Mike advises clients on a diverse range of global privacy and information security issues. A significant focus of his practice is assisting a variety of clients, from multinational companies to startups, with evaluating and managing privacy and cybersecurity risks and policy issues. Much of his work has centered on navigating complex privacy and cybersecurity issues on behalf of companies in the financial services industry as well as companies engaged in cutting-edge technologies and information practices, such as AI/machine learning, biometrics, geolocation tracking, and Internet of Things (IoT) devices.

Mike has extensive experience advising clients on compliance with federal, state, and international privacy and data security laws. He also regularly assists companies with building and implementing their privacy and information security programs and addressing related governance issues, including developing written policies and procedures; designing incident response programs and conducting breach response preparedness activities; developing cross-border data transfer solutions; preparing data protection impact assessments; and developing and enhancing vendor management programs. He also regularly assists clients with negotiating and drafting privacy and data security terms in commercial contracts and M&A transactions.

Mike’s practice also focuses significantly on helping clients manage large-scale cybersecurity incidents, including advising on data breach response and notification obligations, providing advice regarding communications strategies, engaging third-party experts, and responding to US and international regulatory inquiries and investigations.

Mike also has significant experience advising clients on electronic monitoring and surveillance issues, including legal issues and risks associated with the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA).

Mike is a certified information privacy professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).

In addition, Mike maintains an active pro bono practice. He has represented pro bono clients in asylum cases and has advised a variety of issues, including privacy and cybersecurity obligations and US national security policies and regulations.

Relevant Experience

• Advising numerous clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act (CPRA), and the Virginia Consumer Data Protection Act, including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
• Advising multiple technology and financial services companies, on developing and managing global privacy programs, including assessing global legal requirements and developing compliance roadmaps, conducting data protection impact assessments, implementing privacy governance structures, designing policies and procedures, and creating training programs.
• Advising financial services clients on compliance and managing risk associated with privacy, data security, and incident response requirements, including under the Gramm-Leach Bliley Act and its implementing regulations and guidance and the New York State Department of Financial Services cybersecurity regulations.