Data Privacy + Cybersecurity Compliance

As a Certified Information Privacy Professional, Kathryn helps clients comply with all state and federal regulations related to data privacy and cybersecurity. She counsels clients facing government investigations over alleged non-compliance. She advises clients on the development of privacy and security plans, and how to best handle high-risk data to avoid breaches and cyber intrusions. Kathryn helps clients review, revise, and implement necessary policies and procedures under the California Consumer Privacy Act and other state consumer protection laws, the Health Insurance Portability and Accountability Act (HIPAA), Telephone Consumer Protection Act, the Children's Online Privacy Protection Act, Family Educational Rights and Privacy Act, and other federal and state laws and regulations. She assists businesses and organizations with measures to protect the security and confidentiality of personal and sensitive information, as well as proprietary data and intellectual property. Kathryn assists with the development of website and mobile app privacy policies and terms and conditions of use, as well as assessing risk with website tracking and pixel technology. She also assists clients in the negotiation of technology and software contracts to reduce risk and ensure that third-party vendors implement appropriate, and required, privacy and security safeguards and processes. Kathryn also collaborates with clients’ business teams and third-party consultants in negotiating these vendor contracts.

Information Governance + Record Management

Kathryn assists clients in building a strong foundation for their information governance program to drive efficiency and reduce risk related to unnecessary data and information storage. She assists clients with data mapping and classification, retention and destruction policy development and implementation, vendor management, data privacy and security compliance programs, training and ongoing support, and maintenance of information governance initiatives. The team has been recognized as a Verified Organization by ARMA International.

Artificial Intelligence Governance + Compliance

Kathryn advises clients developing AI governance programs, evaluating AI tools, negotiating AI vendor contracts, and implementation of AI platforms (such as Co-Pilot). She assists businesses with mapping of their organization’s AI use, preparation of policies and procedures, including acceptable use, adopting a methodology to comply with applicable laws for AI software and algorithm development, creating a cross-functional governance committee, updating employee handbooks and codes of conduct, training, risk assessments, and state and federal law surveys such that clients stay apprised of this ever-changing space.

Unmanned Aerial Systems + FAA Compliance

Kathryn advises clients on all legal issues surrounding the use of commercial drones, including navigation of Federal Aviation Administration regulations, commercial registration requirements, and Part 107 waivers. She reviews and prepares employee and subcontractor agreements for the piloting and use of drones. She advises commercial businesses on insurance options for adequate coverage for drone use. Kathryn is well-versed on various local and state laws, regulations, and ordinances which apply to a business’ drone use. She assists clients with privacy and cybersecurity policies, procedures and programs to mirror the National Telecommunications and Information Administration’s voluntary best practices, as well as other industry standards. Kathryn also handles drone-related litigation, such as claims involving manufacturing defects, personal injury, or property damage. She has given numerous presentations about implementing UAS into company infrastructure and privacy and cybersecurity issues related to drone use.

HIPAA Compliance

Kathryn counsels clients on HIPAA compliance, including assisting with employee training, and providing guidance on the implementation of required and recommended Privacy Rule and Security Rule policies and procedures.

Security Incident + Data Breach Preparedness + Emergency Response

Kathryn provides clients with the information needed to effectively handle potential and confirmed data breaches and cyber-attacks, including insight into state and federal regulations and requirements. If a client suffers a data breach, she assists with the follow-up response, including notification, remediation, and litigation.

Privacy + Class Action Litigation + Enforcement

If a data breach, cybersecurity issue, or consumer privacy rights complaint results in litigation or an enforcement action, Kathryn represents clients in court and before government regulatory agencies. This includes assisting clients with matters related to unauthorized access, use or disclosure of health, financial, or personal information, consumer privacy rights violations under state laws like the California Consumer Privacy Rights Act and the Connecticut Data Privacy Act, and website tracking claims under state and federal wiretap statutes.

Pro Bono + Community Involvement

Kathryn is committed to doing pro bono work and being involved in the community. Her recent efforts include assisting Wellbeing Action for Youth, a non-profit which works to help students focus and succeed through mindfulness practice in the classroom, and College Visions, which helps low-income students pursue a college education.

She writes for two of our firm’s blogs, Data Privacy + Cybersecurity Insider and Health Law Diagnosis.