Anne S. Peterson

Counsel

Related Content

Practices
Industries
Education
  • Fordham University School of Law, JD, 1991
  • The College of New Jersey, BA, 1983
Admissions
  • New Jersey
  • Pennsylvania
Affiliations
Co-Chair, Internationally Association of Privacy Professionals (IAPP) Pittsburgh KnowledgeNet Chapter

Anne focuses her practice on data privacy and security, incident response, information governance and e-discovery. She routinely advises clients on a broad array of issues related to federal, state and industry compliance, as well as defensible internal policies and procedures to protect and leverage sensitive information.  Anne has handled numerous data breach events from initial discovery to resolution including investigation, federal and state notification analysis, remediation and corrective action.  Her experience spans diverse industry sectors, including energy, healthcare, manufacturing, banking, retail, travel, technology services, education, private equity, global food services and construction.  Anne also routinely counsels international clients regarding global privacy and security, cross-border data transfers and defensible policy implementation.

Anne has particular experience assisting clients with data risk management.  She partners with clients’ IT and legal teams to review and evaluate internal practices related to security, identification of sensitive information across diverse platforms and jurisdictions, data sharing, records retention, information storage, and vendor oversight.  Anne also counsels clients regarding federal and state privacy laws, FTC regulatory compliance, Payment Card Industry Data Security Standards, (PCI/DSS), GLBA, TCPA and COPPA.  In addition, Anne represents clients when e-discovery is required for litigation, investigations and transactional due diligence.

Anne holds the CIPP/US credential as a Certified Information Privacy Professional from the International Association of Privacy Professionals (IAPP). She currently serves as co-chair of the Pittsburgh KnowledgeNet chapter, for which she leads privacy-related educational activities for more than 130 members.

Anne’s role as a trusted data privacy and security counselor has been built over the course of her career, which she began as an IBM systems engineer. This background in consulting and technology provides her with unique skills to counsel clients in the quickly evolving areas of data security, privacy and emerging technologies. She then became a skilled trial lawyer, handling high-volume arbitration and served as first-chair trial counsel for clients in multiple matters. As a result, Anne counsels clients with a focus on defensible practices, policies and procedures to withstand the challenges of litigation.

Anne Peterson
vCard
T: +1 412 667 7910F: +1 412 667 7969Tower Two-Sixty
260 Forbes Avenue
Suite 1800
Pittsburgh, PA 15222-3142

Managed international team of attorneys (EMEA, APAC, Americas) during a divestiture of financial services business lines of one of the  five largest companies in the world. Responsibilities included compliance, due diligence, security, privacy and e-discovery.

Advised a Fortune 10 company regarding comprehensive information management policies and procedures related to information classification, data mapping, privacy and security.  In addition, advised on data remediation to reduce risk in the event of litigation and/or cyber threats.

Represented an international sports equipment manufacturer on defensible data breach response following a cyberattack which compromised the personal information of over 7,000 individuals in 36 countries.  Analyzed federal, state and foreign notification obligations, drafted legal holds and preservation notices, assisted with FBI notification, and investigated vendor liability.  This matter included the development of a public relations strategy, as well as media holding statements.

Counseled critical infrastructure utility regarding data breach preparedness and response to ensure efficient and legally defensible procedures in the event of a cyber-attack. Representation also included a comprehensive review and revision of policies related to employee use of systems, internal and external social media policies and procedures, information classification, and electronic/physical security procedures.

Counseled global student travel company regarding PCI/DSS compliance including the development of a Written Information Security Plan incorporating all requirements of the PCI/DSS Standards. Assist client with defensible information management policies and procedures including a Global Privacy Policy, Data Breach Response Plan, Mobile Privacy Policies and internal policies related to Acceptable Use and E-Communications for 27 locations in the U.S., EMEA and APAC (particular focus on Mexico and Canada).

Representation of the largest, privately owned, U.S. department store (more than 300 stores nationwide; $3.5 billion in sales) regarding privacy policies (website and mobile), Terms of Use (across all platforms) and classification of customer data to ensure applicable federal and state regulations were identified and compliant safeguards implemented. In addition, we assisted this client with data breach response procedures and breach counseling.

Assisted a high profile, national government contractor, with sensitive information identification and classification, as well as data breach response and preparedness planning.  Developed defensible practices for privacy, security, information management, data remediation and training.  

Advised a start-up, global travel company on all aspects of privacy and security including data sharing and leverage, cross border information transfers, TCPA/COPPA/PCI compliance, tracking technologies, privacy notices (global and U.S.) and vendor contract oversight. 

Advised natural gas provider regarding NARUC compliance related to information management, identification of sensitive information and records retention.  Developed defensible procedures for legal holds, compliance training and records remediation.

Advised major bank holding company regarding breach of SWIFT codes related to international documentary collections and applicability of International Chamber of Commerce rules.  

Assisted healthcare company during acquisition of third party provider with regard to data breach discovered prior to closing.  Managed dual track investigation and advised on vendor liability assessment and indemnification.  Also counseled client on state and federal notification requirements, remedial action and closing conditions.   

Advised major food franchise regarding digital wallet gift card program including vendor contract management, privacy and security compliance, indemnification and limitations on liability for breach events.

Advised community bank during data breach including defensible incident response, GLBA analysis and notification obligations.  Post–breach assisted client with the development of defensible information management procedures and practices to reduce risk and provide internal guidelines for compliance with privacy, security and retention requirements.

Counseled seventh largest automobile manufacturer on e-discovery best practices for litigation involving data in Europe, Asia and the U.S. Devised compliant cross border data flows and review processes for efficient and cost effective discovery, review and production.

Assisted client with Preliminary Injunction against contractor for hijacking of domain name and website under the Computer Fraud and Abuse Act, Lanham Act and state statutes governing conversion, unfair trade practices and computer trespass.

Assisted hospital system with data breach investigation during sale of corporate assets.  Managed dual track investigation, including witness interviews and event forensic examination.  Advised on notification obligations and vendor liability.

Managed e-discovery for world’s largest brokerage firm in government investigations (BSA, AML and fraud) and developed corporate matter tracking system for budgeting and metrics.

Completed information compliance procedures for all U.S. business lines (investment services, broker dealer, auto finance, mortgage, commercial and consumer banking, etc.) for second largest bank in Canada.

Completed records retention project for largest global fast food company for U.S. operations.

Advised one of the top three car rental corporations on matters related to Foreign Corrupt Practices Act, Anti-Money Laundering compliance and Anti-Boycott regulations.

Advised global, number one ranked copier and print services company on legal hold procedures and e-discovery project management.

Developed compliant retention schedules and data migration procedures for the number one ranked clothing retailer for U.S. and Canadian information and records.

Developed and implemented information management policies, compliant records schedules and data maps for the fourth largest school district in the U.S.

Advised second largest government pension system in the U.S. regarding pension records compliance.

Managed a broad spectrum of e-discovery projects and productions for sixth largest bank in the U.S. in commercial litigation matters and government investigations.

Advised global top ten information management/archiving client on data policies, defensible retention procedures, procedures and email compliance.

Counseled international pharmaceutical companies on FDA and general records compliance.

Advised global analytics company on PII policies and procedures, asset identification and records compliance.

Advised international food testing company on information management policies and procedures and records compliance.

Advised top five internet service provider on records compliance and defensible information remediation.

Counseled international power plant construction company on records compliance and data mapping.

Developed and implemented records management and retention policies for one of the world’s largest charitable organizations (pro bono).

Advised clients on parent/subsidiary discovery obligations and legal/technical strategies to avoid production by non-party subsidiaries.

Co-author, "Legal and Technical Strategies to Protect Non-Party Corporate Affiliates From Additional Discovery Exposure," Bloomberg BNA Digital Discovery & e-Evidence, April 24, 2014
Co-author, "E-discovery: Top 5 considerations for ethical preservation in e-discovery," Inside Counsel, August 21, 2012
Co-author, "Predictive Coding Primer," 11 DDEE 429, The Bureau of National Affairs, Inc., November 27, 2011
Speaker, SEC Compliance and Disclosure Update, McGuireWoods LLP SEC Practice Complimentary Webinar Series, April 18, 2017
Speaker, "Data Breach Prevention and Response: An Interactive Simulation," The Data Privacy and Security Puzzle: Do You Have All the Pieces?, November 3, 2016
Speaker, "Spring into Action! How to Implement an Effective Data Breach Response Plan," IAPP Pittsburgh KnowledgeNet, April 21, 2016
Speaker, "Is Email Always Unethical?," LegalTech New York, February 5, 2015
Speaker, "Cooperate or Pay the Price: A Mock Meet & Confer Session," E-Discovery Update 2014, April 10, 2014
Speaker, "E-Discovery Update 2014," Pennsylvania Bar Institute Internet Law Update, April 10, 2014
Speaker, "Computer Forensics – Beyond the Basics," Legal Learning Series’ 2013 EDiscovery Leadership Conference, November 15, 2013
Speaker, "E-Discovery Practitioners in the Hot Seat," E-discovery Practice Support: Learning the Skills to Move Ahead, Georgetown Law School, Advanced E-Discovery Institute, November 4, 2011