What do you do?
I advise clients on privacy, cybersecurity, and consumer protection issues. This includes:
- Defending clients before federal and state investigators and enforcement authorities (typically, the FTC and state attorneys general) on issues related to privacy, cybersecurity, and consumer protection;
- Advising clients on compliance with US (state and federal) privacy, cybersecurity, and consumer protection laws;
- Advising clients on privacy and cybersecurity issues on a range of corporate and technology transactions;
- Helping clients respond to cybersecurity incidents and data breaches.
I sort of fell into it, and I’m so glad I did! When I was in law school, there were no classes on privacy law, and the only classes that touched on cybersecurity were a couple of national security law classes. I had no idea this was an area of law that one could practice in.
Ultimately, I chose to focus my practice in this area for few different reasons. First, I love the variety of clients that I get to work with. Some of my clients are start-ups in which the founders are still working out of their parents’ basement, while others are the largest technology companies in the world. Figuring out how to meet the needs of clients at such vastly different stages of growth is challenging, but always interesting. Second, I love the global aspect of the work. While I only practice US law, most clients need advice on privacy laws from around the world. This means I’m on the phone with my colleagues in Europe and Asia almost every day. I find it fascinating to learn how privacy is approached in countries outside the US. Lastly, the evolving nature of the practice means the work never gets old.
What’s keeping you busy?
A bit of everything. I’m representing one of the recipients of the FTC’s sweeping Section 6(b) order that was issued to nine technology companies in December 2020. I’m also tracking, digesting, and advising clients on the potential implications of the various state privacy laws that are making their way through the legislatures. In addition, my transactional practice is also very active. We’re seeing a big uptick in IPOs and SPAC transactions right now, and many involve technology companies with lots of data!
What mentors or other influential figures have helped you get where you are today?
Latham partner Jennifer Archie was my first mentor at the firm. I started working with her when I was a brand new associate, and I certainly would not be where I am today if it weren’t for her. She taught me how to be a privacy and breach response lawyer, and has been my #1 champion from the beginning. In more recent years, Michael Rubin has become another mentor since he joined Latham in the Bay Area a couple of years ago. He has taught me a tremendous amount and pushed me to be a better lawyer. I’m so grateful that Jennifer and Michael have invested their time in mentoring me and I use lessons I’ve learned from them in mentoring the younger lawyers that I work with each day.
How has covid-19 affected what you do?
The day to day doesn’t feel that different, other than the fact that I’m not in the office. But it has certainly made my practice even busier. My technology clients didn’t slow down at all last year, and they needed advice at the same light speed pace as usual. At the same time, many clients were launching covid initiatives, and others were forced to move much of their business online – all of which required privacy advice. Some of this new work was for pro bono clients who had never had a presence online. The work was both interesting and very rewarding.
What’s the next big thing – what data opportunities are companies now looking at?
Privacy and security are here to stay, and companies across the board are looking at technical means by which to satisfy these obligations, including building systems that allow for more precise data use limitations, and developing advanced forms of anonymisation. The companies that 'win' at privacy and security will be the most successful in the long run.
What’s keeping companies worried at the moment – what are some key data risks?
Companies are concerned about the myriad of state privacy laws that are either in effect or are being contemplated by state legislatures. They are evaluating how these laws will impact them, and how they will comply with multiple different US privacy law frameworks.
What do you do to relax?
Spend time with my family (though, in reality, spending time with my kids often isn’t all that relaxing!). My parents have a house a couple hours outside of DC in the country, and we love to visit any opportunity we get. We actually lived there for the first 9 months of covid. It is a beautiful place, and there are many outdoor activities to keep the kids occupied.