Shannon Yavorsky

She advises public and private companies across several sectors, including life sciences and health technology, financial services, private equity, insurance, social media and technology on a range of EU and U.S. federal and state privacy laws. Shannon’s strategic counseling advice includes, but is not limited to:

• Advertising and payment card processing self-regulatory frameworks
• Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
• Electronic Communications Privacy Act (ECPA)
• EU AI Act
• EU e-Privacy Directive (EPD)
• EU General Data Protection Regulation (GDPR)
• Fair Credit Reporting Act (FCRA)
• Gramm–Leach–Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• National Institute of Standards and Technology (NIST) AI Risk Management Framework (AIRMF)
• Telephone Consumer Protection Act (TCPA)
• U.S. state breach notification laws
• U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)

Shannon also helps clients undertake comprehensive privacy, cybersecurity and AI risk assessments, evaluates privacy, security and AI risks in corporate transactions and drafts and negotiates data-related contracts. She advises clients on cross-border data transfers, data breaches and developing global privacy and AI compliance programs.