Brittany advises clients in identifying, evaluating and managing complex global privacy and information security risks and compliance issues. Brittany is a partner in the firm’s top-ranked global privacy and cybersecurity practice. She has national recognition for her work in the areas of privacy and data security. Brittany is ranked in Chambers USA, Chambers Global and Legal 500, and was named a New York Law Journal “Rising Star,” a Law360 “Rising Star” in privacy and cybersecurity, and one of Global Data Review’s 40 Under 40 data lawyers. Chambers USA quotes clients who call her “very diligent, intelligent and hard-working” and “very client-focused, attentive and responsive.” Chambers USA also quotes a client who calls her “one of the very best individuals I have worked with on privacy-related matters.” Legal 500 refers to Brittany as “the best at what she does,” recommending her for cyber law (including data privacy and data protection) and fintech.

Brittany assists clients in identifying, evaluating and managing a panoply of global privacy and information security risks and compliance issues. A significant aspect of her practice is advising large, multi-national companies on catastrophic cybersecurity incidents. Brittany served as a lead attorney on the two largest reported breaches in history (affecting over three billion user accounts) and has managed hundreds more. Her cybersecurity practice includes advising clients on data breach notification responsibilities; counseling them on responding to multi-jurisdictional regulatory investigations; and providing strategic advice in the breach context for managing ransomware attacks, as well as inquiries from Boards of Directors, consumers, media and potential acquiring companies in a deal setting. Brittany also helps companies design and build privacy and data security governance programs and conduct proactive breach preparedness activities, including developing workable incident response plans and legal breach notification procedures, ransomware playbooks and legal primers, running executive-level tabletops with data breach hypotheticals, and engaging third-party experts (such as forensic investigation firms, ransomware specialists, credit monitoring services, PR firms and call centers) in advance of an incident.

In relation to her privacy compliance practice, Brittany advises clients on the California Consumer Privacy Act of 2018, GLB, CAN-SPAM, and other U.S. state and federal privacy requirements, and global data protection laws (including those in the EU, Asia and Latin America). She routinely conducts privacy impact assessments and advises companies on managing risk in connection with extensive and innovative data collection and use, including with AI and machine learning technologies. She also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts and helps companies design robust vendor management programs.

Bar Admissions

Education
JD, Washington University in St. Louis School of Law, 2009

BA, University of Notre Dame, cum laude, 2006

• Advised over 50 companies (including health care companies, retailers, consumer goods companies, and financial institutions) on data breach and cybersecurity incident response, including preparation of required notifications pursuant to state breach notification laws, the HITECH Act and Interagency Guidance, call center training and development of media strategies.
• Assisted Fortune 100 company in responding to congressional inquiries relating to a cybersecurity incident.
• Drafts comprehensive data security policies, standards and procedures in connection with corporate information security programs.
• Assists clients with complying with privacy and information security requirements, including under GLB, HIPAA and state information security laws.
• Counsels clients in negotiating information sharing agreements with government agencies.
• Assists clients in establishing a vendor management program, including evaluating and negotiating privacy and data security provisions and indemnities contained in vendor agreements.
• Evaluates compliance issues and drafts notices and consents for corporate programs involving business uses of employee-owned electronic devices.
• Drafts online and offline privacy policies, procedures and notices.
• Evaluates compliance and enforcement issues related to the collection of information in the context of credit card transactions under the Song-Beverly Act and other state and federal laws.
• Develops employee training materials and handbooks focusing on privacy and information security practices.
• Counsels clients on HIPAA compliance, including security breach notification obligations under the HITECH Act and preparation of HIPAA security policies and procedures.

• Member, New York Bar Association

• Listed for Data Protection and Privacy, Legal 500 United States, 2017
• City Bar Justice Center’s 2016 Jeremy G. Epstein Award for Pro Bono Service

• Board Oversight of Privacy and Cybersecurity Risk: Why Delaware Developments Matter, The Computer & Internet Lawyer
• Data Breach Resource Center
• New York – Cybersecurity, OneTrust DataGuidance
• Training a Machine Learning Model Using Customer Proprietary Data: Navigating Key IP and Data Protection Considerations, Pratt’s Privacy & Cybersecurity Law Report
• SEC Fines Broker-Dealer $1 Million in First Enforcement Action Under Identity Theft Rule, SA Financial Regulation Online Journal
• Cybersecurity Risks and Readiness for the Hotel Industry, GMBHA Allied Upgrade eNewsletter
• California Consumer Privacy Act: A Sea of Change for Retailers, Chain Store Age
• Ransomware Attacks Raise Key Legal Considerations, Law360
• USA: Discrimination in a hightech world – potential pitfalls of AI in employment, OneTrust DataGuidance
• USA: Discrimination in a hightech world - potential pitfalls of AI in employment, OneTrust DataGuidance
• California Consumer Privacy Act and Its Impact on M&A Transactions, Deal Lawyers
• California Consumer Privacy Act and Its Impact, Los Angeles Business Journal