T +1 202 729 2395
Paul Pittman specializes in data privacy and cybersecurity, providing strategic legal and business advice for a variety of commercial and financial clients.
As an associate in the Data, Privacy & Cybersecurity Practice, Paul advises and represents clients on a multitude of privacy and security issues that arise in the handling of consumer and business data under state, federal and international laws. His practice includes guiding companies in responding to data breaches by managing internal forensic investigations, addressing legal obligations and engaging with regulators. Paul also collaborates with clients to identify data privacy and security issues that may arise in their business and assists them with the development of privacy and cybersecurity policies and programs to ensure compliance with applicable laws and industry standards. In addition, he counsels clients on the permissible handling of data consistent with online and mobile data standards.
Paul also offers his clients extensive experience defending against complex commercial and state attorney general litigation. Paul has represented Global Fortune 10 companies and other entities in diverse actions, including privacy, digital media, intellectual property, and product liability actions, in state and federal courts.
A knowledgeable and engaged advocate, Paul works to understand his client's business and develop creative strategies to protect client interests and minimize risks. Clients benefit from Paul's ability to apply his technical understanding to overcome challenges associated with implementing compliant privacy and security processes while reducing potential legal exposure.
He is a Certified Information Privacy Professional (CIPP/US) and a member of the International Association of Privacy Professionals (IAPP).
Advising companies in over 50 security incidents in the financial, e-commerce, healthcare, retail and banking industries on their incident investigation approach, legal obligations under state, federal and international laws, and strategy for communicating to their workforce, the public and regulators.
Conducting "tabletop" exercises with company executives and information technology teams to assess preparedness, and advise on implementation of incident response plan.
Counsel companies on the permissible collection and usage of data online and across devices, and prepare the appropriate documentation to comply with online and mobile data industry standards such as DAA and NAI.