Privacy + Security Forum Spring Academy: Hot Topics in State Privacy Laws Compliance and Advertising Challenges in the Healthcare Context

Speaking Engagement | May.10.2023 - May.12.2023

George Washington University Student Center, Washington, DC

Members of Orrick's Cyber, Privacy & Data Innovation team will lead panels on recent developments in U.S. privacy laws and advertising challenges in the healthcare context during the Privacy + Security Forum Spring Academy hosted by the Privacy + Security Academy.

Before the Next Wave: Hot Topics in State Privacy Laws Compliance
Thursday, May 11, 2023: 02:30 PM-03:30 PM EST

As the CPRA’s enforcement and other state laws’ effective dates draw near, this panel will walk through compliance “hot topics”, trends and predictions regarding the U.S. state comprehensive privacy laws that go into effect this year (with more likely to come).

Sulina Gabale, Partner, Orrick, Herrington & Sutcliffe
Lisa Barksdale, Director of Privacy Compliance, Zillow Group
Arlene Mu, Assistant General Counsel & Chief Privacy Officer, Lowe’s Companies
Jon Knight, Senior Corporate Counsel, Deltek

Advertising Challenges in the Healthcare Context
Friday, May 12, 2023: 10:10 AM-11:10 AM EST

Are you operating in the healthcare space and worried about recent FTC enforcement actions, OCR guidance, and class action litigation and demand letters arising from the use of online ad trackers, such as the Meta Pixel and Google Analytics? Come join our panel to learn about the recent developments in this space and how to manage the risks their use present.

Thora Johnson, Partner, Orrick, Herrington & Sutcliffe
Sundeep Kapur, Senior Associate, Orrick, Herrington & Sutcliffe
Andrew Shaxted, Managing Director, FTI Consulting

Learn more

Contacts

Sulina Gabale Partner, Cyber, Privacy & Data Innovation, Internet of Things

Washington, D.C. Office

See my bio

D: +1 202 339 8420
E: [email protected]

Practice:

Cyber, Privacy & Data Innovation
Internet of Things
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Sulina Gabale Partner

Washington, D.C. Office

Sulina Gabale is a Partner and founding member of the Cyber, Privacy & Data Innovation practice, named Privacy & Data Security Law Firm of the Year by Chambers USA in 2019.

As innovation pushes the limits of technology, those ideas challenge the boundaries of what is considered “personally identifiable information.” Sulina answers the question - how can we create tomorrow’s technology with yesterday’s privacy and consumer protection laws? Sulina works closely with innovators at all levels of a business – executives, engineers, marketing and product, HR and customer service teams – to gain a true understanding of their goals and the data they’re collecting, using and sharing. She places herself in her client’s shoes as well as in consumers’ mindset to devise creative privacy-by-design solutions, ensuring her client’s business and data innovation strategies withstand multi-national rules, government regulations, industry standards and consumer scrutiny.

With experience in both data privacy and consumer protection, Sulina utilizes a comprehensive approach to counsel clients on a myriad of issues affecting consumers and businesses. She routinely guides companies of all sizes through the existing patchwork of laws, self-regulatory standards and industry practice impacting data privacy and security. She advises clients subject to regulatory investigations and litigation involving a spectrum of federal and state laws, including:

California Online Privacy Protection Act (CalOPPA)
California Consumer Privacy Act (CCPA)
California Privacy Rights Act (CPRA)
Children’s Online Privacy Protection Act (COPPA)
Biometric privacy laws such as the Illinois Biometric Information Privacy Act (BIPA) and other
Family Educational Rights and Privacy Act (FERPA) and related state student data privacy laws
Fair Credit Reporting Act (FCRA)
Gramm-Leach-Bliley Act (GLBA)
Section 5 of the Federal Trade Commission Act (FTC Act)
Virginia Consumer Data Protection Act (VCDPA)

Sulina advises companies of all sizes on the development and deployment of cutting-edge technologies and services, including ad-tech, AI and machine learning, biometric tools, social media, robotics and IoT devices, marketing and promotions and more. Sulina began her legal career focusing on consumer protection. She continues to counsel clients on marketing and promotional issues, including interest-based ads; sweepstakes and promotions; automatic renewal and subscriptions; advertising substantiation; influencer programs and social media; SMS text messaging and telemarketing (including matters involving the Telemarketing Sales Rule (TSR), the Telephone Consumer Protection Act (TCPA)); and other state and federal consumer protection laws.

Sulina’s practice is industry-agnostic. She has represented clients ranging from start-ups to Fortune 500s, non-profits, academic institutions and city governments across a range of industries from fashion and ecommerce, financial services, retail, food and beverage and technology services. Prior to law school, Sulina worked in the highly interactive fields of journalism, entertainment and digital media. This well-rounded background helps her connect with clients on a personal level, and ensure her advice integrates legal solutions with business practicality.

Before joining Orrick, Sulina was a member of the Privacy & Data Security Group; Entertainment & Media Group; and IP, Information & Innovation Group at Reed Smith, LLP in New York and Washington, D.C.

Thora Johnson Partner, Cyber, Privacy & Data Innovation, Strategic Advisory & Government Enforcement (SAGE)

Washington, D.C. Office

See my bio

D: +1 202 339 8463
M: +1 410 375 0017
E: [email protected]

Practice:

Technology & Innovation Sector
Cyber, Privacy & Data Innovation
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Thora Johnson Partner

Washington, D.C. Office

Thora Johnson is co-chair of Orrick's Life Sciences Group. She helps clients navigate emerging and traditional regulatory challenges in the biotechnology, healthcare and pharmaceutical sectors. She advises on cybersecurity, privacy and healthcare regulatory matters.

Thora has extensive experience counseling clients on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
Part 2 confidentiality requirements applicable to substance abuse records
State health information privacy laws
Medicare/Medicaid compliance
Mental Health Parity and Addiction Equity Act (MHPAEA)
Genetic Information Nondiscrimination Act (GINA)
Affordable Care Act (ACA) compliance
Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans
Price transparency and surprise billing rules applicable to hospitals and health plans

Sundeep Kapur Senior Associate

Washington, D.C. Office

See my bio

D: +1 202 339 8402
E: [email protected]

Practice:

Technology & Innovation Sector

vCard

See full bio

Sundeep Kapur Senior Associate

Washington, D.C. Office

Sundeep Kapur advises on regulatory compliance and investigations, incident response and remediation, commercial transactions and other data initiatives involving complex or emerging technologies. He provides tailored and practical guidance to clients, from startups to global corporations, on various privacy laws and regulatory frameworks, including the FTC Act, California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR).

Sundeep also possesses an in-depth technical and legal understanding of the advertising technology (adtech) ecosystem (e.g., connected TV, linear TV, over-the-top media, desktop, mobile). He participates in adtech working groups and is a key contributor to the development of industry-wide privacy compliance solutions. He advises on compliance with self-regulatory regimes developed by the Network Advertising Initiative (NAI), the Interactive Advertising Bureau (IAB), and the Digital Advertising Alliance (DAA).

Sundeep is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in the United States (CIPP/US).