Managing Data Privacy Risk: Practical Insights for In-House Counsel

Colin Battersby, CIPP/US, Data Privacy and Cybersecurity Practice Group Member

Colin is a member of the firm’s national Data Privacy and Cybersecurity Practice Group. In addition, he is certified by the International Association of Privacy Professionals as a Certified Information Professional for the United States, which is considered the gold standard for information privacy professionals.

He advises clients on best practices to prevent and respond to cybersecurity concerns, including leading data breach incident response efforts in combination with forensic technical vendors and company decision-makers, provides counsel on post-breach notice obligations under state data breach notice statutes or specific contractual obligations, drafts and coordinates the delivery of required notice throughout the United States and advises on post-breach remedial measures.

Kate Jarrett, Data Privacy and Cybersecurity Practice Group Associate

Kate is an Associate in the Litigation Department at McDonald Hopkins and part of the firm’s national Data Privacy and Cybersecurity team. She has experience advising and coaching a variety of businesses, such as health systems, professional service firms, and educational institutions, on data privacy and cybersecurity matters, including responding to government inquiries and investigations and obligations concerning state data privacy laws, HIPAA, GLBA, FERPA, and state insurance departments. Additionally, Kate has experience assisting clients with data privacy, cybersecurity litigation, and cybersecurity class actions.

Dominic Paluzzi, Data Privacy and Cybersecurity Practice Group Co-Chair & Member

Dominic is co-chair of the firm’s national Data Privacy and Cybersecurity Practice Group. He advises organizations on data privacy and cybersecurity risks on both a national and international basis, including pre-breach services, incident response strategies and management, defense of regulatory enforcement actions, and single-plaintiff and class action litigation. Dominic and the McDonald Hopkins Data Privacy team have counseled clients through over 10,000 data breaches and privacy incidents where he works closely with local, state, and federal law enforcement, forensic investigators, and third-party cybersecurity vendors to offer his clients efficient and effective breach response services in compliance with the numerous state, national, international and industry-specific legal obligations. Dominic has significant experience defending organizations in third-party and regulatory enforcement actions arising from data breaches. He also focuses his practice on proactively protecting clients’ personal, sensitive, and confidential information and minimizing the risk of a data privacy incident. Dominic has conducted over 500 breach response workshops and training sessions for organizations and risk management teams. In addition, he helps clients develop their written information security programs and incident response plans. In recognition of his efforts in this area, Michigan Lawyers Weekly honored Dominic as one of 30 lawyers selected as the “Leaders in the Law” Class of 2020. Dominic was also named to Cybersecurity Docket’s Incident Response 30 in 2016 and 2018 and their Incident Response 40 in 2022, as well as Incident 50 in 2023. This list compiles the “best and brightest” data breach response attorneys and compliance professionals in the business. Dominic and his team were also previously named a finalist for Advisen’s Cyber Risk Awards for Cyber Law Firm of the Year and Cyber Risk Pre-Breach Team of the Year category.

His work in this area covers a multitude of industries, including higher education, healthcare, hospitality, retail, automotive, utilities, accounting, financial services, banking, law, information technology, staffing services, manufacturing, food services, professional services, franchises, non-profits, real estate, property management, drug and pharmacy, municipalities, public entities, and insurance. Dominic is also a frequent speaker and writer on data privacy law. If you suspect your organization has suffered a data breach, call our 24/7 Hotline: 855-MH-DATA1 (855-643-2821).

Heather Shumaker, CIPP/US, Data Privacy and Cybersecurity Practice Group Associate

Heather is an Associate in the Litigation Department at McDonald Hopkins and a national Data Privacy and Cybersecurity team member. In addition, she is accredited by the International Association of Privacy Professionals as a Certified Information Privacy Professional for the United States Private Sector, the gold standard certification for information privacy professionals. Her practice advises companies in various industries on addressing data privacy and cybersecurity incidents.

Heather’s expertise stems from her time as Deputy Attorney General in the Data Privacy and Identity Theft Unit for the Office of Indiana Attorney General. In her role there, she provided internal data privacy counsel on the applicability of federal and state data privacy regulations, including CAN-SPAM, TCPA, and TSR, while also representing the State of Indiana in complex litigation in various specialized areas, including consumer protection laws, HIPAA and telephone privacy laws. Heather has also led multi-jurisdictional data breach matters compromised of attorneys general from around the country. Outside of litigation, her experience includes working with businesses to ensure state and federal compliance, including, but not limited to, reviewing policies and procedures, risk assessments and risk analysis, and PCI DSS standards, and negotiating complex settlement agreements, protective orders, confidentiality agreements, common interest agreements, memorandum of understanding and other types of contracts.

Heather’s general business and litigation practice includes experience serving as outside counsel in Fair Credit Reporting Act litigation, serving as local counsel for a Fortune 500 company, negotiating and advising on contracts, engaging in dispute resolution, and representing private and court-appointed clients in various areas of law including family law, general litigation, probate, municipal law, criminal law, contracts, and appellate law.