Privacy + Security Forum Fall Academy

Webinar | September.30.2021


Heather Sussman, Keily Blair, Emily Tabatabai and Hannah Levin led panels on cyber supply chain attacks and dark patterns during the Privacy + Security Forum Fall Academy hosted by the Privacy + Security Academy.

Cyber - Supply Chain Attacks - Risk Identification, Mitigation and Response

Due to globalization, decentralization and outsourcing of supply chains, the number of cybersecurity exposure points for any organisation has increased - and continues to increase - exponentially over time. As such, understanding the cybersecurity risk associated with your supply chain should be a key area of focus for all organisations. In this panel we consider how you can proactively (and pragmatically) identity and triage cyber security risk in your supply chain, and how an organisation should react when facing a cyber security incident in its supply chain.

Heather Sussman, Partner, Orrick, Herrington & Sutcliffe
Keily Blair, Partner, Orrick, Herrington & Sutcliffe
Peter Lefkowitz, VP and Chief Digital Risk Officer of Citrix

Dark Patterns: The Privacy Hot Topic of 2021

"Dark Patterns" keep popping up in all corners of the privacy space. While deceptive acts and practices have long been prohibited by the FTC Act, the amorphous concept of "dark patterns" has been a recent focus of the FTC, consumer advocate organizations and state legislators. But what are "dark patterns" and when does user interface design cross over from "optimized" to "manipulative" or "deceptive"? This panel will explore the existing legal frameworks as well as legislative proposals that seek to define and regulate dark patterns, highlight recent enforcement actions and consumer complaints, and help your business stay on the right side of the emerging law.

Emily Tabatabai, Partner, Orrick
Hannah Levin, Managing Associate, Orrick
Stacey Gray, Senior Counsel, Future of Privacy Forum



  • Technology & Innovation Sector
  • Finance Sector
  • Energy & Infrastructure Sector
  • Cyber, Privacy & Data Innovation
  • Global Compliance & Regulatory
  • Government Investigations and Enforcement Actions
  • Technology & Innovation
  • Fintech
  • Environmental, Social & Corporate Governance (ESG)
  • Strategic Advisory & Government Enforcement (SAGE)

Heather Egan Partner


Heather partners with clients to reduce the risk of privacy and security incidents. In the event of an incident, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries. She provides comprehensive crisis management support and companies rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties. 

To help clients navigate complicated global regulatory compliance challenges, she leads comprehensive cybersecurity and privacy assessments worldwide, vets risks in corporate transactions, conducts internal investigations stemming from data incidents, and  drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data. Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes.



  • Technology & Innovation Sector
  • Cyber, Privacy & Data Innovation
  • Technology Companies Group
  • Internet of Things
  • Strategic Advisory & Government Enforcement (SAGE)

Emily S. Tabatabai Partner

Washington, D.C.; Houston

Emily provides strategic counseling and advice on privacy, consumer protection and online safety matters to clients across industries, including retail, ecommerce, mobile apps, gaming, social media, advertising technology (adtech), financial services, education, business services and technology. She also represents clients subject to regulatory investigations, including before the FTC and States Attorneys General, Congressional committees and other regulatory agencies and groups.

Emily provides proactive compliance guidance, and regulatory investigation defense, on a variety of privacy and consumer protection laws, including:

  • U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Online safety laws for kids and teens, including California Age-Appropriate Design Code Act (AADC), Utah Social Media Regulation Act and others
  • Section 5 of the Federal Trade Commission Act (FTC Act) and state unfair and deceptive acts and practices (UDAP) laws
  • Family Educational Rights and Privacy Act (FERPA)
  • California’s Student Online Personal Information Protection Act (SOPIPA), New York’s Education Law 2-d and other state student data privacy laws
  • Illinois’ Biometric Information Privacy Act (BIPA) and other biometric privacy laws
  • Washington My Health My Data Act and other state health privacy laws
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Telephone Consumer Protection Act (TCPA)
  • Telemarketing Sales Rule (TSR)
  • Restore Online Shoppers’ Confidence Act (ROSCA)

Emily is a frequent speaker on data privacy matters, with a particular focus on children’s privacy (COPPA), student data privacy and EdTech and online safety laws for kids and teens. She has been featured as an “Up and Coming” Privacy & Data Security attorney by Chambers USA and Chambers Global. Clients tell Chambers, “She’s been an excellent partner. She has a very good understanding of the practical realities of implementing privacy policies for large companies.” Citing her expertise in the field of educational privacy, student data and EdTech matters, Chambers reports that clients regard her as “very knowledgeable and truly an expert in this space,” with some saying, “On the student data side, she is unmatched,” and The Legal 500 notes that Emily “is the first port of call for child- and student-directed service providers for compliance advice with COPPA, SOPIPA and CalOPPA regulations.”

Emily also has an active consumer protection practice, focused on marketing and promotional issues. She counsels clients on advertisements and endorsements, retail sales and e-commerce, advertising substantiation, SMS and telemarketing, social media and online advertising.



  • Technology & Innovation Sector
  • Cyber, Privacy & Data Innovation
  • Strategic Advisory & Government Enforcement (SAGE)

Hannah Levin Senior Associate

Washington, D.C.

Hannah provides guidance on state and federal regulations, including state data breach laws and notification requirements, the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), the Federal Trade Commission Act (FTC Act), the Health Insurance Portability and Accountability Act (HIPAA), and the advertising industry’s self-regulatory regimes. She also helps clients navigate consumer protection issues, including the Restore Online Shoppers’ Confidence Act (ROSCA) and federal and state consumer protection statutes.

Hannah also has broad civil and criminal litigation experience. She has worked on complex class action and commercial litigation matters, government enforcement actions and internal corporate investigations. She has represented clients facing liability under a variety of state and federal laws, including federal and state consumer protection statutes.

Prior to entering private practice, Hannah served as a law clerk to the Honorable Lynne A. Battaglia of the Supreme Court of Maryland.