caused me to find new ways to look at my work/life balance. We’ve all learned to be a little more flexible with our expectations of colleagues’ home lives slipping into work calls. I hope that once the world goes back to normal we are all a little more understanding and inclusive of everyone as a whole person outside of the office.
What’s keeping companies worried at the moment – what are some key data risks?
Recently, we’ve seen extensive attacks from Russia and China, against the US technology infrastructure. Microsoft, SolarWinds, and Amazon Web Services have been reportedly used as part of those attacks. We’ve seen trusted pieces of software used against American companies and the government. These types of supply-chain attacks from government-sponsored attackers are worrying many companies right now. There needs to be robust cooperation between the private and public sectors, and companies need to be able to share information with the government and their industry without fear of violating privilege or raising antitrust issues.
What do you do to relax?
In addition to spending time with my kids, I like to paint watercolours and I have dreams of writing a novel or two one day. I am also one of the many people who purchased a Peloton during the pandemic. It has been a fun way to get exercise, de-stress, and even connect with friends and other attorneys (shoutout to #pelolawmoms).