Data Privacy Liability in the 2020s: Installing Blinds on the Fishbowl

As a member of the Firm's Health Law group and Data Protection, Privacy, and Cybersecurity Team, Andrew advises clients regarding information privacy, security, and compliance strategies by offering practical and actionable advice tailored to fit each client's needs.

Andrew routinely counsels clients with respect to their privacy, cybersecurity, and information practices, including the compliance obligations imposed by the Health Insurance Portability and Accountability Act (HIPAA), 42 CFR Part 2, the California Consumer Privacy Act (CCPA), and global data protection laws such as the General Data Protection Regulation (GDPR). As co-leader of the Firm's GDPR Team, Andrew assists U.S.-based and global organizations with data processing agreements, issues involving international data transfers, and navigating conflicts between foreign privacy laws and U.S. compliance obligations with respect to data use and processing.

In addition to assisting with the development and implementation of customized policies, procedures, and controls, Andrew helps clients identify, evaluate, and manage the risks associated with their privacy and information security practices. Andrew also assists organizations with identifying and addressing data protection and privacy risks through diligence counseling and negotiations in mergers and acquisitions.

During law school, Andrew served as a judicial extern for the Honorable Bernice B. Donald on the United States Court of Appeals for the Sixth Circuit.

Ashley Thomas assists clients in managing cybersecurity, privacy, information security and vendor risks. She advises clients on all aspects of compliance with federal, state and international data privacy and security laws, such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA). Ashley prepares, updates and advises clients on their privacy, data security and incident response policies and procedures, as well as third-party vendor agreements. She regularly counsels clients following data and cybersecurity incidents, including subsequent internal investigations, state and federal notification obligations and associated regulatory and litigation risks. Ashley is a Certified Information Privacy Professional (CIPP/US & CIPP/E) through the International Association of Privacy Professionals (IAPP).

Prior to joining Morris, Manning & Martin, LLP, Ashley worked at multiple Am Law 100 firms, advising clients on all aspects of data privacy and security. Representing clients in the healthcare arena, Ashley advised public health systems, medical device manufacturers and technology companies on data breaches and breach notification risk assessments, as well as on an array of regulatory compliance, licensure and operational matters.

Sonia Siddiqui is an experienced attorney, consultant, and frequent public speaker. Expertise in data privacy (FIP, CIPM, CIPP/US) and technology with a keen interest in the interplays of privacy and blockchain, privacy by design and marketing.

Sonia received her JD from the University of Maryland Francis King Carey School of Law in 2013.

Matthew Buchbinder is an Associate Attorney at North Pursell & Ramos, PLC.