Privacy: What Does Good Enough Look Like?
Colorado, California, and Virginia all adopted privacy laws for businesses last year and Utah and Connecticut are on track to become the next two states to pass laws this year. With sometimes conflicting requirements in each state, creating operations that meet the expectations of each state is becoming increasingly burdensome. So, what’s good enough for a business that conducts business across borders?
This session will be led by Liz Harding and Romaine Marshall.
Liz Harding, Vice Chair of Polsinelli's Technology Transactions & Data Privacy practice, is a dual-qualified attorney in Colorado and the United Kingdom who counsels clients on data privacy, advertising and technology licensing matters. Prior to practicing in the U.S., she practiced law in the U.K. for over 10 years, mainly focusing on EU and UK privacy matters. Liz has significant experience counseling clients on how to comply with their enterprise-wide privacy obligations, including the GDPR, CCPA, and other US federal and state, and international, privacy and cybersecurity regulations. Using a risk-based approach to privacy compliance, Liz provides business-focused, and pragmatic advice underpinned by over 20 years’ experience.
Romaine Marshall, as an experienced cybersecurity lawyer at Polsinelli, works with clients to help protect their data and their businesses and reputations from cybersecurity and data privacy incidents and represents them when legal actions or regulatory investigations result. His twenty years of experience as a litigation and trial attorney enables him to advise clients about their legal and compliance obligations and represent them in the aftermath of reporting requirements and investigations. Romaine has represented clients in response to hundreds of cybersecurity incidents involving data breaches, malware attacks, cryptocurrency, misconfigurations, wire fraud, social engineering and other exploits. Before, during and after incidents, Romaine works with clients to reduce potential legal exposure by developing industry-specific policies and procedures, directing risk assessments and developing written information security programs based on evolving laws, regulations and industry standards.