New York
She has partnered with start-ups and Fortune 500 companies to develop comprehensive privacy and cybersecurity policies and procedures that comply with U.S., EU and UK law and self-regulatory frameworks, including U.S. state privacy laws; the EU and UK General Data Protection Regulation (GDPR); the CAN-SPAM Act; the Telephone Consumer Protection Act (TCPA); the Federal Trade Commission Act (FTC Act); and the Health Insurance Portability and Accountability Act (HIPAA).
Bianca helps clients prepare for and respond to crisis security incidents, including by advising on personal data breach notification obligations, working closely with cyber forensics experts, engaging with law enforcement, and responding to regulatory inquiries.
She also provides clients with practical guidance in complex and multijurisdictional corporate transactions to help navigate attendant privacy and cybersecurity risks.
Washington, D.C.
Cosmas provides guidance on issues relating to numerous privacy and cybersecurity laws, including:
Cosmas graduated with honors from Harvard Law School. During law school, he participated in the Berkman Klein Center's Cyberlaw Clinic, completed a clinical placement in the Securities, Financial & Cyber Fraud Unit of the United States Attorney’s Office for the District of Massachusetts, and interned with the Special Assistant for Legal & Legislative Matters to the Secretary of the Navy. Prior to law school, Cosmas served as a submarine officer in the U.S. Navy.
Cosmas is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in the United States (CIPP/US).
Santa Monica
Sherry’s clients include banks, mortgage originators and servicers, mortgage brokers, commercial lenders, bank holding companies, private equity firms, investment advisors, investment managers, finance companies, fintechs, consumer reporting agencies, data brokers, debt collection companies and related service providers.
She is a Certified Information Privacy Professional (CIPP/US), and was a member of the Mortgage Bankers Association’s 2016 class of Future Leaders and the California Mortgage Bankers Association’s 2014 class of Future Leaders.
Prior to joining Orrick, Sherry was a partner at Buckley LLP. She has been an associate in private practice. She also clerked for the Honorable Jeanette J. Clark in the Superior Court of the District of Columbia.
Seattle
He brings significant experience advising companies – from one of the largest telecommunications providers to leading entertainment companies to startups on the cutting-edge of AI and more – on the full cycle of an incident. He also advises companies and executives in connection to regulatory investigations, class actions, enforcement actions, and other disputes that frequently flow from privacy and cybersecurity incidents.
Joe helps clients respond quickly and with integrity to protect their brand, build trust and mitigate legal risk. He is highly skilled at directing incident investigations, analyzing potential claims and defenses, examining potential notification obligations and advising on effective communications strategies. He draws on this experience to help companies proactively prepare for an incident through creative strategies that foster engagement and collaboration between legal, security, communications and leadership teams. This includes building and improving incident response programs through response plans, simulated incidents, threat workshops, and training. In addition, Joe assists clients in practically evaluating the legal risk of security decisions in a variety of transactions and across the product lifecycle.
He also provides strategic advice to cybersecurity companies, including those looking to push technological and defense boundaries in cyber defense, incident response, and threat intelligence. This includes helping companies maximize their security offerings by navigating the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Federal Wiretap Act, as well as state law analogs.
Joe serves on Orrick’s Finance and Audit and Pro Bono Committees. A leader and advocate for diversity and inclusion initiatives, Joe is the co-head of Orrick’s Latinx Inclusion Network and was selected as a 2024 Rising Star by the Minority Corporate Counsel Association (MCCA). He was also named to Lawdragon's 2024 500 X Next Generation Rising Stars List and an Rising Star by the Minority Corporate Counsel Association (MCCA). He is a member of the Washington Latino Bar Association and the Hispanic National Bar Association.
Düsseldorf
Christian helps clients consider the privacy and artificial intelligence implications of new technology, supports their compliance programs, and helps them stay ahead of enforcement trends. One particular focus of his work deals with internal data transfer agreements, external data transfers with external providers, and product launches that comply with international data protection standards, as well as privacy requirements for connected cars. Furthermore, Christian provides guidance on privacy and data protection considerations for developing, acquiring, using, licensing and selling technology, data and intellectual property, including M&A transactions and IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues, as well as on hard and software license and information technology (IT) project agreements.
Christian maintains strong working relationships with German data protection authorities and EU regulatory authorities with jurisdiction over privacy and data security matters. He effectively defends companies in cybersecurity and privacy-related investigations initiated by EU regulatory authorities. He also engages with authorities on behalf of clients and helps clients avoid proceedings and possible litigation. When litigation can't be avoided, Christian vigorously defends his clients.
For companies facing global cybersecurity incidents, Christian helps with crisis mitigation, including counseling on notification requirements, coordinating media strategies, and representing clients before data protection authorities in related regulatory investigations.
Christian regularly contributes practical thought leadership to global privacy industry publications and German privacy books and journals. Christian authors the Chapter V (international data transfers) of Germany’s leading GDPR commentary Kühling/Buchner (4th ed.) and is co-author to the Corporate Privacy Handbook (Betrieblicher Datenschutz). As an active member of the Sedona Conference, Christian drives the development and understanding of cross border privacy. He also participates in, hosts and moderates speaking programs with fellow private practitioners, EU data protection authorities, and academics focused on privacy and data security. Legal 500 Germany named Christian one of the top 15 practitioners in 2023 and noted that he is "a pioneer in the legal field, a data protection guru." They also recognized Christian and Orrick as "truly global" and how that it is "vital as they require the various leaders of each region to participate and bring issues to the table as a forum".
Prior to working in private practice, Christian interned with the German Federal Data Protection Commissioner and www.epic.org.
Boston; New York
Tech and consumer-facing clients – from early-stage startups to some of the most recognizable online companies – turn to Caroline to protect their IP, brand, and reputation in litigation. Her expertise includes the fast-evolving areas of Section 230 of the Communications Decency Act and online safety, cybersecurity & data privacy litigation. In the past year, she has litigated more than 60 cases related to platform immunity and she is currently lead counsel in dozens of cases for one of the world's largest tech companies on claims challenging myriad aspects of its online services, including content moderation and product design.
A partner to her clients in crisis management, Caroline also advises them in cyber incident response, government and internal investigations and enforcement actions. Her experience at the intersection of online safety, IP and white-collar litigation gives her breadth of perspective and allows her to work with her clients to problem-solve and effectively manage enterprise risk. Clients appreciate Caroline's ability to collaborate with witnesses, company stakeholders and factfinders – both inside and outside the courtroom – to achieve meaningful results.
Caroline maintains an active pro bono practice, representing clients in Hague proceedings as well as children and refugees in asylum proceedings in conjunction with the Political Asylum / Immigration Representation (PAIR) Project. She has drafted amicus briefs in cases pending before the U.S. Supreme Court and U.S. Circuit Courts of Appeals in the areas of technology, criminal justice, and reproductive rights.
London
Alex’s multidisciplinary practice and transatlantic experience enable him to provide strategic commercial advice for technology led companies, including coordinating and implementing data and consumer risk mitigation projects, providing outsourcing advice and developing key legal risk mitigation strategies in relation to products where the pace of innovation nearly always outpaces the law.
He has advised companies at all stages of the corporate lifecycle, from software development and product launch, through technology licensing, sale and purchase, to mergers and acquisitions of data and tech-heavy businesses. He has assisted organisations with the design, development and implementation of global data protection and compliance policies, as well the management of risk and security associated with data retention, processing and transfer.