Anne focuses her practice on data privacy and security, incident response, information governance and e-discovery. She routinely advises clients on a broad array of issues related to federal, state and industry compliance, as well as defensible internal policies and procedures to protect and leverage sensitive information.
Anne has handled numerous data breach events from initial discovery to resolution including investigation, federal and state notification analysis, remediation and corrective action. Her experience spans diverse industry sectors, including energy, healthcare, manufacturing, banking, retail, travel, technology services, education, private equity, global food services and construction. Anne also routinely counsels international clients regarding global privacy and security, cross-border data transfers and defensible policy implementation.
Anne has particular experience assisting clients with data risk management. She partners with clients’ IT and legal teams to review and evaluate internal practices related to security, identification of sensitive information across diverse platforms and jurisdictions, data sharing, records retention, information storage, and vendor oversight. Anne also counsels clients regarding federal and state privacy laws, FTC regulatory compliance, Payment Card Industry Data Security Standards, (PCI/DSS), CCPA, GDPR, GLBA, TCPA and COPPA. In addition, Anne represents clients when e-discovery is required for litigation, investigations and transactional due diligence.
Anne holds the CIPP/US credential as a Certified Information Privacy Professional from the International Association of Privacy Professionals (IAPP). From 2015 to 2019 Anne served as co-chair of the Pittsburgh KnowledgeNet chapter, for which she lead privacy-related educational activities for more than 130 members.
Anne’s role as a trusted data privacy and security counselor has been built over the course of her career, which she began as an IBM systems engineer. This background in consulting and technology provides her with unique skills to counsel clients in the quickly evolving areas of data security, privacy and emerging technologies. She then became a skilled trial lawyer, handling high-volume arbitration and served as first-chair trial counsel for clients in multiple matters. As a result, Anne counsels clients with a focus on defensible practices, policies and procedures to withstand the challenges of litigation.
Experience
- Managed international team of attorneys (EMEA, APAC, Americas) during a divestiture of financial services business lines of one of the five largest companies in the world. Responsibilities included compliance, due diligence, security, privacy and e-discovery.
- Advised a Fortune 10 company regarding comprehensive information management policies and procedures related to information classification, data mapping, privacy and security. In addition, advised on data remediation to reduce risk in the event of litigation and/or cyber threats.
- Counseled global consumer good company (over 100 brands worldwide) regarding CCPA and GDPR compliance as well as all policies and procedures related to Information Governance (Incident Response Plan, Written Information Security Program, Records and Information Management Policies, Acceptable Use Policies, Social Media Policies, Bring Your Own Device Policies, etc.).
- Represented an international sports equipment manufacturer on defensible data breach response following a cyberattack which compromised the personal information of over 7,000 individuals in 36 countries. Analyzed federal, state and foreign notification obligations, drafted legal holds and preservation notices, assisted with FBI notification, and investigated vendor liability. This matter included the development of a public relations strategy, as well as media holding statements.
- Counseled critical infrastructure utility regarding data breach preparedness and response to ensure efficient and legally defensible procedures in the event of a cyber-attack. Representation also included a comprehensive review and revision of policies related to employee use of systems, internal and external social media policies and procedures, information classification, and electronic/physical security procedures.
- Counseled global student travel company regarding PCI/DSS compliance including the development of a Written Information Security Plan incorporating all requirements of the PCI/DSS Standards. Assist client with defensible information management policies and procedures including a Global Privacy Policy, Data Breach Response Plan, Mobile Privacy Policies and internal policies related to Acceptable Use and E-Communications for 27 locations in the U.S., EMEA and APAC (particular focus on Mexico and Canada).
- Representation of the largest, privately owned, U.S. department store (more than 300 stores nationwide; $3.5 billion in sales) regarding privacy policies (website and mobile), Terms of Use (across all platforms) and classification of customer data to ensure applicable federal and state regulations were identified and compliant safeguards implemented. In addition, we assisted this client with data breach response procedures and breach counseling.
- Assisted a high profile, national government contractor, with sensitive information identification and classification, as well as data breach response and preparedness planning. Developed defensible practices for privacy, security, information management, data remediation and training.
- Advised a start-up, global travel company on all aspects of privacy and security including data sharing and leverage, cross border information transfers, TCPA/COPPA/PCI compliance, tracking technologies, privacy notices (global and U.S.) and vendor contract oversight.
- Advised natural gas provider regarding NARUC compliance related to information management, identification of sensitive information and records retention. Developed defensible procedures for legal holds, compliance training and records remediation.
- Advised major bank holding company regarding breach of SWIFT codes related to international documentary collections and applicability of International Chamber of Commerce rules.
- Assisted healthcare company during acquisition of third party provider with regard to data breach discovered prior to closing. Managed dual track investigation and advised on vendor liability assessment and indemnification. Also counseled client on state and federal notification requirements, remedial action and closing conditions.
- Advised major food franchise regarding digital wallet gift card program including vendor contract management, privacy and security compliance, indemnification and limitations on liability for breach events.
- Advised community bank during data breach including defensible incident response, GLBA analysis and notification obligations. Post–breach assisted client with the development of defensible information management procedures and practices to reduce risk and provide internal guidelines for compliance with privacy, security and retention requirements.
- Counseled seventh largest automobile manufacturer on e-discovery best practices for litigation involving data in Europe, Asia and the U.S. Devised compliant cross border data flows and review processes for efficient and cost effective discovery, review and production.
- Assisted client with Preliminary Injunction against contractor for hijacking of domain name and website under the Computer Fraud and Abuse Act, Lanham Act and state statutes governing conversion, unfair trade practices and computer trespass.
- Assisted hospital system with data breach investigation during sale of corporate assets. Managed dual track investigation, including witness interviews and event forensic examination. Advised on notification obligations and vendor liability.
- Managed e-discovery for world’s largest brokerage firm in government investigations (BSA, AML and fraud) and developed corporate matter tracking system for budgeting and metrics.
- Completed information compliance procedures for all U.S. business lines (investment services, broker dealer, auto finance, mortgage, commercial and consumer banking, etc.) for second largest bank in Canada.
- Completed records retention project for largest global fast food company for U.S. operations.
- Advised one of the top three car rental corporations on matters related to Foreign Corrupt Practices Act, Anti-Money Laundering compliance and Anti-Boycott regulations.
- Advised global, number one ranked copier and print services company on legal hold procedures and e-discovery project management.
- Developed compliant retention schedules and data migration procedures for the number one ranked clothing retailer for U.S. and Canadian information and records.
- Developed and implemented information management policies, compliant records schedules and data maps for the fourth largest school district in the U.S.
- Advised second largest government pension system in the U.S. regarding pension records compliance.
- Managed a broad spectrum of e-discovery projects and productions for sixth largest bank in the U.S. in commercial litigation matters and government investigations.
- Advised global top ten information management/archiving client on data policies, defensible retention procedures, procedures and email compliance.
- Counseled international pharmaceutical companies on FDA and general records compliance.
- Advised global analytics company on PII policies and procedures, asset identification and records compliance.
- Advised international food testing company on information management policies and procedures and records compliance.
- Advised top five internet service provider on records compliance and defensible information remediation.
- Counseled international power plant construction company on records compliance and data mapping.
- Developed and implemented records management and retention policies for one of the world’s largest charitable organizations (pro bono).
- Advised clients on parent/subsidiary discovery obligations and legal/technical strategies to avoid production by non-party subsidiaries.
- Fordham University School of LawJD1991
- The College of New JerseyBA1983
Co-Chair, International Association of Privacy Professionals (IAPP) Pittsburgh KnowledgeNet Chapter
- Speaker, "Information Governance 2020: How To Comply with Global Privacy and Security Regulations (and Still Make Money!)", ACC Global IT, Privacy, and eCommerce Network, November 5, 2020
- Speaker, "Data Privacy & Security 2020: Understanding Enforcement Trends for Strategic Negotiations", ACC National Capital Region, October 9, 2020
- Speaker, "Information Governance: Strategies for Privacy and Security Compliance", ACC National Capital Region Practical Privacy Primer, Tysons Corner, Virginia, October 10, 2019
- Panelist, "Managing Threats in Today’s Marketplace: Cyber Security and Privacy Issues", Bank of America/Merrill Lynch 5th Annual North American Retail & Luxury Forum, New York, NY, June 10, 2019
- Speaker, Security and Privacy Issues for Fiduciaries and Clients, American Bankers Association Webinar, February 7, 2019
- Speaker, SEC Compliance and Disclosure Update, McGuireWoods LLP SEC Practice Complimentary Webinar Series, April 18, 2017
- Speaker, "Data Breach Prevention and Response: An Interactive Simulation", The Data Privacy and Security Puzzle: Do You Have All the Pieces?, November 3, 2016
- Speaker, "Spring into Action! How to Implement an Effective Data Breach Response Plan", IAPP Pittsburgh KnowledgeNet, April 21, 2016
- Speaker, "Is Email Always Unethical?", LegalTech New York, February 5, 2015
- Speaker, "E-Discovery Update 2014", Pennsylvania Bar Institute Internet Law Update, April 10, 2014
- Speaker, "Cooperate or Pay the Price: A Mock Meet & Confer Session", Pennsylvania Bar Institute Internet Law Update, April 10, 2014
- Speaker, "Computer Forensics – Beyond the Basics", Legal Learning Series’ 2013 EDiscovery Leadership Conference, November 15, 2013
- Speaker, "E-Discovery Practitioners in the Hot Seat", Legal Learning Series’ 2013 EDiscovery Leadership Conference, Georgetown Law School, Advanced E-Discovery Institute, November 4, 2011
- New York
- Pennsylvania
- New Jersey
No aspect of this advertisement has been approved by the Supreme Court of New Jersey. Click here to view available selection methodologies.
Selected for inclusion in “Legal 500 United States,” Cyber Law, 2020-2023
- Author, Biden Administration Orders Improvements to Cybersecurity and Federal Networks Amid Cyberattacks, McGuireWoods Legal Alert, May 20, 2021
- Author, The SEC Announces 2021 Information Security Examination Priorities — Five Steps to Prepare, Password Protected, March 11, 2021
- Author, Data Privacy Day 2021: Privacy and Cybersecurity Are On Our Minds, Too, Password Protected, January 28, 2021
- Author, NYDFS State of Mind: Regulator Focus and Enforcement Trends, Password Protected, August 19, 2020
- Author, The CCPA’s Elusive “Reasonable Security” Safe Harbor, Password Protected, February 17, 2020
- Author, Data Breach Risks and Costs in Vendor Contracts, Password Protected, October 19, 2017
- Author, Data Breach Prevention and Response: Top 10 Takeaways From Our Interactive Simulation, McGuireWoods Legal Alert, November 14, 2016
- Author, Industry Insight: Information Governance – Leverage Your Business Intelligence and Reduce Risk, Password Protected, October 17, 2016
- Author, SEC Expands Cybersecurity Compliance Requirements For 2016, Password Protected, January 19, 2016
- Co-author, "Legal and Technical Strategies to Protect Non-Party Corporate Affiliates From Additional Discovery Exposure", Bloomberg BNA Digital Discovery & e-Evidence, April 24, 2014
- Co-author, "E-discovery: Top 5 considerations for ethical preservation in e-discovery", Inside Counsel, August 21, 2012
- Co-author, "Predictive Coding Primer", 11 DDEE 429, The Bureau of National Affairs, Inc., November 27, 2011