Susan is a Certified Information Privacy Professional. She has achieved two certifications from the International Association of Privacy Professionals: one in privacy laws (CIPP/US), and another in data privacy and protection management (CIPM).
CCPA, FCRA, GLBA, Dodd Frank, TCPA, HITECH, AML, CAN-SPAM, HIPPA, PIPEDA, GDPR: these are the acronyms for the various consumer, financial and privacy laws Susan counsels on regarding data access requests, disclosures and privacy risk assessments. Susan advises on applicable data protection practices, reporting requirements and drafts appropriate documentation such as notices and disclosures for websites, business agreement provisions, and employee or independent contractor relationships. Susan can also help you with achieving compliance in data protection programs by developing policies, standard contractual provisions and disclosures and educational workshops for management, leadership, business units and staff.
Experienced in conducting business via virtual and cloud platforms, Susan also advises on best practices for data protection, management and storage, and preserving confidentiality in work from home and remote environments. Susan works directly with clients, and also provides consultations to other professionals for their client matters.
As Privacy Counsel, Susan handles a broad range of responsibilities providing legal guidance on global projects affecting privacy, data protection and security. Experienced in providing advice to clients on different legal risks and obligations under privacy and data security laws in the U.S. and Europe (including CCPA and GDPR), Susan advises on and helps clients manage internal privacy policies, procedures and data lifecycle, security and privacy. Susan proactively helps to minimize risk of a breach by developing, enhancing, and scaling your existing global privacy program from privacy operations and documentation to employee training on data privacy and security to policy enforcement as well as privacy compliance program monitoring, auditing and conducting third-party risk assessment(s). More specifically, duties Susan can handle for your business or organization in data privacy and protection are:
Incident Response. Should you have already discovered a possible data incident at your business or organization, Susan can direct forensic investigation of the situation under the privilege and work product protections. Among the other matters Susan can handle for you in this realm:
Third Party Vendor Relationships. Outsourcing business functions as well as engaging in cloud service providers has become commonplace during the pandemic. Before engaging in a contractual relationship with a third party vendor wherein personal information of a customer, client or patient is to be shared, it is important to confirm that appropriate data protections and privacy policies are followed by the vendor. The checklist of items below is an example of factors that can impact the Third Party Vendor relationship. Susan can advise on your specific third party vendor relationship and the applicable laws as well as help you negotiate appropriate protections in your contract.
This website provides general information about legal issues and developments in the law. Such materials are for informational purposes only and may not reflect the most current legal developments. These informational materials are not intended, and must not be taken, as legal advice on any particular set of facts or circumstances. You need to retain an attorney for advice on specific legal issues.