Frequently Asked Questions

Solution

Privacy in a Box

Privacy in a Box
Got data? Of Course You Do! Data is the biggest opportunity of the next decade. But it also can be the biggest risk if you’re not organized to ...

Podcast Series

Take 5 for Privacy

Take 5 for Privacy | An Orrick Public Policy Podcast Series
This monthly podcast series asks experts in the privacy world five questions to help advance important policy discussions and initiatives.

Contacts

Heather Egan Sussman

Practice:

  • Technology & Innovation Sector
  • Finance Sector
  • Energy & Infrastructure Sector
  • Cyber, Privacy & Data Innovation
  • Global Compliance & Regulatory
  • Government Investigations and Enforcement Actions
  • Technology & Innovation
  • Fintech
  • Environmental, Social & Corporate Governance (ESG)
  • Strategic Advisory & Government Enforcement (SAGE)

Heather Egan Partner

Boston

Heather Egan is the Business Unit Leader for Orrick’s Strategic Advisory & Government Enforcement (SAGE) Business Unit. Heather focuses on cybersecurity, privacy and information management. A strategic advisor to clients, she is ranked by Chambers USA, Chambers Global and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she “understands all the business issues and the dynamics of how to implement privacy programs [and is] extraordinarily thoughtful, very pragmatic and responsive.”

Heather partners with clients to reduce the risk of privacy and security incidents. In the event of an incident, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries. She provides comprehensive crisis management support and companies rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties. 

To help clients navigate complicated global regulatory compliance challenges, she leads comprehensive cybersecurity and privacy assessments worldwide, vets risks in corporate transactions, conducts internal investigations stemming from data incidents, and  drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data. Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes.

8590_740x360

Practice:

  • Technology & Innovation Sector
  • Cyber, Privacy & Data Innovation
  • Technology Companies Group
  • Internet of Things
  • Strategic Advisory & Government Enforcement (SAGE)

Emily S. Tabatabai Partner

Washington, D.C.; Houston

Emily S. Tabatabai is a partner and founding member of Orrick’s global Cyber, Privacy & Data Innovation Group. She has been recognized by Chambers USA as “an invaluable resource to have when it comes to data privacy and security,” particularly in matters involving state privacy laws, education technology (EdTech) and children’s privacy.

Emily provides strategic counseling and advice on privacy, consumer protection and online safety matters to clients across industries, including retail, ecommerce, mobile apps, gaming, social media, advertising technology (adtech), financial services, education, business services and technology. She also represents clients subject to regulatory investigations, including before the FTC and States Attorneys General, Congressional committees and other regulatory agencies and groups.

Emily provides proactive compliance guidance, and regulatory investigation defense, on a variety of privacy and consumer protection laws, including:

  • U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Online safety laws for kids and teens, including California Age-Appropriate Design Code Act (AADC), Utah Social Media Regulation Act and others
  • Section 5 of the Federal Trade Commission Act (FTC Act) and state unfair and deceptive acts and practices (UDAP) laws
  • Family Educational Rights and Privacy Act (FERPA)
  • California’s Student Online Personal Information Protection Act (SOPIPA), New York’s Education Law 2-d and other state student data privacy laws
  • Illinois’ Biometric Information Privacy Act (BIPA) and other biometric privacy laws
  • Washington My Health My Data Act and other state health privacy laws
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Telephone Consumer Protection Act (TCPA)
  • Telemarketing Sales Rule (TSR)
  • Restore Online Shoppers’ Confidence Act (ROSCA)

Emily is a frequent speaker on data privacy matters, with a particular focus on children’s privacy (COPPA), student data privacy and EdTech and online safety laws for kids and teens. She has been featured as an “Up and Coming” Privacy & Data Security attorney by Chambers USA and Chambers Global. Clients tell Chambers, “She’s been an excellent partner. She has a very good understanding of the practical realities of implementing privacy policies for large companies.” Citing her expertise in the field of educational privacy, student data and EdTech matters, Chambers reports that clients regard her as “very knowledgeable and truly an expert in this space,” with some saying, “On the student data side, she is unmatched,” and The Legal 500 notes that Emily “is the first port of call for child- and student-directed service providers for compliance advice with COPPA, SOPIPA and CalOPPA regulations.”

Emily also has an active consumer protection practice, focused on marketing and promotional issues. She counsels clients on advertisements and endorsements, retail sales and e-commerce, advertising substantiation, SMS and telemarketing, social media and online advertising.

396781

Practice:

  • Technology & Innovation Sector
  • Cyber, Privacy & Data Innovation
  • Technology Transactions
  • Global Compliance & Regulatory
  • Government Investigations and Enforcement Actions
  • Environmental, Social & Corporate Governance (ESG)
  • Strategic Advisory & Government Enforcement (SAGE)

Shannon Yavorsky Partner

San Francisco; London

Shannon Yavorsky is the head of Orrick’s global Cyber, Privacy & Data Innovation group and a leading authority on United States (U.S.) and European (EU) privacy, cybersecurity and artificial intelligence (AI) issues. She is uniquely qualified in California, England and Wales and helps global companies navigate the increasingly complex global privacy, cybersecurity and artificial intelligence regulatory landscape.

She advises public and private companies across several sectors, including life sciences and health technology, financial services, private equity, insurance, social media and technology on a range of EU and U.S. federal and state privacy laws. Shannon’s strategic counseling advice includes, but is not limited to:

  • Advertising and payment card processing self-regulatory frameworks
  • Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
  • Electronic Communications Privacy Act (ECPA)
  • EU Artificial Intelligence Act
  • EU e-Privacy Directive
  • EU General Data Protection Regulation (GDPR)
  • Fair Credit Reporting Act (FCRA)
  • Gramm–Leach–Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework
  • Telephone Consumer Protection Act (TCPA)
  • U.S. state breach notification laws
  • U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)

Shannon also helps clients undertake comprehensive privacy, cybersecurity and artificial intelligence risk assessments, evaluates privacy, security and artificial intelligence risks in corporate transactions and drafts and negotiates data-related contracts. She advises clients on cross-border data transfers, data breaches and developing global privacy and artificial intelligence compliance programs.