Washington DC
Cosmas provides guidance on issues relating to numerous privacy and cybersecurity laws, including:
Cosmas graduated with honors from Harvard Law School. During law school, he participated in the Berkman Klein Center's Cyberlaw Clinic, completed a clinical placement in the Securities, Financial & Cyber Fraud Unit of the United States Attorney’s Office for the District of Massachusetts, and interned with the Special Assistant for Legal & Legislative Matters to the Secretary of the Navy. Prior to law school, Cosmas served as a submarine officer in the U.S. Navy.
Cosmas is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in the United States (CIPP/US).
Washington DC
Enny provides guidance on matters relating to numerous privacy and cybersecurity laws, including the U.S. state privacy laws in California, Colorado, Connecticut, Utah, Virginia and other states. Her work also includes counseling on compliance with Europe's General Data Protection Regulation (GDPR).
Enny graduated with honors from The University of Washington School of Law. While in law school, Enny served as the Editor-in-Chief of The Washington Journal of Law, Technology and Arts, Co-President of the UW Law and Business Association, Vice President of the UW Black Law Students Association and participated in the UW Law Mediation Clinic.
Los Angeles
Washington DC
She is a trusted adviser to and first call in high-stakes litigation and enforcement matters, including government investigations, regulatory examinations, class action and complex litigation, and internal investigations. Her matters include investigations, examinations, and enforcement actions before the CFPB, FTC, federal and state bank regulators and state attorneys general, including defending a leading bank in one of the CFPB’s first enforcement actions—a joint investigation and enforcement action with the FDIC.
Boston
Anna advises clients on meeting the complex requirements of federal, state, and international privacy frameworks, with particular focus on the needs of cross-border projects.
Prior to joining Orrick, Anna practiced as a barrister in London for ten years, representing clients in cross-border disputes and enforcement proceedings, both in court and international arbitration. Her experience has included matters in India, Japan, Russia, Egypt, Australia, Thailand, and Europe.
New York
Carly counsels clients across several sectors, including health technology, financial services, private equity, insurance, and technology on a range of United States (U.S.) federal and state privacy laws, including, but not limited to:
She also prepares clients for regulatory inquiry and government investigation and provides assessments of privacy and security practices for companies carrying out due diligence in the context of corporate transactions. Carly also maintains an active pro bono practice, which has included helping clients in immigration and criminal justice matters.
Carly has obtained the Certified Information Privacy Professional - United States (CIPP/US) designation from the International Association of Privacy Professionals.
New York; Boston
Matthew helps clients comply with the Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM), the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act of 2018 (CCPA), the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the General Data Protection Regulation (GDPR), the Telephone Consumer Protection Act (TCPA), and state breach notification, biometric privacy, and cybersecurity laws. He counsels on self-regulatory privacy programs, including Binding Corporate Rules, the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPRs); programs covering online behavioral advertising, including the Digital Advertising Alliance (DAA), the European Interactive Digital Advertising Alliance (EDAA), the Interactive Advertising Bureau (IAB), and the Network Advertising Initiative (NAI); and programs covering payment card processing. Matthew also provides compliance solutions for emerging technologies, including artificial intelligence and blockchain.
Matthew’s federal regulatory experience helps clients stay compliant and avoid regulatory scrutiny. His comprehensive data management knowledge helps him counsel beyond the letter of the law and facilitates worldwide expansion, interoperable business processes, and innovative uses of consumer data while maintaining user trust. His all-encompassing, risk-based approach involves developing and executing internal and external policies for the collection, use, disclosure, sharing, retaining, transferring, and destruction of personal information. This includes managing contractual relationships with vendors, employees, acquired entities, and creditors as well as building privacy into companies’ product development life cycle and change management strategies.
Prior to joining Orrick, Matthew was an Enterprise Privacy Solutions Manager for TrustArc (formerly TRUSTe), a San Francisco-based privacy consulting and certification firm, and an adjunct law professor of Privacy Law at Santa Clara University. Matthew is a Certified Information Privacy Manager and a Certified Information Privacy Professional with a specialization in United States privacy law.
Boston
Amy works with digital health companies, health systems and other public and private companies—from new entrants to seasoned organizations—to address regulatory compliance and transactional needs. She also advises investors and collaborates with clients to understand their business goals and tailor practical solutions to help them achieve those objectives. Amy is well-versed in the corporate governance, data privacy, and security and scope-of-practice considerations facing the healthcare industry as it incorporates artificial intelligence (AI) and machine-learning (ML) solutions into clinical workflows. Her practice includes structuring and scaling national telehealth practices across a range of clinical disciplines, including complex collaborative arrangements involving labs, medical device manufacturers, remote patient monitoring solutions and pharmacies.
Amy spends much of her time working with clients on vetting and developing strategic affiliations, joint venture transactions and other novel business arrangements, including developing value-based enterprises and otherwise identifying means to achieve further alignment among stakeholders. She advises on reimbursement issues with respect to federal healthcare programs, private payors and self-pay business models. She also helps develop compliance programs and advises on related protocols and best practices.
In particular, Amy advises on physician self-referral, anti-kickback and other fraud and abuse law matters as well as on patient privacy matters, including HIPAA, 42 CFR Part 2 and corresponding state-level compliance. Amy also assists with internal investigations and assessing and responding to the results, including developing corrective action recommendations and self-disclosures.
A sought-after speaker and prolific writer on some of the most complex and critical issues in healthcare law, Amy shares her insights in publications and presentations across the country. She co-authored chapters in numerous publications, including the telemedicine chapter of the American Bar Association’s Physician Law: Evolving Trends & Hot Topics and a chapter addressing telehealth in the MCLE Massachusetts Health and Hospital Law Manual.
Chambers USA notes that Amy has “deep expertise in matters that impact healthcare providers and healthcare transactions,” “is a terrific resource on a range of regulatory issues” and “an expert in the Stark Law.”
Amy graduated first in her class at UCLA Law and was elected to the Order of the Coif. Prior to law school, Amy served in the U.S. Air Force.
ロンドン
Anna has experience working with global companies on a wide variety of privacy, cybersecurity and data protection matters. She has a particular interest in emerging technologies and their intersection with ethical and social issues associated with her practice.
Anna has contributed a number of articles and thought leadership pieces on current data protection, privacy and information law issues.