Heather Egan Sussman is Global Co-chair of Orrick’s Cyber, Privacy & Data Innovation practice, and the leader of Orrick’s Boston Office. Her practice focuses on privacy, cybersecurity and information management, and she is ranked by Chambers USA and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she is “generous with her time and endeavors greatly to educate her clients and understand a given client’s risk profile."

Heather routinely guides clients through the existing patchwork of laws impacting privacy and cybersecurity around the globe.  In the U.S. this includes advising on federal and state laws such as FCRA, ECPA, TCPA, HIPAA, CAN-SPAM, GLBA, California’s Consumer Privacy Act, state breach notification laws, and state data security laws, as well as existing self-regulatory frameworks, including those covering online advertising and payment card processing. Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes.  She drafts online privacy notices for global rollout and implements data transfer mechanisms for the free flow of data worldwide.

Heather also helps clients develop and achieve their data innovation strategies, so they can leverage the incredible value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, meet security needs and solidify brand and consumer trust.

Heather devotes a significant part of her practice to helping clients reduce the risk of privacy and security incidents, and she offers a comprehensive menu of services designed to do just this.  In the event of a privacy or security breach, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries.  Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties.

Heather guides clients through comprehensive privacy and cybersecurity assessments worldwide, vets privacy and security risks in corporate transactions, conducts internal investigations stemming from data incidents, and she drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data.

Her clients come from diverse business sectors, including technology, financial services, retail, consumer products, energy and infrastructure, healthcare and life sciences, manufacturing, food and beverage, media, academic institutions, service industries.

Heather frequently writes on current privacy and information security issues before trade and legal organizations and has been quoted in hundreds of major news outlets, including MSNBC.comABCNews.comThe New York TimesThe Los Angeles TimesBloomberg BusinessWeekThe San Francisco ChronicleWashington TimesHouston Chronicle.
    • Performed privacy, security and digital needs assessment for consumer products company with operations in more than 100 countries around the globe.
    • Managed a team providing advice to a U.S.-based technology company on privacy and security compliance relevant to planned expansion in Europe, Middle East, Africa and Asia.
    • Developed a global privacy program for a major food products company operating in more than 40 countries around the globe. 
    • Created and implemented a successful “bring your own device” global strategy for a major multinational in the healthcare industry.
    • Performed a privacy and security compliance assessment for a U.S. public company in the manufacturing industry, which has operations spanning four continents. 
    • Advised a major academic institution on the full range of acceptable information use and sharing practices in light of the differing ways and roles in which the university may receive information, including on-campus clinics, campus police, admissions, hosting e-mail and social media platforms, and more.
    • Addressed privacy and security aspects for a U.S. and EU rollout of a popular mobile application and provide continuing support through the rollout of additional versions, features and technologies, particularly as the company contemplates new data uses.
    • Guided multiple major multinational corporations through U.S./EU/Swiss Safe Harbor certification and re-certification.
    • Advised a major U.S. healthcare provider on integrating federal contracting requirements to existing privacy and security compliance program.
    • Drafted and revised a website privacy statement of an intelligent media company to address data collection use and disclosure through multiple platforms, including website, mobile, and social as well as integrating client's existing safe harbor policy.
    • Developed a privacy and security infrastructure for companies in a broad array of business sectors in connection with the implementation of U.S. state and federal privacy and security laws and regulations.
    • Successfully resolved numerous U.S. state and multi-state attorney general investigations following data incidents, including security breaches.
    • Successfully litigated claims against departing executives absconding with client confidential information, including regulated data.
    • Regularly advises both small and large financial institutions, healthcare institutions, and other general industry companies that have experienced security breaches and other security events involving personal data.

市场洞察

活动

新闻