Samuel (Sam) Goldstick is a data privacy and cybersecurity attorney, advising clients across a broad range of industries on all aspects of compliance with international, federal, and state data privacy and security laws. He is a senior counsel in the firm’s Technology Transactions, Cybersecurity, and Privacy Practice, as well as a member of the Sports & Entertainment Industry Team and Innovative Tech Sector.
Sam counsels companies in nearly every sector of the economy — including the retail, hospitality, manufacturing, financial services, health care, insurance, sports, aerospace, energy, government contracting, education, information technology, transportation, and travel industries — on a full array of data privacy and security compliance issues, such as those involving:
- Data breach notification requirements at the state, federal, and international level
- EU and UK General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other similar comprehensive U.S. state consumer privacy laws
- Gramm-Leach-Bliley Act (GLBA)
- The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation
- State insurance data security laws (including those modeled after the NAIC model law)
- Illinois’ Biometric Information Privacy Act (BIPA) and other state biometric privacy laws
- Telephone Consumer Protection Act (TCPA) and state law equivalents
- Health Insurance Portability and Accountability Act (HIPAA) and state law equivalents
- Department of Defense (DoD) cybersecurity requirements for federal contractors, including DFARS 252.204-7012, NIST SP 800-171, and CMMC
Sam assists clients of all sizes on their incident preparedness, such as reviewing and updating incident response (IR) policies and procedures, negotiating three-party agreements with forensics and other third-party IR providers to help maintain attorney-client privilege and work product protections during an incident, and running tabletop exercises that simulate real-life cyber-attacks.
On the reactive front, Sam frequently guides clients through the entire incident response process, from the early stages of the investigation to the notification of affected individuals and government regulators, as well as through any resulting enforcement actions or regulatory investigations. To date, Sam has handled hundreds of data breaches and security incidents for clients, and his depth of experience in this area allows him to provide clients with practical and business-oriented solutions in the event of a data incident and in its aftermath.
More Legal and Business Bylines From Samuel D. Goldstick
- Proposed Modifications to HIPAA Expands Individual Access Rights and Encourages Further Sharing of PHI for Care Coordination - (Posted On Monday, December 14, 2020)
- New Cybersecurity Assessment Requirement for Department of Defense Contractors Effective November 30, 2020 - (Posted On Tuesday, October 20, 2020)
- Privacy Considerations for Businesses Screening Employees and Visitors as They Reopen in California - (Posted On Friday, May 29, 2020)
- COVID-19: Privacy and Cybersecurity Regulatory and Enforcement Guidance - (Posted On Thursday, April 09, 2020)
- ISO/IEC 27701 Released as a New Standard for Privacy Compliance - (Posted On Monday, September 09, 2019)
- FTC Steps up Enforcement Against False Claims of Participation in the EU-U.S. Privacy Shield and Other International Privacy Frameworks - (Posted On Monday, July 01, 2019)
- Biometric Privacy: Illinois Supreme Court Decision Allows Claims to Proceed Without Showing of Actual Harm - (Posted On Monday, February 04, 2019)
- Ringing in 2019 with New State Privacy and Data Security Laws Impacting Data Brokers and Insurers - (Posted On Thursday, January 10, 2019)
- Uber Enters Into $148M Nationwide Settlement for Concealing 2016 Data Breach - (Posted On Friday, September 28, 2018)
