Frequently Asked Questions

Contacts

Heather Egan Sussman

Practice:

  • Cybersécurité et confidentialité des données
  • Conformité & Règlementation
  • Investigations internationales et mesures d'application
  • Technology
  • Fintech
  • Environmental, Social & Corporate Governance (ESG)

Heather Egan Sussman Partner Cybersécurité et confidentialité des données, Conformité & Règlementation

Boston

Heather Egan Sussman focuses on cybersecurity, privacy and information management. A strategic advisor to clients, she is ranked by Chambers USA, Chambers Global and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she “understands all the business issues and the dynamics of how to implement privacy programs [and is] extraordinarily thoughtful, very pragmatic and responsive.”

Heather partners with clients to reduce the risk of privacy and security incidents. In the event of an incident, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries. She provides comprehensive crisis management support and companies rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties. 

To help clients navigate complicated global regulatory compliance challenges, she leads comprehensive cybersecurity and privacy assessments worldwide, vets risks in corporate transactions, conducts internal investigations stemming from data incidents, and  drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data. Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes.

8590_740x360

Practice:

  • Litigation & IP Sector
  • Technology Sector
  • Cybersécurité et confidentialité des données
  • Technology Companies Group
  • Internet of Things

Emily S. Tabatabai Partner Cybersécurité et confidentialité des données, Technology Companies Group

Washington, D.C.; Houston

Emily S. Tabatabai is a partner and founding member of Orrick’s global Cyber, Privacy & Data Innovation Group. She has been recognized by The Legal 500 for her "extraordinary depth of knowledge in student data privacy matters," and by Chambers USA as "an invaluable resource to have when it comes to data privacy and security."

Emily advises clients on an array of privacy and data management matters, helping clients navigate the complex web of privacy laws, rules, regulations and best practices governing the collection, use, transfer and disclosure of data and personal information. Emily works closely with client business teams and in-house counsel to assess and manage privacy risks, design and deploy compliance programs and implement privacy-by-design approaches to address key compliance objectives while supporting each client’s data innovation strategies and the development and use of cutting-edge digital technologies. She frequently guides child and student-directed service providers through the complexities of compliance with the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), California’s Student Online Personal Information Protection Act (SOPIPA) and similar state student privacy laws. Emily represents clients subject to regulatory investigations and litigation. She also advises companies across the industry spectrum as they work towards compliance with federal and state laws, including:

  • California Online Privacy Protection Act (CalOPPA)
  • California Consumer Privacy Act (CCPA)
  • COPPA
  • California Privacy Rights Act (CPRA)
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Section 5 of the Federal Trade Commission Act (FTC Act)
  • Virginia Consumer Data Protection Act

Emily also has an active consumer protection practice, focused on marketing and promotional issues. She counsels clients on interest-based advertising, sweepstakes and marketing promotions, retail sales and e-commerce platforms, advertising substantiation, new media and social media integration, and SMS text messaging and telemarketing, including matters involving the Telemarketing Sales Rule (TSR), the Telephone Consumer Protection Act (TCPA), the Restore Online Shoppers’ Confidence Act (ROSCA) and state and federal consumer protection statutes.

Emily is a frequent speaker on data privacy matters, with a particular focus on children’s privacy (COPPA), student data privacy and EdTech. She has been featured as an “Up and Coming” Privacy & Data Security attorney by Chambers USA and Chambers Global. Clients tell Chambers, “she's been an excellent partner. She has a very good understanding of the practical realities of implementing privacy policies for large companies.” Citing her expertise in the field of educational privacy, student data and ed-tech matters, Chambers reports that clients regard her as “very knowledgeable and truly and expert in this space,” with some saying, “On the student data side, she is unmatched.”

Emily is a Certified Information Privacy Professional in both U.S. and European privacy law (CIPP/US and CIPP/E) and a member of the International Association of Privacy Professionals (IAPP) Publications Advisory Board.

396781

Practice:

  • Technology Sector
  • Cybersécurité et confidentialité des données
  • Technology Transactions
  • Conformité & Règlementation
  • Investigations internationales et mesures d'application
  • Environmental, Social & Corporate Governance (ESG)

Shannon Yavorsky Partner Cybersécurité et confidentialité des données, Technology Transactions

San Francisco; Londres

Shannon K. Yavorsky is a leading authority on United States (U.S.) and European data privacy and security issues. She is uniquely qualified in California, England and Wales and Ireland and helps clients navigate the increasingly complex global privacy and data security regulatory landscape.

Shannon Yavorsky is the head of Orrick's global Cyber, Privacy & Data Innovation Group. Shannon advises clients on a broad range of United States (U.S.) and European data privacy and cybersecurity issues, including emerging issues surrounding the California Privacy Rights Act (CPRA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the e-Privacy Directive. She helps clients undertake comprehensive privacy and cybersecurity assessments worldwide, evaluates privacy and security risks in corporate transactions and drafts and negotiate data-related vendor and arrangement contracts. She also counsels clients on cross-border data transfers, data breaches and developing global privacy compliance programs. She has significant experience with model contract clauses, privacy policies, website terms and conditions, data processing agreements and privacy and security issues in corporate transactions.

In addition to the GDPR, CPRA and CCPA, Shannon advises on an array of privacy and security laws and regulations, including:

  • Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
  • Electronic Communications Privacy Act (ECPA)
  • Fair Credit Reporting Act (FCRA)
  • Gramm–Leach–Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Telephone Consumer Protection Act (TCPA)
  • State breach notification laws
  • Advertising and payment card processing self-regulatory frameworks

Shannon also has an active general consumer protection practice and counsels clients on interest-based advertising, sweepstakes and marketing promotions, retail sales and e-commerce platforms. Her clients are multinational clients across diverse industry sectors, with an emphasis on technology, financial services, retail, staffing, advertising, healthcare, and automotive.