I advise internal and external stakeholders on privacy and data protection, risk, and risk mitigation. This involves managing complex privacy initiatives in coordination with involved stakeholders to ensure privacy policies are correctly implemented. I counsel the R&D and Product teams on privacy-by-design best practices, including providing actionable advice on data privacy, data use, and data security requirements. I develop and mature privacy controls (e.g., data registries) to continuously improve data privacy and data governance programs. I draft and negotiate agreements (e.g., SCCs, DPAs, SaaS agreements)--including application of Artificial Intelligence to de-identified data--with customers, partners, and vendors. I lead cross-team efforts to bring perspective on emerging trends to inform our strategy and develop internal policies. I conduct comprehensive, global diligence of privacy laws, regulations, and guidance (e.g., GDPR, PIPL, EU AI Act, U.S. State laws) to proactively advise Medidata’s business teams on the impact of developments in the law. I create and lead comprehensive privacy trainings. I work closely with the information security team, including the CISO, to investigate and respond to any potential privacy incidents. I engage and support Medidata’s leadership in privacy-focused industry groups.Medidata is leading the digital transformation of life sciences, creating hope for millions of patients. Medidata helps generate the evidence and insights to help pharmaceutical, biotech, medical device and diagnostics companies, and academic researchers accelerate value, minimize risk, and optimize outcomes.

I was responsible for Colgate’s Global Data Privacy Compliance Program, ensuring compliance with all applicable data privacy and security laws, including GDPR, CCPA, LGPD, and other privacy laws in the countries in which Colgate does business. I managed a global team of lawyers on region- and project-specific matters related to data privacy on a dotted line basis. I worked closely with key stakeholders in Corporate Audit and Global Information Security to implement an auditing and accountability process to assess and mitigate risks while ensuring compliance with Global requirements. I served as the primary specialty lawyer for Global Information Technology, including working closely with the CISO to align data privacy and data security policies, practices, and tools to ensure the security of the company’s systems and data. I also counseled on the applicable US and foreign laws and regulations related to information technology. I provided legal support on all cybersecurity and data security issues, including the review, development, and implementation of policies and procedures relating to the company’s information technology resources and an Incident Response Plan, and responding to/advising on any cyber issues.I worked closely with senior management, including the Board of Directors and the Enterprise Risk Management Committee. I provided advice and counsel to the Global Legal Organization (GLO), senior management, and other business functions on all data privacy and security issues as they relate to employees, vendors, consumers, and customers, including: collection and use of adult and children’s personal data; marketing issues (with a particular focus on Digital Marketing); and third party management. I served as the Company designee for all governmental and regulatory related inquiries and investigations related to data privacy (acting as Chief Privacy Officer). I assisted Corporate lawyers on M&A due diligence for data privacy-related matters.

I maintained a general litigation practice, with a focus on the areas of electronic discovery and discovery management processes; data privacy and security; records and information governance; and enterprise risk management. I gained experience in preserving evidence and managing discovery in data breaches and security incidents, and in resulting class actions and regulatory investigations. I developed legal hold policies, procedures, and related materials and advises clients on information governance practices and the development of records retention, maintenance, and destruction policies and procedures. I extensively counseled clients on compliance with Data Privacy laws such as the GDPR, and advised on preparation for the CCPA. I was also involved in legal issues surrounding emerging technologies such as Artificial Intelligence and Blockchain. I provided guidance regarding the creation, development, and implementation of global privacy and security policies, standards, procedures, and guidelines. I also regularly advised organizations on compliance with international data transfer restrictions and data localization requirements, including through the utilization of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, and binding corporate rules.

Associate in Tampa, Florida (September 2011 to June 2013)Associate in Geneva, Switzerland (July 2013 to October 2015)While in Geneva, my practice focused on the defense of complex litigation in Europe, West Africa, and the Middle East, including class actions, reimbursement lawsuits, consumer protection claims, and individual product liability claims. My role included working with other outside counsel to coordinate litigation defense strategies and develop supporting evidence. I also advised clients on litigation prevention strategies and legislative projects that impact or alter civil liability risks—such as proposed legislation on class actions and punitive damages—in Europe, Africa, and Asia-Pacific. As part of that strategic advice, I evaluated client eDiscovery readiness programs, advises on collection, review, and production considerations, and considers the implications of mobile technologies, client information technology platforms, and related social media use. I also developed and advised clients on corporate data retention policies and procedures and on data protection concerns regarding collection, use, processing, and security of personally identifiable information and sensitive personal information in litigation, regulatory inquiries, cross border transactions, and merger, acquisition, asset purchase, and divestiture activities. Prior to joining the Geneva office, I practiced in the firm's Tampa office representing product manufacturers against personal injury claims in both state and federal courts in the United States. I was a member of four trial teams, two of which earned complete defense verdicts and one of which settled after jury selection.