Overview
Lisa chairs the firm’s top-ranked global privacy and cybersecurity practice and is the managing partner of the firm’s New York office. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. Chambers USA quotes clients who call her a “market leader,” noting that she is “widely considered the best.” Another client reported that “she is a strong leader with fantastic advice. She does great work on advisory boards and her leadership in the industry has really moved it forward.” Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, which is given to only one lawyer each year for exceptional achievements, and noted that a peer enthused, “Lisa Sotto is a legend.” Clients have called Lisa “the high priestess of privacy” and “the queen of breach.” She was named among The National Law Journal’s “100 Most Influential Lawyers,” an honor bestowed on practicing attorneys who are making the biggest impact in the legal world.
A preeminent lawyer and dynamic problem solver, Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on the California Consumer Privacy Act of 2018 and other comprehensive state privacy laws, GLB, HIPAA and state health privacy laws, COPPA, CAN-SPAM, FCRA, VPPA, data breach notification laws, and other U.S. state and federal privacy and cybersecurity requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Through the firm’s privacy and security in M&A transactions team, Lisa also guides clients on risks and potential liabilities associated with inadequate privacy and data security practices in high-stakes corporate transactions. She conducts all phases of data privacy assessments and information security policy audits. She also develops corporate records management programs, including policies, records retention schedules and training modules.
Lisa has been rated the “No. 1 privacy professional” in all surveys by Computerworld magazine. She is recognized by Chambers and Partners as a “Star” performer (the highest honor) for privacy and data security—the only privacy lawyer in the United States to receive this distinguished ranking. She also is ranked among the leading lawyers in Band 1 for incident response. Lisa is recognized as a leading lawyer for cyber crime, data protection and privacy by The Legal 500 United States. In addition, Hunton Andrews Kurth’s privacy and cybersecurity practice has received the topmost national rankings in privacy and data security both from Chambers and Partners and The Legal 500.
Lisa speaks frequently at conferences, has testified regularly before the US Congress and other legislative and regulatory agencies, is the author of numerous treatises and articles, has been tapped to lead several industry committees and organizations, is sought after by media outlets and industry publications for her professional insights, and appears regularly on national television and radio news programs. She is the editor and lead author of the Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business.
Experience
- Appointed by Secretaries Mayorkas, Nielson, Johnson and Napolitano as Chair of the US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (2012-2025); member (2010-2011); Vice Chair (2005-2009).
- Testified in FTC Hearing on Competition and Consumer Protection in the 21st Century, focusing on the US framework related to consumer data security.
- Testified before the European Commission and five EU Supervisory Authorities during the Annual Review of the EU-US Privacy Shield.
- Selected by the European Commission and US Department of Commerce as one of a small group of 16 arbitrators in connection with the EU-US Privacy Shield Framework Binding Arbitration Program.
- Selected to represent the US Chamber of Commerce in Brussels to present “Global Best Practices Around Data Breach Notification,” a report prepared by Hunton Andrews Kurth LLP and the Chamber.
- Selected to represent the US Chamber of Commerce in Indonesia to present “Business Without Borders: The Importance of Cross-Border Data Transfers to Global Prosperity,” a report prepared by Hunton Andrews Kurth LLP and the Chamber.
- Selected as member of US government delegation to Brazil to brief Brazilian government officials on US privacy and cybersecurity policy.
- Selected to advise Commissioner Shimpo of the Personal Information Protection Commission of Japan on US privacy and data security law.
- Selected to advise the Serbian government on global data protection law and to draft the country’s data security and breach notification laws. Lisa was sponsored by the USAID-funded Judicial Reform and Government Accountability Project.
- Testified before US House of Representatives, “Data Protection and the Consumer: Who Loses When Your Data Takes a Hike?”
- Testified before US Department of Health & Human Services’ Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics regarding RFID use in health care.
- Testified before CSIS Commission on Cyber Security for the 44th Presidency.
- Briefed the Secretary of the Army’s cyber strategic group on current issues in cybersecurity
- Briefed congressional staffers in preparation for data breach hearings held by the House of Representatives Committee on Homeland Security, Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, and in connection with drafting of a comprehensive privacy bill.
- Selected to advise DHS’s Homeland Security Science and Technology Committee (HSSTAC) regarding Third Party Pre-Screening Program.
- Selected by US Government Accountability Office to provide advice for a GAO study on data security breaches.
- Selected by US Office of Management and Budget to participate in OMB analysis of DHS Privacy Office.
- Routinely assists clients in developing policy positions regarding privacy and cybersecurity legislative and regulatory proposals both in the US and abroad.
- Advising over 80 clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act of 2020 (CPRA) and other state privacy laws, including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
- Advises clients on FTC, OCR, SEC and state Attorney General (including Multistate Taskforce) investigations and enforcement actions for alleged data security and privacy violations.
- Advises clients on managing FTC Consent Orders and CIDs in connection with data security incidents.
- Advises major health care providers and health plans on all aspects of HITECH security breaches, including OCR and state enforcement.
- Advises numerous major retailers, financial institutions and other companies on proactive cybersecurity readiness, including developing and conducting full-scale tabletop exercises for C-suite executives and boards of directors.
- Since 2005, advised on over 3,000 cybersecurity and data breach incidents in the United States and abroad, including many of the world’s seminal events (such as the Colonial Pipeline ransomware incident and Yahoo! breaches affecting 3.5 billion user accounts).
- Advised well-known telecom manufacturer on extensive APT attack involving significant loss of intellectual property.
- Advised numerous major retailers on security breaches resulting from criminal tampering of POS terminals, including FBI involvement, forensic investigations, breach notification and PR efforts.
- Advised Texas State Comptroller in connection with well-known data security incident involving 3.5 million state workers.
- Advised many multinational clients on EU-US Data Privacy Framework and Privacy Shield certifications and annual recertifications.
- Counseled numerous technology companies (both as publishers and advertisers) on data collection and sharing issues (including online behavioral advertising and Big Data initiatives), and the collection and use of geolocation data.
- Counseled major consumer goods companies on privacy issues associated with the use of radio frequency identification (RFID) and data collection from mobile devices.
- Advised multiple clients on employee monitoring and surveillance issues under federal, state and international laws, and prepared related policies (including BYOD).
- Conducted comprehensive privacy and information security policy assessments of major US electric utility and retail and consumer goods companies, including extensive data flow mapping, remediation, and development and implementation of multiple privacy, information security and records management policies and procedures.
- Served as HIPAA privacy counsel to large health care system, including over 40 hospitals and long-term care and assisted living facilities, and major academic medical center.
- Developed and implemented comprehensive global records management program in over 100 countries for one of world's largest software companies (under court supervision), including preparation and implementation of policies and procedures, numerous records retention schedules, in-person and web-based training and audit program.
- Editor and lead author, Privacy and Cybersecurity Law Deskbook (1,400-page treatise and annual updates), Aspen Publishers, Wolters Kluwer Law & Business, 2010-2024
- Contributing editor and co-author, Data Protection & Privacy, United States, Getting the Deal Through, 2014-2021
- Co-author, Navigating The Digital Age, The Definitive Cybersecurity Guide For Directors and Officers Vol. 3, Lessons From Today’s World, How to Manage a Data Breach, January 2021
- Co-author, Cybersecurity and Data Breach, Bloomberg BNA Privacy & Data Security Portfolio Series, 2019
- Co-author, Chapter 11 European Union Data Protection, Data Security and Privacy Law: Combating Cyberthreats, West, Thomson Reuters, 2010
- Co-author, Data Security Handbook, ABA Section of Antitrust Law, 2008
- Co-author, Privacy Primer: An Overview of Global Data Protection Laws, 2006
- CyberEdBoard Profiles in Leadership: Lisa Sotto, Information Security Media Group (Sotto Featured), March 11, 2025
- Priestess of Privacy, Penn Law Journal (Sotto Featured), August 19, 2019
- Thought Leaders in Privacy, DataGuidance (Sotto interviewed), May 1, 2017
- Bisnow Morning Brief NY, “16 Things You Need to Know This Morning” (Sotto interviewed), February 6, 2017
- Electronic Discovery Institute’s Distance Learning Initiative, Information Security 101 (Sotto interviewed), February 2017
- Interview, Cybersecurity Risks and Legal Landscape, KUCI 88.9 FM (National Public Radio), “Privacy Piracy: Protect Your Privacy in the Information Age” (Sotto featured in 30-minute interview), July 25, 2016
- Mimesis Law’s Cy-Pher Executive Roundtable, What Do You Do With A Hacked Law Firm? (Sotto interviewed), June 10, 2016
- Mimesis Law’s Cy-Pher Executive Roundtable, Are Law Firms Soft Targets For Hackers? (Sotto interviewed), May 23, 2016
- CASE in POINT, “Understanding New Threats to Privacy and Cybersecurity” (Sotto interviewed), March 3, 2015
- HuffPost Live, Regulator Warns of 'Cyber 9/11' Attacks on Banks (Sotto interviewed), March 2, 2015
- AskForbes Twitter Chat, What Companies Should Do When They’re Breached, August 26, 2014
- Interview, Female Powerbrokers Q&A: Hunton & Williams’ Lisa Sotto, Law360, December 4, 2013
- Interview, Cybersecurity Risks and Legal Landscape, KUCI 88.9 FM (National Public Radio), Privacy Piracy: Protect Your Privacy in the Information Age (Sotto featured in 30-minute interview), June 3, 2013
- Interview, Should There Be a “Right to be Forgotten” Online? (Sotto interviewed), CBSnews.com, May 10, 2013
- Legal Trends Roundtable: Parts 1-5, 2013 The Year Ahead in Privacy and Data Security (Sotto interviewed), com, January-February 6, 2013
- Privacy Law Expert: Many Companies Waiting for a Hack (Sotto interviewed), Bloomberg Law, November 1, 2012
- Radio Television of Serbia, Data Protection Act Good (English translation) (Sotto interviewed), July 18, 2012
- B92 (Serbian radio and television broadcaster), Careful Sharing Data (English translation) (Sotto interviewed), July 18, 2012
- Privacy Bill of Rights: A Step Forward, “Can’t be a Back-Burner Issue,” Privacy Lawyer Argues (Sotto interviewed), March 20, 2012
- Interview (podcast), Privacy Bill of Rights: Not Be-All, End-All, Security Media Group, February 24, 2012
- Breach Response: The Legal View, Fast Action Can Save Reputation and Ensure Compliance (Sotto interviewed), com, December 15, 2011
- Breach Response: Reputational Risk, Your Organization’s Name Hinges on Data Value and Security (Sotto interviewed), com, November 30, 2011
- Law360, Q&A with Hunton & Williams’ Lisa Sotto (Sotto interviewed), November 4, 2011
- KUCI 88.9 FM, Protect Your Privacy in the Information Age (Sotto featured in 30-minute interview), September 19, 2011
- FoxLive.com, Is There Need for a Data Privacy Law? (Sotto interviewed), September 6, 2011
- End to End Trust, Microsoft Corporation, regarding cross industry collaboration and a safer Internet (Sotto interviewed), September 2009
- CNN’s American Morning, Privacy in the Obama Administration (Sotto interviewed), December 8, 2008
- ClearChannel Radio, “Tech Talk with Craig Peterson,” regarding the use of RFID in health care (Sotto interviewed), March 4, 2006
Accolades
Honors & Recognitions
- Recognized as Hall of Fame for Cyber Law (including Data Privacy and Data Protection) (2020-2024) and as a Leading Lawyer (2013-2019) and for Cyber Crimes (2009-2016), and Recommended for FinTech (2019-2024), Legal 500 United States
- Recognized as a Star Individual (2015-2024) and Band 1 (2007-2013) in Privacy & Data Security, USA; and as a Star Individual (2025) and Leader (2022-2024) in Privacy & Data Security: Cybersecurity, USA, Chambers Global
- Recognized as a Star Individual in Privacy & Data Security, USA-Nationwide (2013-2024); Band 1 (2007-2012); as a Star Individual in Privacy & Data Security: Cybersecurity, USA-Nationwide (2024); and as a Leader in Privacy & Data Security: Incident Response, USA-Nationwide (2021-2023), Chambers USA
- Recognized as one of the world’s leading practitioners in Who’s Who Legal Thought Leaders: Data 2019-2024; and Who’s Who of Information Technology Lawyers 2011-2023
- Named a Stand-out Lawyer by Thomson Reuters, 2025
- Honored as a Client Choice Award winner by Lexology, 2022
- Recognized as a Distinguished Leader by New York Law Journal, 2022
- Named a “Client Service All‐Star” by BTI, 2022
- Recognized as a Leader in Legal: Data Protection & Cyber Security, USA; Band 1, Chambers FinTech, 2019-2025
- Recognized as a Women in Data by Global Data Review, 2022
- Selected for Outstanding Contribution to the Legal Profession, Chambers and Partners, 2021
- Recognized among Women in IT Security as a 2020 Veteran, SC Media, 2020
- Recognized among Women in Security PowerPlayers, SC Media, 2019
- Named among the 100 Most Influential Lawyers, National Law Journal, 2013
- Named among Incident Response 30, Cybersecurity Docket, 2016 and 2018
- Named among the 500 Leading Lawyers in America, Lawdragon, 2014-2016
- Named among Cybersecurity & Data Privacy Trailblazers, National Law Journal, 2015
- Named among 45 Regulatory & Compliance Trailblazers, National Law Journal, 2015
- Named among the 75 Outstanding Women Lawyers, National Law Journal, 2015
- Named among Attorneys Who Matter, Ethisphere Magazine, 2009, 2012, 2013, 2015
- Voted Number 1 in all Computerworld polls of global privacy advisors
- Named among Women in Law, Lawyer Monthly Magazine, 2017
- Selected among New York County Lawyers Association’s Outstanding Women in the Legal Profession, December 11, 2017
- Selected as Lawline’s Top 20 Women Faculty of 2016, April 18, 2017
- Selected for Expert Guides’ “Best of the Best Expert Guide” as a Top 30 Privacy and Data Protection Practitioner Worldwide, 2017-2019
- Recognized as one of the world’s leading practitioners in The International Who’s Who of Information Technology Lawyers 2011-2021, Who’s Who Legal, ABA Section of International Law and the International Bar Association
- Selected as a Super Lawyer for Technology Transactions Law, The New York Times Magazine, 2006-2024
- Selected as one of The Top Women Attorneys for Information Technology/Outsourcing in the New York Metro Area, Super Lawyers
- Honoree, Empire State Counsel Program, New York State Bar Association, Pro Bono Affairs, 2011, 2014
- 2000 Champion of Justice Award, New York City Bar Association, 2000
- Designated a Privacy Law Specialist, International Association of Privacy Professionals, American Bar Association Accredited Lawyer Certification Program
- Certified Information Privacy Professional/United States (CIPP/US and CIPM), International Association of Privacy Professionals
- Westin Emeritus Fellow, International Association of Privacy Professionals
- Fellow of Information Privacy, International Association of Privacy Professionals
Affiliations
Professional
- Chair, US Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, 2012-present; appointed to Committee by Secretaries Mayorkas, Nielson, Johnson, Napolitano, Chertoff and Ridge; Chair, Policy Subcommittee, 2010-2012; Committee Vice Chair, 2005-2009; Member, Cybersecurity Subcommittee, 2013-present (requiring Top Secret security clearance)
- Member, New York State Department of Financial Services’ (NYDFS) Financial Innovation Advisory Board, 2022-Present
- Chair, New York Privacy Officers Forum, 2007-present
- Lead Advisor, DataGuidance US Panel of Experts, 2008-present
- Member, American Law Institute
- Fellow, American Bar Foundation
- Member, Board of Directors, International Association of Privacy Professionals, 2010-2015
- Member, Board of Directors, Identity Theft Resource Center, 2010–2012
Insights
Legal Updates
- 13 Minute ReadJuly 18, 2024Legal Update
- 2 Minute ReadAugust 31, 2023Legal Update
- 22 Minute ReadAugust 3, 2023Legal Update
- 5 Minute ReadJuly 18, 2023Legal Update
- 3 Minute ReadJune 15, 2023Legal Update
- 13 Minute ReadFebruary 22, 2023Legal Update
- 2 Minute ReadNovember 18, 2021Legal Update
- 5 Minute ReadOctober 21, 2021Legal Update
- 14 Minute ReadOctober 8, 2021Legal Update
- 5 Minute ReadSeptember 24, 2021Legal Update
- 1 Minute ReadMay 5, 2020Legal Update
- 4 Minute ReadApril 6, 2020Legal Update
- 2 Minute ReadMarch 23, 2020Legal Update
- 2 Minute ReadMarch 20, 2020Legal Update
- November 12, 2019Legal Update
- November 1, 2018Legal Update
- February 26, 2018Legal Update
- October 26, 2017Legal Update
- 1 Minute ReadJuly 14, 2017Legal Update
- May 4, 2017Legal Update
- June 30, 2016Legal Update
- May 6, 2016Legal Update
- April 14, 2016Legal Update
- March 09, 2016Legal Update
- March 1, 2016Legal Update
- October 29, 2015Legal Update
- June 17, 2015Legal UpdateCouncil of the European Union Agrees on General Approach to the Proposed General Data Protection Regulation
- May 28, 2015Legal Update
- May 26, 2015Legal Update
- April 24, 2015Legal Update
- March 10, 2015Legal Update
- February 19, 2015Legal Update
- December 11, 2014Legal Update
- November 10, 2014Legal Update
- June 23, 2014Legal Update
- November 6, 2013Legal Update
- September 23, 2013Legal Update
- March 29, 2013Legal Update
- March 28, 2013Legal Update
- February 28, 2013Legal Update
- February 14, 2013Legal Update
- February 13, 2013Legal Update
- January 25, 2013Legal Update
- October 5, 2012Legal Update
- October 20, 2011Legal Update
- June 22, 2011Legal Update
- May 18, 2011Legal Update
- January 11, 2010Legal Update
- September 23, 2009Legal Update
- July 23, 2009Legal Update
- June 17, 2009Legal Update
- May 21, 2009Legal Update
- April 7, 2009Legal Update
- February 17, 2009Legal Update
- February 12, 2009Legal Update
- February 2, 2009Legal Update
- January 14, 2009Legal Update
- December 16, 2008Legal Update
- December 9, 2008Legal Update
- December 2, 2008Legal Update
- November 28, 2008Legal Update
- October 24, 2008Legal Update
- October 7, 2008Legal Update
- October 6, 2008Legal Update
- September 29, 2008Legal Update
- September 23, 2008Legal Update
- September 12, 2008Legal Update
- September 8, 2008Legal Update
- August 15, 2008Legal Update
- August 7, 2008Legal Update
- May 30, 2008Legal Update
- May 29, 2008Legal Update
Events & Speaking Engagements
- March 18, 2025Event
- March 18, 2025EventSpeakerA Legal Guide to Managing Cyber Attacks, WSJ Tech Live: Cybersecurity
- March 6, 2025EventPresenterNavigating Retail Cybersecurity: Insights from a Cyberattack Tabletop Exercise, National Retail Federation Law Summit
- March 4, 2025EventSpeakerGlobal Cybersecurity Legal Considerations and SEC-Focused Tabletop Exercise, Cambridge Forum for Cybersecurity Leaders
- March 2, 2025EventChair2025 Cambridge Forum for Cybersecurity Leaders, Washington D.C.
- January 26, 2025EventSpeakerCybersecurity Oversight and Governance: Managing the Risk, Bank Director’s Acquire or Be Acquired Conference
- November 19, 2024EventSpeakerAddressing the Challenges of Increased Cyber Threats and Ransomware Attacks, New York Privacy Officers’ Forum
- November 14, 2024EventPanelistNavigating the Aftermath: Legal Strategies for Post Breach Scenarios, Deloitte Next Generation CISO Academy
- November 6, 2024EventChairPracticing Law Institute: Cybersecurity 2024: Managing Cybersecurity Incidents
- November 6, 2024EventSpeakerCyber Attack Tabletop, Practicing Law Institute’s Cybersecurity 2024: Managing Cybersecurity Incidents
- October 23, 2024EventSpeakerCybersecurity: Incident Response, Cornell Tech
- October 15, 2024EventPanelistCybersecurity Regulatory and Legal Landscape, Hellman & Friedman Annual CISO/CIO Summit
- October 11, 2024EventSpeakerCribl Cybersecurity Month Interview
- October 10, 2024EventPanelistManaging Data Privacy in the Age of AI Innovation, Retail Industry Leaders Association 2024 Retail Law Conference
- September 26, 2024EventSpeakerCyber Attack Tabletop, Global Privacy Assembly Dialogues
- September 23, 2024EventChairPracticing Law Institute: Cybersecurity 2024: Managing Cybersecurity Incidents
- September 23, 2024EventSpeakerCyber Attack Tabletop, Practicing Law Institute’s Cybersecurity 2024: Managing Cybersecurity Incidents
- September 19, 2024EventPanelistLiquid Energy Pipeline Association’s Annual Business Conference, Pipeline Security Session
- Event
- June 18, 2024EventSpeakerCyber Attack Tabletop, CrowdStrike CrowdTour
- June 17, 2024EventSpeakerUS Privacy Law and Policy: Navigating Increasingly Complex Terrain, Hunton Andrews Kurth/CIPL Webinar
- June 5, 2024PanelistCybersecurity Incident Response and Preparedness, Chief Privacy Officers Council, The Conference Board
- May 21, 2024EventSpeakerPreparing for the Inevitable: Managing a Cybersecurity Incident, Practicing Law Institute’s Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law
- May 20, 2024EventChairPracticing Law Institute: Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law
- May 17, 2024EventSpeakerCybersecurity 2024: The Threat Environment and Legal Landscape, NYC Bar Association
- May 9, 2024EventPanelistCybersecurity Panel, HealthTrust Advisory Summit 2024
- May 2, 2024EventPanelistCISO Roundtable: Navigating the Cyber Threat Landscape from Boardroom to Server Room, Kaseya Connect Global 2024
- May 2, 2024EventSpeakerHIP, HIP-AA, Hooray! A Plan Sponsor’s Guide to HIPAA Privacy and Security Compliance, Hunton Andrews Kurth Presentation
- April 26, 2024EventPanelistTribeca Cybersecurity Summit 2024, New York Law School
- April 9, 2024EventSpeakerDigital Threat Landscape and Cyber Breach Scenario, KPMG Board Leadership Conference
- March 3-5, 2024EventChair2024 Cambridge Forum for Cybersecurity Leaders, Washington D.C.
- February 20, 2024Event
- February 8, 2024EventSpeakerThe Current Threat Landscape & Key U.S. Cybersecurity Legal Developments, Midwest Legal Conference on Data Privacy & Cybersecurity
- February 7, 2024EventSpeakerAchieving Regulatory Compliance in the Face of AI-Enhanced Cybercrime, Acronis Compliance Webinar
- February 1, 2024EventSpeakerIAPP KnowledgeNet ‘Data Privacy Day’, IAPP
- December 6, 2023EventSpeakerGuarding the Privacy and Security of Business Metaverse Applications, The Metaverse Spectrum Conference
- December 4, 2023EventSpeakerManaging Risks in Today’s Retail Cybersecurity Landscape, National Retail Federation Webinar
- November 8, 2023EventChairPracticing Law Institute: Cybersecurity 2023: Managing Cybersecurity Incidents, San Francisco
- November 1, 2023EventPanelistAI: Privacy, Data Protection and Transparency Think Tank, ACI’s Inaugural National Conference on AI Law, Ethics and Compliance
- October 30, 2023EventPanelistData Privacy and Cybersecurity Law Update, National Basketball Association
- October 24, 2023EventGuest LecturerNYU Master of Science Program in Cybersecurity Risk and Strategy
- October 12, 2023EventSpeakerCybersecurity Awareness, Collective Health Webinar
- September 29, 2023EventChairPracticing Law Institute: Cybersecurity 2023: Managing Cybersecurity Incidents, New York
- September 27, 2023EventPanelistLifecycle of a Cyber Attack, Duke Georgetown GMU and FBI AIA Cybersecurity Conference
- September 22, 2023EventPanelistCybersecurity Breakout Session, 2023 PCCE Directors' Academy, New York University School of Law
- July 18, 2023EventSpeakerCybersecurity Update, Perspectives on Privacy, London
- June 15, 2023EventSpeakerCybersecurity Update, New York Privacy Officers’ Forum
- May 31, 2023EventSpeakerGenerative AI: Managing the Legal Risks, Hunton Andrews Kurth Webinar
- April 18, 2023EventSpeakerU.S. Privacy Landscape: Overview of State and Federal Privacy Laws, Information Systems Security Association (ISSA) Privacy Special Interest Group Webinar
- April 14, 2023EventPanelistTribeca Cybersecurity Summit 2023, New York Law School
- March 10, 2023EventSpeakerCybersecurity Law Update and Incident Response Considerations, The Austin CyberSecurity Council
- March 2, 2023EventSpeakerFrom Safe Harbor to Privacy Shield to the Trans-Atlantic Data Privacy Framework: The Saga Continues, Hunton Andrews Kurth Webinar
- February 26-28, 2023EventChairCambridge Forums Cybersecurity Leaders’ Roundtable
- January 10, 2023EventSpeakerAccountability in Cybersecurity and Privacy: Keeping Your Name Out of the Headlines
- December 15, 2022Event
- December 14, 2022EventSpeakerPractical Privacy: What You Need to Know NOW about GDPR, CCPA and Emerging Regulations, ResNexus Webinar
- November 21, 2022EventGuest LecturerCurrent Issues in Cybersecurity and Privacy Law, Georgetown Law School
- October 24, 2022EventGuest LecturerNYU Master of Science Program in Cybersecurity Risk and Strategy
- October 18, 2022Event
- September 30, 2022EventSpeakerCyber Attack Tabletop, Practicing Law Institute: Cybersecurity 2022: Managing Cybersecurity Incidents
- September 30, 2022EventChairPracticing Law Institute: Cybersecurity 2022: Managing Cybersecurity Incidents
- September 29, 2022EventPanelistBoard Oversight of Privacy and Cybersecurity Risks, Bloomberg Law In-House Forum
- June 30, 2022Event
- June 30, 2022EventFeatured SpeakerPractical Privacy: What You Need to Know NOW About GDPR, CCPA and Emerging Regulations, 2022 HITEC Conference
- June 28, 2022EventPanelist2022 Cybersecurity Update, American Petroleum Institute Pipeline Leadership Meeting
- June 21, 2022EventSpeakerNavigating the New Digital Battlefield, Information Security Media Group’s Northeast US Summit
- May 25, 2022EventSpeakerNYS as an Innovation Hub: Cybersecurity, Fintech, and NFTs, NYSBA Business Law Section: 2022 Virtual Spring Meeting
- May 24, 2022Event
- May 23-24, 2022Event
- May 13-14, 2022EventChairCambridge Forums Cybersecurity Leaders’ Roundtable
- May 14, 2022EventDiscussion LeaderCybersecurity Issues in M&A Transactions, Cambridge Forums Cybersecurity Leaders’ Roundtable
- May 13, 2022EventDiscussion LeaderThe Art of Global Incident Response, Cambridge Forums Cybersecurity Leaders’ Roundtable
- March 10, 2022EventSpeakerAmerican Bankers Association’s Bank General Counsels Group: Monthly Forum
- March 10, 2022EventPanelistCISO Street Panel – Ransomware, Kiteworks
- March 9-10, 2022EventSpeakerFireside Chat: You’ve Been Breached: Putting Together Your Best Response Team, Information Security Media Group Middle East Summit
- February 7, 2022EventCo-presenterThe New California, Virginia, & Colorado Laws – What’s Changed, What’s the Same and What To Do Now?, Minneapolis CLE’s 2022 Midwest Legal Conference on Privacy and Data Security
- January 26, 2022EventSpeakerReady for Ransomware? Designing an Incident Response Playbook and Insurance Program for Today’s Biggest Threat, Risk Tech 2022 Virtual Event
- January 25-26, 2022EventSpeakerCyber Attack: Essentials of Putting Together the Best Team You Hope You Never Need, Your Incident Response Team, ISMG Virtual Financial Services Summit
- December 9, 2021EventSpeakerA New Standard of Care? White House/NIST Frameworks for Private Sector Cybersecurity, National Association of Attorneys General Cybersecurity Seminar
- December 3, 2021Event
- November 9, 2021EventSpeakerRansomware, DDoS and Privacy: The Legal Opinion by Lisa Sotto, Information Security Media Group’s New York Summit
- November 7-9, 2021EventChairCambridge Forums Cyber Security Salon
- October 28, 2021Event
- October 26, 2021EventSpeakerThe Clock Is Ticking: Ransomware Attack Simulation, Retail Industry Leaders Association (RILA) Retail Law Conference, Tuesday
- October 12, 2021EventPanelistManaging Enterprise Risks Associated with Cyber and Physical Security, Energy Bar Association’s 2021 Mid-Year Energy Forum
- October 6, 2021EventKeynote SpeakerCybersecurity Days 2021 Technical Forum, The Ohio State University
- September 30, 2021EventSpeakerThe Cyber Threat Landscape, Practising Law Institute: Cybersecurity 2021: Managing Cybersecurity Incidents
- September 30, 2021EventChairPractising Law Institute: Cybersecurity 2021: Managing Cybersecurity Incidents
- September 23, 2021EventGuest LecturerU.S. Privacy Landscape, MIT Sloan School of Management
- September 15, 2021EventSpeakerGlobal Cybersecurity Compliance Integrity – USA Perspective, Events4Sure RoundTable Discussion
- August 11, 2021Event
- July 2021EventSpeakerCybersecurity and Privacy Presentation, CultureClub
- June 28, 2021EventSpeakerData Privacy Litigation & Regulation – How Do the UK and US Compare?, 11KBW Information Law Virtual Conference 2021
- June 16, 2021EventSpeakerCEOs’ Concerns on Cyber Security & Data Privacy: Implications and Actions for General Counsel & Law Firms, Cyber Security & Data Privacy ConfEx, USA
- June 10, 2021Event
- May 25, 2021EventSpeakerEnterprise Data Security eSummit: Scaling Data Protection Beyond Discovery and Classification, SC Magazine
- May 19, 2021EventSpeakerU.S. Regulatory and Industry Trends Impacting Digital Advertising, Hunton Andrews Kurth Presentation
- May 17-18, 2021EventChairPractising Law Institute: 22nd Annual Institute on Privacy and Data Security Law
- May 17, 2021EventSpeakerThe California Consumer Privacy Act and the California Privacy Rights Act: Latest Developments
- April 22, 2021Event
- April 7-9, 2021EventSpeakerCybersecurity Issues in M&A Transactions, Cambridge Forums Cyber Security Salon
- March 30, 2021Event
- March 25, 2021EventGuest LecturerDeveloping a Framework for Privacy Compliance, Privacy Law Seminar, Cornell University
- March 17, 2021EventSpeakerPreparing for Compliance with the California Privacy Rights Act (CPRA), Lexology Data Security & Privacy Policy Outlook Webinar
- March 2, 2021EventSpeakerDigging Through Data: Challenges and Benefits of Audits and Compliance, Women in Security and Privacy (WISP)
- February 4, 2021EventGuest SpeakerNIST Cybersecurity Framework, Cybersecurity Law Course, American University
- November 19, 2020Event
- November 12, 2020EventSpeakerUS Privacy in the Wake of the 2020 Election, CIPL Roundtable Webinar
- October 30, 2020EventSpeakerThe California Consumer Privacy Act: Compliance Challenges, AXA XL Webinar
- October 28, 2020Event
- October 23, 2020EventSpeakerData Audits and Unscrambling the Digital Eggs, Privacy+Security Forum
- October 7, 2020EventSpeakerCybersecurity and Privacy: A How-To-Guide, NFP Corp. Webinar
- September 24, 2020EventSpeakerCyber Attack Tabletop, Practising Law Institute: 21st Annual Institute on Privacy and Data Security Law
- September 24, 2020EventChairPractising Law Institute: Cybersecurity 2020: Managing Cybersecurity Incidents
- September 24, 2020EventSpeakerCybersecurity 2020: Managing Cybersecurity Incidents, Practising Law Institute (PLI)
- September 17, 2020EventSpeakerHealth Data Privacy: International Trade Administration Lunch and Learn
- September 16, 2020EventSpeakerCCPA Enforcement Trends: National Retail Foundation IT Security Council Meeting
- September 8, 2020EventGuest SpeakerNIST Cybersecurity Framework, Cybersecurity Law Course, University of Baltimore School of Law
- August 17-18, 2020EventChairPractising Law Institute: 21st Annual Institute on Privacy and Data Security Law
- August 17, 2020EventSpeakerThe California Consumer Privacy Act: Compliance Challenges, Practising Law Institute: 21st Annual Institute on Privacy and Data Security Law
- July 23, 2020Event
- June 23, 2020Event
- June 17, 2020EventSpeakerThe CCPA Is Here – Are You Litigation-Ready?, Practising Law Institute Briefing
- June 9, 2020EventSpeakerHow Will Covid-19 Change the Federal Privacy Debate?, CIPL Virtual Roundtable
- May 20, 2020Event
- April 19, 2020EventSpeakerPrivacy and Cybersecurity: The New Frontier, University of Notre Dame Webinar
- April 2, 2020Event
- March 19, 2020Event
- February 26, 2020EventPanelistPrivacy and Beyond: Enforcement and Regulation, 2020 PLUS Cyber Symposium
- February 24, 2020EventSpeakerCybersecurity: US and Global Landscape, University of Pennsylvania Law School
- February 13, 2020EventSpeakerHot Topics in Privacy and Cybersecurity Law, Never Stop Learning at Goldman Sachs
- February 10, 2020Event
- January 22, 2020EventSpeakerCybersecurity Oversight and Governance: Managing the Risk, S4x20 ICS Security Conference
- November 21, 2019EventPresenter
- November 18, 2019EventPanelistSeismic Shifts in Privacy: California and Beyond, The Center for Technology, Innovation and Competition
- November 14, 2019EventSpeakerThe New Age of Privacy, Hunton GC Privacy and Data Security Event
- November 6, 2019EventSpeakerCCPA Amendments and Regulations – Managing the Changes, New York Privacy Officers’ Forum Leadership Series
- October 24, 2019EventSpeakerAdvancing Compliance and Promoting Privacy through Constructive Engagement between Regulators and Industry, Centre for Information Policy Leadership/Google Side Event, 41st International Conference of Data Protection and Privacy Commissioners
- October 24, 2019EventSpeakerWhat is Accountability? Addressing the Confusion, Finding Consensus, Centre for Information Policy Leadership Side Event, 41st International Conference of Data Protection and Privacy Commissioners
- October 24, 2019EventSpeakerBuilding Bridges: Common Approaches to Data Governance, US Chamber of Commerce, 41st International Conference of Data Protection and Privacy Commissioners
- October 15, 2019EventChairPLI’s Cybersecurity 2019: Managing Cybersecurity Incidents
- October 15, 2019EventSpeakerCybersecurity: US and Global Legal Landscape, PLI’s Cybersecurity 2019: Managing Cybersecurity Incidents
- September 13, 2019EventChair and SpeakerCybersecurity: US and Global Legal Landscape, PLI’s Cybersecurity Summit 2019
- September 6, 2019EventKeynote SpeakerAmCham China, 2019 Cyber Security and Privacy Protection Salon
- September 6, 2019EventPresenterOverview of US and EU Data Protection Law, 360 Corporation (Beijing)
- September 5, 2019EventPresenterHot Topics in US and EU Privacy and Cybersecurity Law, In-House Counsel by Data Protection Officer (Beijing)
- July 11, 2019EventPanelistData Globally, #DataDoneRight, US Chamber of Commerce
- June 20, 2019EventSpeakerExecutive Management, the ABA’s 4th National Institute on Cybersecurity & Data Protection: A Law Firm’s Responsibility in Managing Data Risk
- June 19, 2019EventPanelistDigital Risk Management, AIG
- June 11, 2019EventPanelistWhose Data Is It, Anyway?, Edison Electric Institute’s Annual Convention (EEI 2019)
- June 4, 2019Event
- May 21, 2019EventChairPLI's 20th Annual Institute on Privacy and Data Security Law
- May 20, 2019EventSpeakerComplying with the California Consumer Privacy Act and other US Privacy Developments, PLI's 20th Annual Institute on Privacy and Data Security Law
- May 16, 2019EventSpeakerRisk Management & Cybersecurity - Growing Threats and How to Address Them, MLP & Energy Infrastructure Conference (MEIC 2019)
- May 14, 2019EventSpeakerDyal Capital Partners, California Consumer Privacy Act of 2018
- April 26, 2019EventSpeakerData Law and Transnational Business, NYU Law and Guarini Global Law & Tech Global Data Law Conference
- April 8, 2019EventPanelistData Protection in the Global Marketplace, Cardozo Data Law Initiative
- March 19, 2019Event
- March 13, 2019EventCo-presenterContracting Considerations Under the GDPR, PLI Webinar
- February 27, 2019EventSpeakerCybersecurity: The Current Threat, Never Stop Learning (NSL) Salon
- January 24, 2019EventSpeakerTexas Cybersecurity Forum, Navigating An Evolving and Complex Legal Landscape
- January 24, 2019EventSpeakerTexas Cybersecurity Forum, Cyber Attack Simulation
- January 15, 2019EventSpeakerNational Retail Federation, Cybersecurity: Incident Response and Proactive Readiness
- December 7, 2018EventPanelistNew York City Bar Association, Corporate Counsel Symposium, Disaster Planning
- November 16, 2018EventPanelist12th Annual Leading Law Firms Conference, Sandpiper
- November 15, 2018EventSpeakerThe California Consumer Privacy Act: Impact and Implications, New York Privacy Officers’ Forum Breakfast Briefing
- November 14, 2018Event
- November 9, 2018EventPanelistNational Association of Women Lawyers Annual General Counsel Institute, Burke Williams & Sorensen
- November 6, 2018EventChairPLI’s Cybersecurity 2018: Managing Cybersecurity Incidents
- November 6, 2018EventSpeakerPLI’s Cybersecurity 2018: Managing Cybersecurity Incidents, Cybersecurity Attack Simulation
- October 23, 2018EventPanelistData Protection Seminar, EU’s General Data Protection Regulation, Spain-US Chamber of Commerce
- October 11, 2018EventPanelistLaw Firm Symposium, GDPR Panel, Aon Risk Solutions
- October 3, 2018EventSpeakerFireEye Cyber Defense Summit, SEC Guidance, Mandiant
- September 21, 2018EventSpeakerIntellectual Property, Media & Entertainment Law Journal 29th Annual Symposium, Fordham University School of Law
- September 7, 2018Event
- June 18, 2018EventPanelistNew Jersey Attorney General’s 2018 Computer Crimes Symposium, After the Breach: Working with Law Enforcement
- June 6, 2018EventPanelistBloomberg Law, Cross-Border Deals Forum 2018: Applying Emerging Technologies for Efficiency & Success
- June 5, 2018Event
- June 5, 2018EventSpeakerHunton Andrews Kurth Webinar, Cybersecurity Governance
- May 16, 2018EventSpeakerNew York State Bar Association Webinar, Navigating Global Privacy and Security
- May 8, 2018EventSpeakerHunton Andrews Kurth Webinar, The Top Ten Cyber Security Pitfalls in 2018 (And The Best Practices to Address Them)
- May 2, 2018EventSpeakerBDO Webinar, GDPR Obligations, Governance and Response
- April 30, 2018EventPanelistPLI’s Investment Management Institute 2018: Technology in the Asset Management Industry
- April 24, 2018EventSpeakerColumbia Law School, Cybersecurity 2018
- April 16, 2018EventPanelist2018 Women in Retail Leadership Summit, Sharing our Power & Vision
- April 11, 2018EventPanelistUniversity of Pennsylvania Law School, Looking Back At The Changes In Law And Technology Over The Past Ten Years
- March 21, 2018EventSpeakerMUFG, Data Privacy and Data Protection Seminar
- March 13, 2018EventPanelistThinking Out Loud - The Art of Risk, Bernstein
- March 12, 2018EventPanelistCredit Suisse COO Conference, GDPR: What Do We Need to Know
- March 7, 2018EventSpeakerHunton & Williams, SEC Cybersecurity Guidance Webinar
- February 22, 2018EventSpeakerKKR, Risk Manager Webinar, The Global Cybersecurity Landscape
- February 8, 2018EventSpeakerDyal Capital, GDPR and NYDFS Regulations – Navigating Global Privacy and Security
- January 26, 2018EventSpeakerCentre for Information Policy Leadership, Data Breach Notification under the GDPR
- January 9, 2018EventSpeakerHunton & Williams, Real Estate and Cyber Attacks: Why You’re Not Above the Risk
- December 12, 2017EventPanelistCredit Suisse COO Conference, Navigating the EU’s GDPR
- December 7, 2017EventSpeakerTPG Global, You’ve Been Hacked – What’s New
- December 5, 2017Event
- December 5, 2017EventSpeakerDeloitte’s GDPR Breach Notification: A How-To Guide
- December 4, 2017EventSpeakerDominion Energy Services, Inc., Managing the Current Privacy and Data Security Environment
- November 30, 2017EventSpeakerNew Jersey CXO Executive Summit, GDPR and Beyond – Navigating Global Privacy
- November 17, 2017EventSpeakerTPG Global, GDPR Training Webinar
- November 15, 2017EventSpeakerBloomberg BNA, Ensuring Data Protection in Cross-Border M&A
- November 14, 2017EventSpeakerTech Up for Women Conference, Cyber Security Overview
- November 14, 2017EventPanelistISMG Health Security Summit Panel
- November 6, 2017EventPanelistNYDFS and Other Cybersecurity Regulations, PwC Webcast
- November 1, 2017EventSpeakerGeneral Counsel Cybersecurity Forum
- October 25, 2017EventPanelistU.S. Chamber Institute for Legal Reform, 18th Annual Legal Reform Summit, Preparing for an Expedition: Emerging Technologies and Liability
- October 23, 2017EventPanelistNAAG Fall Consumer Protection Conference, What You Need to Know Right Now About Ransomware
- October 18, 2017EventSpeakerACA Aponix’s Preparing for Growing Cyber Threats, You’ve Been Hacked
- October 16, 2017Event
- October 3, 2017EventPanelistAssociation of Corporate Counsel, Navigating Demands for Ransom and Other Ethical Challenges in Cyber Investigations
- September 26, 2017EventSpeakerCentre for Information Policy Leadership, GDPR Impact and Implementation
- September 15, 2017Event
- September 15, 2017EventSpeakerPLI’s Cybersecurity 2017: Managing Cybersecurity Incidents, Cyber Attack Simulation
- August 9, 2017Event
- August 8, 2017EventPanelistISMG Fraud & Break Prevention Summit: How to Effectively Work with Law Enforcement and Regulators on Cybersecurity Incidents
- August 8, 2017EventPanelistNew York City Bar, Careers in Cybersecurity & Data Security
- July 26, 2017Event
- June 27, 2017EventSpeakerExecutive Roundtable: Cybersecurity Trends and Legislation, Stroz Friedberg and Palo Alto Networks
- May 31, 2017EventSpeakerPLI’s 18th Annual Institute on Privacy and Data Security Law, Cybersecurity: Managing the Risk & Cyber Attack Simulation
- May 30-31EventChairPLI’s 18th Annual Institute on Privacy and Data Security Law
- April 19, 2017EventSpeakerManaging Privacy and Data Security Risks in M&A Transactions: A How to Guide, IAPP Global Privacy Summit
- April 19, 2017EventPanelistIAPP Global Privacy Summit, A Discussion on Change: What to Expect in the 2017-2020 Cybersecurity Landscape
- April 18, 2017EventModeratorPrivacy Leaders Council: How to Prepare for the GDPR, Retail Industry Leaders Association
- April 5, 2017Event
- April 5, 2017EventSpeakerHunton & Williams Webinar: Managing Privacy and Data Security Risks in M&A Transactions
- March 1, 2017EventSpeakerHunton & Williams LLP’s Director Institutional Shareholder Event, Cybersecurity Considerations for Directors
- February 28, 2017EventPanelistNew York City Bar Association, Will the Surveillance State Doom Transatlantic Data Transfer? The Future of the U.S. - E.U. Privacy Shield Agreement
- February 22, 2017EventSpeakerSeeking Solutions: Attributes of Effective Data Protection Authorities, Chamber of Commerce
- February 9, 2017EventPanelistI’ve Been Hacked! Creating Your Incident Response Plan, 2017 Centerbridge Cyber Summit
- January 18, 2017EventSpeakerTowards Darkness or Light? Balancing Liberty and Security in the Fight Against Cybercrime, Federal Bar Council
Publications
- February 2025Publication
- January 24, 2025PublicationCo-authorA New Decade in Data Privacy: Complying with the CCPA, The Complete Compliance and Ethics Manual 2025
- Spring 2024Newsletter
- February 2024Publication
- July 26, 2023Publication
- July 10, 2023Publication
- April 26, 2023Publication
- December 7, 2022Publication
- October 5, 2022PublicationCo-authorData Protection & Privacy 2023, Introduction, Getting the Deal Through
- October 5, 2022Publication
- March 15, 2022Publication
- January 2022Publication
- December 22, 2021Publication
- August 18, 2021Publication
- August 18, 2021Publication
- February/March 2021Publication
- February 2021Publication
- January 2021PublicationCo-authorNavigating The Digital Age, The Definitive Cybersecurity Guide For Directors and Officers Vol. 3, Lessons From Today’s World, How to Manage a Data Breach
- November 4, 2020Publication
- November 4, 2020Publication
- September 2020PublicationAuthorCalifornia Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature, PLI Chronicle
- April 1, 2020Publication
- February 2020Publication
- January 2020PublicationCo-authorCalifornia: New year, new privacy policy: CCPA obligations and obstacles, OneTrust DataGuidance
- Fall 2019Publication
- October 1, 2019Publication
- October 1, 2019Publication
- June 20, 2019Publication
- May-June, 2019Publication
- April 5, 2019Publication
- April 5, 2019Publication
- February 27, 2019Publication
- February 14, 2019Publication
- February 6, 2019Publication
- December 13, 2018Publication
- October 29, 2018Publication
- June 1, 2018Publication
- June 1, 2018Publication
- January 2018Publication
- September 2017Publication
- August 2017Publication
- June 27, 2017Publication
- June 9, 2017PublicationCo-authorCybersecurity Risks and Readiness for the Hotel Industry, GMBHA Allied Upgrade eNewsletter
- May 1, 2017PublicationThought Leaders in Privacy, DataGuidance (Sotto interviewed)
- August 5, 2016Publication
- July 19, 2016Publication
- February 22, 2016Publication
- November 2015PublicationCo-authorLegal Viewpoint: Critical Next Steps to Avoid Litigation, Notifying Law Enforcement, and Choosing Response Vendors, Symantec White Paper
- October 2015PublicationData Due Diligence in M&A Deals (Sotto featured), Corporate Secretary
- October 2015Publication
- September 2015Publication
- July 1, 2015PublicationWomen in IT Security: Women of Influence (Sotto featured), SC Magazine
- June 11, 2015Publication
- May 2014Publication
- October 30, 2013Publication
- October 2013Publication
- September 2013Publication
- March/April 2013Publication
- January 24, 2013Publication
- November/December 2012Publication
- August 31, 2012PublicationThe Lurking Dangers of Data Security (Sotto interviewed), Lodging Hospitality
- June 1, 2012PublicationCo-authorTechnology: The privacy perils of mobile technology, InsideCounsel
- January 2012Publication
- July 2011Publication
- April 25, 2011PublicationHottest Practice Area? (Sotto featured), Legal Bisnow
- January 2011Publication
- December 1, 2010Publication
- May 30, 2010PublicationCo-authorThe Boucher Bill: Shaping the Privacy Landscape in the U.S., Data Protection Law & Privacy
- June 2010Publication
- February 3, 2010Publication
- November 11, 2009PublicationCo-authorPreservation and Monitoring of Corporate Messaging, New York Law Journal
- 2009Publication
- September 18, 2008Publication
- September 15, 2008Publication
- May 29, 2007Publication
- May 2007Publication
- July 20, 2006Publication
- June 2006Publication
News
- April 1, 2025Media Mention
- March 28, 2025Media Mention
- March 11, 2025Media Mention
- 4 Minute ReadFebruary 13, 2025News
- 2 Minute ReadFebruary 13, 2025News
- January 28, 2025Media Mention
- January 22, 2024Media Mention
- January 16, 2025Media Mention
- 1 Minute ReadDecember 5, 2024News
- November 16, 2024Media Mention
- November 13, 2024Media Mention
- November 4, 2024Media Mention
- 1 Minute ReadOctober 29, 2024News
- August 30, 2024Media Mention
- August 28, 2024News
- Media Mention
- 7 Minute ReadJune 12, 2024News
- 6 Minute ReadJune 6, 2024News
- June 5, 2024Media Mention
- 4 Minute ReadFebruary 15, 2024News
- December 20, 2023Media Mention
- 1 Minute ReadDecember 6, 2023News
- November 28, 2023Media Mention
- 1 Minute ReadSeptember 22, 2023News
- August 3, 2023Media Mention
- 7 Minute ReadJune 8, 2023News
- 6 Minute ReadJune 1, 2023News
- 4 Minute ReadFebruary 16, 2023News
- January 20, 2023Media Mention
- January 19, 2023Media Mention
- January 11, 2023Media Mention
- January 4, 2023Media Mention
- January 2, 2023Media Mention
- December 30, 2022Media Mention
- December 26, 2022Media Mention
- December 21, 2022Media Mention
- 1 Minute ReadDecember 2, 2022News
- November 28, 2022Media Mention
- November 28, 2022Media Mention
- 2 Minute ReadNovember 15, 2022News
- October 21, 2022Media Mention
- October 19, 2022Media Mention
- October 17, 2022Media Mention
- October 13, 2022Media Mention
- October 11, 2022Media Mention
- October 7, 2022Media Mention
- October 7, 2022Media Mention
- October 3, 2022Media Mention
- 1 Minute ReadSeptember 29, 2022News
- August 29, 2022Media Mention
- August 29, 2022Media Mention
- 2 Minute ReadAugust 12, 2022News
- July 29, 2022Media Mention
- July 28, 2022Media Mention
- July 18, 2022Media Mention
- July 1, 2022Media MentionQuoted, How did a rental startup I’d never hear of leak my home address, US Market Today
- 6 Minute ReadJune 9, 2022News
- June 8, 2022Media MentionQuoted, Bosses Brace for Worker Chaos If California Privacy Law Expands, Bloomberg Law
- June 6, 2022Media Mention
- 6 Minute ReadJune 1, 2022News
- May 27, 2022Media Mention
- May 24, 2022Media MentionQuoted, New Connecticut Privacy Law Makes Path to Compliance More Complex, Dark Reading
- May 16, 2022Media Mention
- May 12, 2022Media Mention
- May 4, 2022Media Mention
- April 11, 2022Media Mention
- 2 Minute ReadApril 4, 2022News
- March 8, 2022Media Mention
- March 1, 2022Media Mention
- February 22, 2022Media Mention
- 4 Minute ReadFebruary 18, 2022News
- 1 Minute ReadFebruary 8, 2022News
- January 28, 2022Media Mention
- January 25, 2022Media Mention
- January 7, 2022Media Mention
- December 28, 2021Media Mention
- December 24, 2021Media Mention
- December 22, 2021Media MentionQuoted, Facebook pivots from facial recognition system following biometric privacy suit; more biometric privacy litigation on the horizon, Westlaw Today
- December 19, 2021Media Mention
- 1 Minute ReadDecember 10, 2021News
- December 7, 2021Media Mention
- December 6, 2021Media Mention
- 2 Minute ReadNovember 30, 2021News
- November 10, 2021Media Mention
- October 6, 2021Media Mention
- 1 Minute ReadSeptember 30, 2021News
- September 3, 2021Media Mention
- July 30, 2021Media MentionFeatured, Lisa Sotto of Hunton Andrews Kurth: “Relationships are incredibly important”, Thrive Global
- July 1, 2021Media Mention
- June 12, 2021Media MentionFeatured, Experts Say that Ransomware Hacker Skills Are Now on Par with or Better than Those of Countries, The Washington Newsday
- June 11, 2021Media Mention
- 6 Minute ReadJune 10, 2021News
- 3 Minute ReadJune 2, 2021News
- 6 Minute ReadMay 25, 2021News
- April 13, 2021Media MentionQuoted, DoJ used court order to thwart ‘hundreds’ of Microsoft Exchange Server web shells, SC Magazine
- 3 Minute ReadFebruary 18, 2021News
- January 20, 2021Media Mention
- January 3, 2021Media MentionQuoted, How Ransomware Will Continue Wrecking Havoc In 2021, Law360
- December 30, 2020Media Mention
- December 29, 2020Media Mention
- December 28, 2020Media MentionQuoted, Privacy 2020: From prepared to alarmed, the year the rubber hit the road, SC Magazine
- December 22, 2020Media MentionQuoted, “In-House, Firms Tackle Pandemic, Regulatory Privacy Challenges,” Bloomberg Law
- 1 Minute ReadDecember 10, 2020News
- November 18, 2020Media Mention
- 1 Minute ReadNovember 13, 2020News
- 2 Minute ReadOctober 28, 2020News
- October 1, 2020Media Mention
- September 17, 2020Media MentionQuoted, Brazil, Canada Lead Surge in Global Privacy Law Expansion, Law360
- September 9, 2020Media Mention
- August 25, 2020Media MentionQuoted, Lessons from Uber: Be crystal clear on the law and your bug bounty policies, SC Magazine
- 3 Minute ReadAugust 4, 2020News
- July 30, 2020Media Mention
- July 24, 2020Media MentionQuoted, First American Title Charged Over Cybersecurity Lapses, CFO Blog
- July 22, 2020Media Mention
- July 17, 2020Media Mention
- July 17, 2020Media Mention
- 6 Minute ReadJune 12, 2020News
- June 2020Media Mention
- May 15, 2020Media Mention
- May 13, 2020Media Mention
- 1 Minute ReadMay 6, 2020News
- 5 Minute ReadApril 27, 2020News
- April 27, 2020Media MentionQuoted, How COVID-19 Is Set to Reshape Federal Privacy Law Debate, Law360
- March 11, 2020Media MentionQuoted, Preparing for a Cyberattack by Extending BCM into the C-Suite, ISACA Journal
- March 3, 2020Media MentionQuotedUnderwriters aim to develop cyber coverage framework, Business Insurance
- 2 Minute ReadFebruary 2020Media Mention
- 2 Minute ReadFebruary 21, 2020News
- February 21, 2020Media Mention
- 3 Minute ReadFebruary 18, 2020News
- February 13, 2020Media Mention
- February 6, 2020News
- February 3, 2020Media MentionQuoted, Hang-ups, Hold-ups and Hurdles Passing Federal Privacy Legislation, National Cyber Security Ventures
- February 3, 2020Media MentionHang-ups, Hold-Ups and Hurdles Passing Federal Privacy Legislation, SC Media
- 1 Minute ReadJanuary 22, 2020News
- January 2, 2020Media Mention
- January 1, 2020Media Mention
- January 1, 2020Media Mention
- December 30, 2019Media MentionQuoted, EDITOR'S LETTER: Harnessing the digital revolution, Houston Chronicle
- December 27, 2019Media Mention
- December 25, 2019Media Mention
- December 20, 2019Media Mention
- 2 Minute ReadDecember 18, 2019News
- December 16, 2019Media Mention
- October 28, 2019Media Mention
- October 11, 2019Media Mention
- October 1, 2019Media Mention
- 2 Minute ReadSeptember 30, 2019News
- September 2019Media MentionHunton Andrews Kurth Partner Lisa Sotto Speaks on Key Global Data Protection Issues in China, IT Business Net
- August 7, 2019Media Mention
- 1 Minute ReadJuly 12, 2019Media Mention
- 2 Minute ReadJuly 11, 2019News
- 1 Minute ReadJuly 2019Media Mention
- June 12, 2019NewsThe CyberWire Daily Podcast (Lisa Sotto interviewed)
- 6 Minute ReadJune 6, 2019News
- 1 Minute ReadJune 6, 2019Media Mention
- 1 Minute ReadJune 4, 2019Media Mention
- 2 Minute ReadMay 15, 2019News
- 1 Minute ReadMay 6, 2019Media Mention
- 2 Minute ReadMay 3, 2019News
- 4 Minute ReadApril 25, 2019News
- 1 Minute ReadApril 11, 2019News
- 2 Minute ReadApril 3, 2019News
- 2 Minute ReadFebruary 26, 2019News
- February 19, 2019Media Mention
- February 13, 2019News
- December 20, 2018Media Mention
- 1 Minute ReadDecember 12, 2018News
- 1 Minute ReadNovember 30, 2018News
- 1 Minute ReadNovember 22, 2018News
- November 7, 2018Media MentionQuoted, How to Improve Risk Analysis in the Wake of the Anthem’s Record Settlement, The Cybersecurity Law Report
- October 18, 2018Media Mention
- October 17, 2018Media Mention
- September 27, 2018Media Mention
- August 31, 2018Media Mention
- 1 Minute ReadJuly 25, 2018Media Mention
- 4 Minute ReadJune 13, 2018News
- 4 Minute ReadMay 16, 2018News
- May 9, 2018Media Mention
- 2 Minute ReadMarch 21, 2018News
- 4 Minute ReadMarch 14, 2018News
- 2 Minute ReadMarch 5, 2018News
- March 2, 2018Media Mention
- 1 Minute ReadFebruary 16, 2018Media Mention
- 1 Minute ReadJanuary 24, 2018Media Mention
- 1 Minute ReadJanuary 21, 2018Media Mention
- January 1, 2018Media Mention
- 2 Minute ReadDecember 18, 2017News
- 1 Minute ReadNovember 11, 2017Media Mention
- 1 Minute ReadNovember 3, 2017News
- 1 Minute ReadNovember 3, 2017Media Mention
- 1 Minute ReadOctober 26, 2017Media Mention
- October 18, 2017Media Mention
- 3 Minute ReadSeptember 26, 2017News
- 2 Minute ReadSeptember 18, 2017News
- 2 Minute ReadAugust 7, 2017News
- 1 Minute ReadJuly 27, 2017News
- 2 Minute ReadJuly 14, 2017News
- July 12, 2017Media Mention
- June 28, 2017Media Mention
- 2 Minute ReadJune 16, 2017News
- 2 Minute ReadMay 17, 2017News
- 1 Minute ReadApril 19, 2017Media Mention
- 3 Minute ReadApril 18, 2017News
- 2 Minute ReadApril 7, 2017News
- 1 Minute ReadMarch 24, 2017News
- 1 Minute ReadMarch 7, 2017Media Mention
- 2 Minute ReadMarch 6, 2017News
- February 23, 2017Media Mention
- 2 Minute ReadDecember 7, 2016News
- 1 Minute ReadDecember 5, 2016Media Mention
- October 27, 2016Media Mention
- October 2016News
- October 2016News
- October 2016News
- September 28, 2016News
- August 23, 2016Media Mention
- August 11, 2016Media Mention
- 1 Minute ReadJuly 25, 2016News
- 1 Minute ReadJuly 12, 2016Media Mention
- 1 Minute ReadJuly 8, 2016News
- 1 Minute ReadJuly 5, 2016News
- 1 Minute ReadJuly 1, 2016Media Mention
- June 10, 2016Media Mention
- 1 Minute ReadJune 9, 2016Media Mention
- 1 Minute ReadJune 8, 2016News
- 2 Minute ReadJune 3, 2016News
- May 24, 2016Media Mention
- 1 Minute ReadMay 23, 2016Media Mention
- 1 Minute ReadMay 20, 2016News
- 1 Minute ReadMay 18, 2016Media Mention
- 1 Minute ReadMay 4, 2016News
- April 28, 2016Media Mention
- 2 Minute ReadApril 4, 2016News
- March 21, 2016Media Mention
- February 29, 2016Media Mention
- February 29, 2016Media Mention
- 1 Minute ReadJanuary 29, 2016News
- 1 Minute ReadJanuary 20, 2016News
- 1 Minute ReadDecember 24, 2015News
- 1 Minute ReadDecember 23, 2015News
- 1 Minute ReadDecember 9, 2015News
- 2 Minute ReadNovember 10, 2015News
- 1 Minute ReadSeptember 24, 2015News
- 1 Minute ReadSeptember 12, 2015News
- 1 Minute ReadAugust 25, 2015News
- 1 Minute ReadAugust 19, 2015News
- 1 Minute ReadJuly 27, 2015News
- 1 Minute ReadJuly 20, 2015News
- 1 Minute ReadJuly 14, 2015News
- 1 Minute ReadJuly 14, 2015News
- July 1, 2015News
- 2 Minute ReadJune 24, 2015News
- 2 Minute ReadJune 23, 2015News
- 1 Minute ReadJune 22, 2015News
- 2 Minute ReadJune 4, 2015News
- June 3, 2015News
- 2 Minute ReadJune 2, 2015News
- 2 Minute ReadMay 27, 2015News
- 2 Minute ReadApril 27, 2015News
- 1 Minute ReadMarch 24, 2015News
- 1 Minute ReadJanuary 20, 2015News
- 1 Minute ReadDecember 19, 2014News
- 1 Minute ReadDecember 12, 2014News
- 1 Minute ReadDecember 12, 2014News
- 1 Minute ReadDecember 12, 2014News
- 1 Minute ReadDecember 2, 2014News
- 1 Minute ReadNovember 26, 2014News
- 2 Minute ReadNovember 24, 2014News
- 1 Minute ReadNovember 18, 2014News
- 2 Minute ReadNovember 12, 2014News
- 1 Minute ReadNovember 3, 2014News
- 1 Minute ReadOctober 29, 2014News
- 1 Minute ReadOctober 17, 2014News
- 1 Minute ReadOctober 16, 2014News
- 1 Minute ReadAugust 21, 2014News
- 1 Minute ReadAugust 18, 2014News
- 1 Minute ReadJuly 22, 2014News
- 1 Minute ReadJune 12, 2014News
- 1 Minute ReadJune 10, 2014News
- 1 Minute ReadMay 30, 2014Media Mention
- May 29, 2014News
- 1 Minute ReadMay 29, 2014News
- 1 Minute ReadMay 27, 2014News
- 2 Minute ReadMay 27, 2014News
- 2 Minute ReadMay 20, 2014News
- 3 Minute ReadMay 16, 2014News
- 1 Minute ReadMay 8, 2014Media Mention
- 1 Minute ReadApril 14, 2014News
- 2 Minute ReadApril 9, 2014News
- 1 Minute ReadApril 1, 2014News
- 2 Minute ReadMarch 31, 2014News
- 1 Minute ReadMarch 26, 2014News
- 1 Minute ReadFebruary 17, 2014News
- February 13, 2014Media Mention
- February 2014Media Mention
- February 10, 2014Media Mention
- 1 Minute ReadFebruary 6, 2014News
- 1 Minute ReadFebruary 6, 2014News
- February 2014Media Mention
- 1 Minute ReadJanuary 31, 2014News
- 1 Minute ReadJanuary 1, 2014News
- December 4, 2013News
- November 12, 2013Media Mention
- October 29, 2013Media Mention
- October 25, 2013Media MentionQuoted, Privacy Experts Debate Worth of Mass Data Collection, SC Magazine
- 2 Minute ReadSeptember 3, 2013News
- 1 Minute ReadJuly 22, 2013News
- 2 Minute ReadJune 24, 2013News
- 2 Minute ReadJune 21, 2013News
- 2 Minute ReadMay 30, 2013News
- 2 Minute ReadMay 20, 2013News
- May 10, 2013Media MentionQuoted, Should there be a "right to be forgotten" online?, CBS News
- 3 Minute ReadMarch 25, 2013News
- 2 Minute ReadMarch 25, 2013News
- 1 Minute ReadFebruary 21, 2013Media Mention
- 1 Minute ReadFebruary 18, 2013Media Mention
- 1 Minute ReadFebruary 5, 2013Media Mention
- 1 Minute ReadJanuary 1, 2013News
- 1 Minute ReadDecember 14, 2012News
- 1 Minute ReadDecember 11, 2012News
- 1 Minute ReadNovember 29, 2012News
- 1 Minute ReadNovember 9, 2012News
- 1 Minute ReadNovember 5, 2012News
- 1 Minute ReadNovember 1, 2012News
- 2 Minute ReadSeptember 20, 2012News
- 1 Minute ReadSeptember 13, 2012News
- 1 Minute ReadSeptember 10, 2012News
- 2 Minute ReadJuly 23, 2012News
- 1 Minute ReadJuly 9, 2012News
- 1 Minute ReadJuly 3, 2012News
- 1 Minute ReadJuly 3, 2012News
- 1 Minute ReadJune 11, 2012News
- 3 Minute ReadJune 7, 2012News
- 3 Minute ReadMay 9, 2012News
- May 2012Media Mention
- 1 Minute ReadFebruary 8, 2012News
- 1 Minute ReadJanuary 27, 2012News
- January 25, 2012Media Mention
- 1 Minute ReadJanuary 17, 2012News
- December 30, 2011News
- December 16, 2011Media MentionQuoted, FTC's Facebook Settlement May Reflect Broad Privacy Shift, BNA Antitrust & Trade Regulation Report
- 1 Minute ReadDecember 15, 2011News
- 1 Minute ReadNovember 11, 2011News
- November 4, 2011News
- 1 Minute ReadSeptember 15, 2011News
- 1 Minute ReadAugust 19, 2011News
- 1 Minute ReadJuly 29, 2011News
- 1 Minute ReadJuly 25, 2011News
- 1 Minute ReadJuly 18, 2011News
- June 15, 2011News
- 2 Minute ReadJune 14, 2011News
- 1 Minute ReadJune 10, 2011News
- 1 Minute ReadJune 10, 2011News
- 1 Minute ReadJune 2, 2011Media Mention
- April 18, 2011Media Mention
- 1 Minute ReadApril 5, 2011News
- 2 Minute ReadApril 4, 2011News
- 1 Minute ReadMarch 3, 2011News
- 3 Minute ReadFebruary 7, 2011News
- 1 Minute ReadFebruary 1, 2011News
- January 24, 2011Media Mention
- January 11, 2011News
- 1 Minute ReadJanuary 10, 2011Media Mention
- 1 Minute ReadJanuary 6, 2011Media Mention
- 1 Minute ReadDecember 27, 2010News
- 1 Minute ReadDecember 13, 2010News
- 1 Minute ReadNovember 22, 2010News
- 3 Minute ReadJuly 20, 2010News
- July 13, 2010News
- 1 Minute ReadJune 29, 2010Media Mention
- 2 Minute ReadJune 16, 2010News
- 1 Minute ReadMay 4, 2010News
- 2 Minute ReadMarch 22, 2010News
- 1 Minute ReadJanuary 21, 2010News
- 1 Minute ReadJanuary 18, 2010News
- 1 Minute ReadJanuary 4, 2010News
- December 23, 2009Media Mention
- September 11, 2009News
- 1 Minute ReadAugust 6, 2009News
- 1 Minute ReadAugust 1, 2009News
- 1 Minute ReadJuly 13, 2009News
- March 27, 2009News
- 1 Minute ReadMarch 13, 2009News
- 1 Minute ReadFebruary 23, 2009News
- 1 Minute ReadFebruary 20, 2009News
- January 7, 2009News
- 1 Minute ReadDecember 23, 2008News
- 1 Minute ReadNovember 24, 2008News
- 4 Minute ReadNovember 17, 2008News
- 1 Minute ReadOctober 1, 2008News
- 1 Minute ReadAugust 28, 2008News
- 1 Minute ReadAugust 21, 2008News
- June 26, 2008News
- June 24, 2008News
- 1 Minute ReadApril 16, 2008Media Mention
- December 19, 2007News
JD, University of Pennsylvania Law School, Law Review
BA, History, Cornell University, distinction in all subjects
New York
Areas of Focus
- Privacy and Cybersecurity
- Cybersecurity Incidents
- National Security
- European Data Protection and Privacy
- Children’s Privacy
- Records Management
- Blockchain and Digital Assets
- AI and Emerging Technologies
- Crisis Management
- Global Economic Development, Commerce, and Government Relations Group
- FinTech
- Corporate
- California Consumer Privacy Act of 2018 (CCPA)
- Financial Services
- Hospitality
- Retail and Consumer Products
Privacy and information security, once overlooked in many corporate transactions, are now taking center stage.
Our cyber and physical security task force works with companies to minimize the risks and consequences of a serious security incident. Learn More