Overview

Aaron advises clients on a broad range of complex global privacy, data protection and cybersecurity matters, including with respect to existing and emerging requirements in the US and EU. As a leader on the firm’s global privacy team, Aaron’s work includes advising clients on large-scale cybersecurity incidents; conducting diligence and negotiating privacy and data security aspects of corporate transactions; developing of cross-border data transfer solutions; developing local, regional and international privacy and data protection compliance programs with existing and emerging data protection requirements in Europe and the US; and negotiating data-driven commercial agreements.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, The Legal 500 and Computerworld for his work on behalf of clients. Aaron splits his time between the firm’s New York and London offices, and is the only lawyer currently listed in both The Legal 500 United Kingdom and The Legal 500 United States guides, providing clients with a broad and unique transatlantic perspective. He is a sought-after media resource on privacy issues and has been quoted in such publications as Time Magazine, Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine and The Times. Aaron regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Experience

  • Advises clients with due diligence and negotiation of privacy and data security issues in corporate transactions.
  • Advises clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
  • Advises clients on all legal issues associated with cybersecurity events pursuant to requirements imposed by laws and regulatory guidance in the European Union and the United States.
  • Prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises.
  • Advises clients on international data protection requirements, including the EU General Data Protection Regulation and developing mechanisms to comply with cross-border data transfer requirements (such as through BCRs, the Privacy Shield and Standard Contractual Clauses).

Accolades

Honors & Recognitions

  • Listed for Risk Advisory: Data Protection, Privacy and Cybersecurity, Legal 500 UK, 2017-2025

  • Recognized as a Leading Lawyer for Cyber Law (including Data Privacy and Data Protection) (2019-2024) and as a Recommended Lawyer (2016-2018), Legal 500 United States
  • Recognized as a Leader in Privacy & Data Security, USA-Nationwide, Chambers USA, 2020-2024
  • Named a “Client Service All‐Star” by BTI, 2022
  • Recognized as a Leader in Privacy & Data Security, USA, Chambers Global, 2021-2024

  • Recognized as a Recognized Practitioner in Data Protection and Information Law, UK-wide, Chambers UK, 2019-2020
  • Recommended for FinTech, Legal 500 United States, 2019
  • Recognized as a Leader for Data: Information Technology, Who’s Who Legal, 2019-2020, and for Telecommunications, Media and Technology Law, Who’s Who Legal, 2013-2021
  • Selected as a Super Lawyer for Technology Transactions, New York Super Lawyers magazine, 2015. Also selected as a Rising Star, 2011-2014. 
  • Recognized as Up and Coming in Privacy & Data Security, National, Chambers USA, 2013
  • Named among the Best Privacy Advisers, Computerworld magazine, 2008

Affiliations

Professional

  • Member, Section of Antitrust Law–Privacy and Information Security Committee, American Bar Association
  • Member, Association of the Bar of the City of New York
  • Former Member, Board of Editors, Pratt’s Privacy & Cybersecurity Law Report
  • Former Member, Information Technology Law Committee, Association of the Bar of the City of New York

Insights

Events & Speaking Engagements

  • November 7, 2024
    Event
    Panelist
    New Age of Payment Fraud: Hackers vs. Heroes, Cybersecurity Summit NY: Financial Services
  • November 6, 2024
    Event
    Panelist
    Cybersecurity: U.S. and Global Legal Landscape, Practicing Law Institute’s Cybersecurity 2024: Managing Cybersecurity Incidents
  • September 26, 2024
    Event
    Speaker
    Cyber Attack Tabletop, Global Privacy Assembly Dialogues
  • September 23, 2024
    Event
    Speaker
    Cybersecurity: U.S. and Global Legal Landscape, Practicing Law Institute’s Cybersecurity 2024: Managing Cybersecurity Incidents
  • May 20, 2024
    Event
    Speaker
    Beyond Comprehensive State Laws – What’s Happening in Privacy and Data Security Law in the Rest of the US?, PLI’s Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law
  • December 1, 2023
    Event
    Speaker
    The Shifting Sands of Data Protection: 2023 Year in Review, Conférence Annuelle Du Cercle De La Compliance 2023
  • November 16, 2023
    Event
  • May 22, 2023
    Event
    Speaker
    Beyond the Comprehensive State Privacy Laws – What’s Happening in Privacy and Data Security Law in the Rest of the US?, Practicing Law Institute’s Twenty-Fourth Annual Institute on Privacy and Cybersecurity Law
  • March 2, 2023
    Event
    Speaker
    From Safe Harbor to Privacy Shield to the Trans-Atlantic Data Privacy Framework: The Saga Continues, Hunton Andrews Kurth Webinar
  • January 25, 2023
    Event
    Panelist
    Global Data Transfer Update, World Data Protection Day, BNP Paribas
  • December 2, 2022
    Event
    Speaker
    The Shifting Sands of Data Protection: 2022 Year in Review, Le Cercle de la Compliance’s 10th Compliance Year in Review
  • September 30, 2022
    Event
    Speaker
    Cybersecurity: US and Global Legal Landscape, Practicing Law Institute: Cybersecurity 2022: Managing Cybersecurity Incidents
  • January 26, 2022
    Event
    Speaker
    A Roundup of 2021 Global Data Privacy Developments and A Look at What’s Coming in 2022, New York State Bar Association’s 2022 Annual Meeting – International Section
  • September 30, 2021
    Event
    Speaker
    Cybersecurity: U.S. and Global Legal Landscape, Practising Law Institute: Cybersecurity 2021: Managing Cybersecurity Incidents
  • April 22, 2021
    Event
  • March 30, 2021
    Event
  • November 23, 2020
    Event
  • November 19, 2020
    Event
  • November 5, 2020
    Event
  • August 17, 2020
    Event
    Panelist
    Other New US Privacy and Data Security Rules, Practicing Law Institute’s Twenty-First Annual Institute on Privacy and Cybersecurity Law
  • July 23, 2020
    Event
  • January 9, 2020
    Event
  • November 25, 2019
    Event
    Lecturer
    California Consumer Privacy Act of 2018: Overview and Path to Compliance, Benjamin N. Cardozo School of Law
  • November 15, 2019
    Event
  • November 14, 2019
    Event
    Speaker
    The New Age of Privacy, Hunton GC Privacy and Data Security Event
  • November 6, 2019
    Event
    Speaker
    CCPA Amendments and Regulations – Managing the Changes, New York Privacy Officers’ Forum Leadership Series
  • June 4, 2019
    Event
  • May 20, 2019
    Event
    Speaker
    Twentieth Annual Institute on Privacy and Data Security Law, PLI Webinar, New York
  • May 17, 2019
    Event
    Speaker
    London Breakfast Briefing - Data Breach: Prepare Your Business and Test Your Readiness, London
  • March 13, 2019
    Event
    Co-presenter
    Contracting Considerations Under the GDPR, PLI Webinar
  • November 15, 2018
    Event
    Speaker
    The California Consumer Privacy Act: Impact and Implications, New York Privacy Officers’ Forum Breakfast Briefing
  • September 26, 2018
    Event
    Speaker
    Clearing up the Cookie Chaos: Practical Approaches to Consent Under the e-Privacy Directive and GDPR
  • September 21, 2018
    Event
    Speaker
    GDPR Minutes: The Intersection Between e-Privacy and GDPR, American Bar Association’s Privacy and Information Security Section of Antitrust Law
  • September 7, 2018
    Event
  • June 5, 2018
    Event
  • March 2018
    Event
    Presenter
    SEC Cybersecurity Guidance 2018, Hunton & Williams Webinar
  • January 17, 2018
    Event
  • December 5, 2017
    Event
  • November 14, 2017
    Event
  • October 5, 2017
    Event
    Speaker
    The Future of Data Protection Forum 2017, London, Thomson Reuters Practical Law
  • June 2017
    Event
  • June 22, 2017
    Event
    Presenter
    GDPR: Demystifying the Operational Requirements Webinar
  • May 23, 2017
    Event
    Speaker
    CISO Europe 14th Annual Conference and Roundtable, The Hague: Personal Data Breach Notification under the GDPR – Be Prepared!
  • April 18, 2017
    Event
    Speaker
    Privacy Leaders Council: How to Prepare for the GDPR, Retail Industry Leaders Association
  • March 21, 2017
    Event
    Speaker
    Cybersecurity Panel Discussion: A Live Cyber Attack Tabletop Exercise, Hunton & Williams Breakfast Briefing, London, UK
  • March 15, 2017
    Event
    Speaker
    Understanding the Impact of the GDPR on the EU's Cybersecurity Landscape, IAPP European Data Protection Intensive, London, UK
  • March 14, 2017
    Event
    Speaker
    GDPR Implementation: Strategic Issues to Address, CIPL, Hunton and AvePoint Breakfast Briefing, London, UK
  • January 26, 2017
    Event
    Speaker
    How to Prepare for the EU General Data Protection Regulation, IFLR European In-House Counsel Summit 2017, London, UK
  • January 18, 2017
    Event
    Speaker
    Negotiating Cloud Contracts: Key Data Protection Considerations, Society for Computers and Law Foundations of IT Law Program
  • November 15, 2016
    Event
    Speaker
    Protecting Data in an Era of Hacks and Leaks, Offshore Alert Conference, London, UK
  • October 14, 2016
    Event
    Speaker
    Cyber Security and Data Breach: Preparing for Mandatory Breach Reporting, PDP
  • October 14, 2016
    Event
    Speaker
    Data Transfers: Devising a Practical Framework for Global Data Flows, PDP
  • September 27, 2016
    Event
    Speaker
    Brexit: What Will the Impact Be? “Impact of Brexit from a Data Privacy and Security Law Perspective,” City of London Corporation and TORI Global
  • September 16, 2016
    Event
    Speaker
    Vendor Management, Retail Industry Leaders Association
  • April 28, 2016
    Event
    Speaker
    Hunton & Williams Webinar: GDPR: Impact on Cross-Border Data Transfers (Part 2)
  • April 12, 2016
    Event
    Speaker
    Your Client is the Victim of a Cyber-Attack – How to Provide Value, Richmond Bar Association Business Law Section Spring CLE Program
  • April 12, 2016
    Event
    Speaker
    PLI’s EU-U.S. Privacy Shield: A How-To Guide
  • March 9, 2016
    Event
    Speaker
    Hunton & Williams Webinar: GDPR: A How-To Guide (Part 1)
  • September 25, 2015
    Event
    Speaker
    U.S. and Global Policy Landscape, PLI’s Cybersecurity 2015: Managing the Risk
  • June 23, 2015
    Event
    Speaker
    Living with Contracts – Software Audits and Privacy Compliance, Hunton & Williams LLP’s IT/Procurement Leadership Forum, New York
  • June 17, 2015
    Event
    Speaker
    Information Risks & Trends Panel, CNA Cybersecurity Conference
  • June 9, 2015
    Event
  • June 9, 2015
    Event
    Speaker
    Privacy: Evolving Risks in Life Sciences, Pharmaceutical and Medical Device Compliance Conference
  • June 8, 2015
    Event
    Speaker
    The Mobile Arena: An Evolving Landscape, PLI’s 16th Annual Institute on Privacy and Data Security Law
  • March 19, 2015
    Event
  • March 12, 2015
    Event
    Speaker
    Anatomy of a Breach: From Discovery to Recovery, National Association of Attorneys General, Southern Region Meeting
  • January 2015
    Event
    Speaker
    Privacy and Information Security Monthly Update, American Bar Association
  • January 9, 2015
    Event
    Speaker
    Decision Analytics Program: Data Privacy 2015, Virginia Commonwealth University
  • November 13, 2014
    Event
    Speaker
    Cyber Security: A How-To Guide, International Accounting Operations Conference
  • October 16, 2014
    Event
    Speaker
    Law Firm Cyber Risk Conference, Sandpiper Partners LLC
  • June 16, 2014
    Event
    Speaker
    The Mobile Revolution: New Challenges for Privacy & Data Security, PLI 15th Annual Privacy & Data Security Law Institute
  • June 3, 2014
    Event
    Panelist
    Infosecurity Magazine Summer Virtual Conference 2014
  • May 19, 2014
    Event
    Speaker
    Cybersecurity: Proactively Protecting Your Company, Momentum Privacy, Policy & Technology Summit
  • April 25, 2014
    Event
    Speaker
    Data Security Breaches: Understanding the Threat and Navigating the Legal Landscape, CPE Retail Accounting Conference
  • June 20, 2013
    Event
    Speaker
    U.S. Cybercrime 2013: Stark Realities, Sandpiper Partners LLC/PricewaterhouseCoopers LLP
  • June 18, 2013
    Event
    Speaker
    The Digital Marketing Ecosystem: Trends, Risks, and Obligations, PLI 14th Annual Privacy & Data Security Law Institute
  • April 23, 2013
    Event
    Information Risk Management: Aligning Records, Privacy, Cyber & eDiscovery, ALM IRM Webcast
  • November 28, 2012
    Event
    US & UK Data Protection Law: Experts’ Views on Compliance Through Data Quality and Governance Webcast
  • November 28, 2012
    Event
    U.S. Privacy and Data Security Requirements Webcast
  • November 13, 2012
    Event
    Speaker
    Security Breach & Privacy, Property Casual Insurers Association of America (PCI)
  • June 5, 2012
    Event
    ABA Privacy and Information Security Committee Monthly Update
  • May 24, 2012
    Event
  • December 9, 2011
    Event
    Speaker
    Privacy Legislative Update, New York Privacy Officers Forum
  • October 26, 2011
    Event
    Speaker
    Online Behavioral Advertising: Emerging Legal Issues, ACI Social Media Business Technology and the Law, New York, NY
  • September 13, 2011
    Event
    Speaker
    Data Privacy in a Global Era, CLE Program hosted by Dana Holding Corporation, Toledo, OH
  • June 21, 2011
    Event
    Speaker
    Online Behavioral Advertising: Emerging Legal Issues, Twelfth Annual Institute on Privacy and Data Security Law (PLI), New York, NY
  • June 9, 2011
    Event
    Speaker
    Privacy Issues in Immigration, American Council on International Personnel (ACIP) 37th Annual Symposium, Arlington, VA
  • May 18, 2011
    Event
    Speaker
    Hot Topics in Privacy Law, New York City Bar Association
  • April 11, 2011
    Event
    Lecturer
    Privacy and Information Security, Columbia University
  • February 3, 2011
    Event
    Speaker
    Cloud Computing: Emerging Privacy and Information Security Considerations, New York Privacy Officers Forum (NYPOF)
  • January 6, 2011
    Event
    Speaker
    FTC Privacy Report Analysis: Protecting Consumer Privacy in an Era of Rapid Change, Association of Corporate Counsel
  • December 6, 2010
    Event
    Lecturer
    Privacy and Information Security, Columbia University, New York, NY
  • November 4, 2010
    Event
    Speaker
    Online Behavioral Advertising: Emerging Legal and Business Issues, New York Privacy Officers Forum
  • October 7, 2010
    Event
    Speaker
    ABA’s Privacy Update Webinar
  • September 28, 2010
    Event
    Speaker
    A Practice Legal Guide to Doing Business on the Internet, New York City Bar
  • September 8, 2010
    Event
    Speaker
    Privacy, Confidential Information and Intellectual Property, Ethics Compliance Officer Association Law School
  • June 22, 2010
    Event
    Speaker
    Privacy Developments in the Workplace, Practising Law Institute, New York, NY
  • June 11, 2010
    Event
    Speaker
    Implications of the HITECH Act’s Breach Requirements, The Association for Healthcare Risk Management of New York, New York, NY
  • May 7, 2010
    Event
    Speaker
    Massachusetts Standards for the Protection of Personal Information: What Your Firm Needs to Know, VigiTrust Roundtable, New York, NY
  • April 30, 2010
    Event
    Panelist
    Cybersecurity Regulation, CFO Roundtable, Dallas, TX
  • April 26, 2010
    Event
    Lecturer
    Privacy and Information Security, Columbia University, New York, NY
  • April 22, 2010
    Event
    Speaker
    Data Privacy in a Global Era, AF&PA General Counsels Resource Committee, Jacksonville, FL
  • March 17, 2010
    Event
    Speaker
    The Evolution of Federal and State Privacy Law and the Implication for CIOs, VigiTrust Roundtable, New York, NY
  • February 11, 2010
    Event
    Speaker
    Data Security Breaches: The Growing Liability Threat, Crafting and Implementing Policies to Prevent and Respond to Inadvertent Disclosures Webinar, Strafford Publications
  • January 11, 2010
    Event
    Speaker
    Privacy Issues in Marketing, InComm Partner Alliance 2010, Miami, FL

Publications

News

Education

JD, University of Virginia School of Law, 2002

BA, The University of Texas, High Honors, 1997

Admissions

England and Wales (Registered Foreign Lawyer)

New York

Jump to Page