Anne S. Peterson Counsel

Save current page as PDF

Anne focuses her practice on data privacy and security, incident response, information governance and e-discovery. She routinely advises clients on a broad array of issues related to federal, state and industry compliance, as well as defensible internal policies and procedures to protect and leverage sensitive information.

Anne has handled numerous data breach events from initial discovery to resolution including investigation, federal and state notification analysis, remediation and corrective action. Her experience spans diverse industry sectors, including energy, healthcare, manufacturing, banking, retail, travel, technology services, education, private equity, global food services and construction.  Anne also routinely counsels international clients regarding global privacy and security, cross-border data transfers and defensible policy implementation.

Anne has particular experience assisting clients with data risk management. She partners with clients’ IT and legal teams to review and evaluate internal practices related to security, identification of sensitive information across diverse platforms and jurisdictions, data sharing, records retention, information storage, and vendor oversight. Anne also counsels clients regarding federal and state privacy laws, FTC regulatory compliance, Payment Card Industry Data Security Standards, (PCI/DSS), CCPA, GDPR, GLBA, TCPA and COPPA.  In addition, Anne represents clients when e-discovery is required for litigation, investigations and transactional due diligence.

Anne holds the CIPP/US credential as a Certified Information Privacy Professional from the International Association of Privacy Professionals (IAPP). From 2015 to 2019 Anne served as co-chair of the Pittsburgh KnowledgeNet chapter, for which she lead privacy-related educational activities for more than 130 members.

Anne’s role as a trusted data privacy and security counselor has been built over the course of her career, which she began as an IBM systems engineer. This background in consulting and technology provides her with unique skills to counsel clients in the quickly evolving areas of data security, privacy and emerging technologies. She then became a skilled trial lawyer, handling high-volume arbitration and served as first-chair trial counsel for clients in multiple matters. As a result, Anne counsels clients with a focus on defensible practices, policies and procedures to withstand the challenges of litigation.


  • Managed international team of attorneys (EMEA, APAC, Americas) during a divestiture of financial services business lines of one of the  five largest companies in the world. Responsibilities included compliance, due diligence, security, privacy and e-discovery.
  • Advised a Fortune 10 company regarding comprehensive information management policies and procedures related to information classification, data mapping, privacy and security.  In addition, advised on data remediation to reduce risk in the event of litigation and/or cyber threats.
  • Counseled global consumer good company (over 100 brands worldwide) regarding CCPA and GDPR compliance as well as all policies and procedures related to Information Governance (Incident Response Plan, Written Information Security Program, Records and Information Management Policies, Acceptable Use Policies, Social Media Policies, Bring Your Own Device Policies, etc.).
  • Represented an international sports equipment manufacturer on defensible data breach response following a cyberattack which compromised the personal information of over 7,000 individuals in 36 countries.  Analyzed federal, state and foreign notification obligations, drafted legal holds and preservation notices, assisted with FBI notification, and investigated vendor liability.  This matter included the development of a public relations strategy, as well as media holding statements.
  • Counseled critical infrastructure utility regarding data breach preparedness and response to ensure efficient and legally defensible procedures in the event of a cyber-attack. Representation also included a comprehensive review and revision of policies related to employee use of systems, internal and external social media policies and procedures, information classification, and electronic/physical security procedures.
  • Counseled global student travel company regarding PCI/DSS compliance including the development of a Written Information Security Plan incorporating all requirements of the PCI/DSS Standards. Assist client with defensible information management policies and procedures including a Global Privacy Policy, Data Breach Response Plan, Mobile Privacy Policies and internal policies related to Acceptable Use and E-Communications for 27 locations in the U.S., EMEA and APAC (particular focus on Mexico and Canada).
  • Representation of the largest, privately owned, U.S. department store (more than 300 stores nationwide; $3.5 billion in sales) regarding privacy policies (website and mobile), Terms of Use (across all platforms) and classification of customer data to ensure applicable federal and state regulations were identified and compliant safeguards implemented. In addition, we assisted this client with data breach response procedures and breach counseling.
  • Assisted a high profile, national government contractor, with sensitive information identification and classification, as well as data breach response and preparedness planning.  Developed defensible practices for privacy, security, information management, data remediation and training.
  • Advised a start-up, global travel company on all aspects of privacy and security including data sharing and leverage, cross border information transfers, TCPA/COPPA/PCI compliance, tracking technologies, privacy notices (global and U.S.) and vendor contract oversight.
  • Advised natural gas provider regarding NARUC compliance related to information management, identification of sensitive information and records retention.  Developed defensible procedures for legal holds, compliance training and records remediation.
  • Advised major bank holding company regarding breach of SWIFT codes related to international documentary collections and applicability of International Chamber of Commerce rules.
  • Assisted healthcare company during acquisition of third party provider with regard to data breach discovered prior to closing.  Managed dual track investigation and advised on vendor liability assessment and indemnification.  Also counseled client on state and federal notification requirements, remedial action and closing conditions.
  • Advised major food franchise regarding digital wallet gift card program including vendor contract management, privacy and security compliance, indemnification and limitations on liability for breach events.
  • Advised community bank during data breach including defensible incident response, GLBA analysis and notification obligations.  Post–breach assisted client with the development of defensible information management procedures and practices to reduce risk and provide internal guidelines for compliance with privacy, security and retention requirements.
  • Counseled seventh largest automobile manufacturer on e-discovery best practices for litigation involving data in Europe, Asia and the U.S. Devised compliant cross border data flows and review processes for efficient and cost effective discovery, review and production.
  • Assisted client with Preliminary Injunction against contractor for hijacking of domain name and website under the Computer Fraud and Abuse Act, Lanham Act and state statutes governing conversion, unfair trade practices and computer trespass.
  • Assisted hospital system with data breach investigation during sale of corporate assets.  Managed dual track investigation, including witness interviews and event forensic examination.  Advised on notification obligations and vendor liability.
  • Managed e-discovery for world’s largest brokerage firm in government investigations (BSA, AML and fraud) and developed corporate matter tracking system for budgeting and metrics.
  • Completed information compliance procedures for all U.S. business lines (investment services, broker dealer, auto finance, mortgage, commercial and consumer banking, etc.) for second largest bank in Canada.
  • Completed records retention project for largest global fast food company for U.S. operations.
  • Advised one of the top three car rental corporations on matters related to Foreign Corrupt Practices Act, Anti-Money Laundering compliance and Anti-Boycott regulations.
  • Advised global, number one ranked copier and print services company on legal hold procedures and e-discovery project management.
  • Developed compliant retention schedules and data migration procedures for the number one ranked clothing retailer for U.S. and Canadian information and records.
  • Developed and implemented information management policies, compliant records schedules and data maps for the fourth largest school district in the U.S.
  • Advised second largest government pension system in the U.S. regarding pension records compliance.
  • Managed a broad spectrum of e-discovery projects and productions for sixth largest bank in the U.S. in commercial litigation matters and government investigations.
  • Advised global top ten information management/archiving client on data policies, defensible retention procedures, procedures and email compliance.
  • Counseled international pharmaceutical companies on FDA and general records compliance.
  • Advised global analytics company on PII policies and procedures, asset identification and records compliance.
  • Advised international food testing company on information management policies and procedures and records compliance.
  • Advised top five internet service provider on records compliance and defensible information remediation.
  • Counseled international power plant construction company on records compliance and data mapping.
  • Developed and implemented records management and retention policies for one of the world’s largest charitable organizations (pro bono).
  • Advised clients on parent/subsidiary discovery obligations and legal/technical strategies to avoid production by non-party subsidiaries.