• Conducted more than 100 gap assessments for financial institutions, pharmaceutical companies and retail entities against various privacy/cyber laws and regulations. Based off those assessments, drafted and implemented remediation plans to improve compliance programs.
• Worked with financial institutions who are applying for different state money transmitter licenses and prepared their cybersecurity programs for regulator examination.
• Consulted on privacy considerations of corporate internal investigations involving the review of employee data/devices.
• Draft and conduct cybersecurity tabletop exercises with clients seeking to enhance their security incident practices.
• Worked with a major U.S. bank on evaluating the efficacy of implementing various tooling solutions to enhancing their privacy capabilities.
• Worked with several major financial institutions to analyze third-party tracking occurring on their websites and design strategies for complying with notice/consent requirements while still maximizing data collection.
• Worked with a multinational financial institution on building a privacy program, including conducting an assessment against best privacy practices, reviewing and drafting documentation, and developing a plan to build, staff, and operationalize a privacy office in a three-year time period.
• Led an eight-month engagement to evaluate a major U.S. county’s privacy and security program against the NIST Cybersecurity Framework and worked closely with county leadership to draft recommendations for improving their cybersecurity operations and revamping their CISO/CPO governance structure.
• Consulted with a global pharmaceutical company to review privacy practices enterprise-wide, including conducting a data mapping exercise of more than 100 processing activities, and ensure they were compliant with the California Consumer Privacy Act, before finalizing a merger with another major company.

Matters may have been completed before joining Paul Hastings.