Michaela Frai

Michaela advises clients on global privacy compliance and cybersecurity matters, helping them navigate complex regulatory requirements and manage risk across jurisdictions. She counsels large enterprise companies to early stage startups in a range of industries—including technology, financial services, and healthcare—on all aspects of cybersecurity, including governance, preparedness, crisis management, and incident response, as well as incident assessment, forensic investigation management, legal risk analysis, breach notification obligations, crisis communications, and internal and regulatory investigations. She also works with clients to strengthen global privacy compliance programs and provides guidance on privacy and data security issues arising in corporate transactions.

Michaela has a particular focus on advising clients on compliance with the Health Insurance Portability and Accountability Act (HIPAA) and state health privacy laws. She drafts and negotiates business associate agreements, develops policies and procedures, and counsels on governance and related health data privacy issues.

• Assists with cybersecurity incident response, including leading forensics investigations, developing legal risk analysis, assisting with notifications and obligations to individuals and regulators, and coordinating crisis communications plans.
• Advises on internal and regulatory investigations, including working with clients on inquiries from the Federal Trade Commission, the Department of Health and Human Services, state attorneys general, and financial regulators.
• Develops HIPAA and state privacy law compliance programs, including drafting policies and procedures and developing risk management programs.