T +1 202 729 2395
Paul Pittman specializes in data privacy and cybersecurity, providing strategic legal and business advice for a variety of commercial and financial clients.
As an associate in the Data, Privacy & Cybersecurity Practice, Paul advises and represents clients on a multitude of privacy and security issues that arise in the handling of consumer and business data, and the management of information and operational systems under state, federal and international laws and standards. His practice includes guiding companies in responding to data breaches by managing internal forensic investigations, addressing legal obligations and engaging with regulators. Paul also collaborates with clients to identify data privacy and security issues that may arise in their business operations and products, including connected devices (IoT), and assists them with the development of compliant data privacy and cybersecurity programs. In addition, he counsels clients on the permissible handling of data consistent with online and mobile data privacy and security standards.
Paul also advises global clients on all data privacy and cybersecurity matters that arise in corporate transactions, including mergers, acquisitions, financings and securities offerings.
Paul offers his clients extensive experience defending against complex commercial and state attorney general litigation. Paul has represented Global Fortune 10 companies and other entities in diverse actions, including privacy, digital media, intellectual property, and product liability actions, in state and federal courts.
A knowledgeable and engaged advocate, Paul works to understand his client's business and develop creative strategies to protect client interests and minimize risks. Clients benefit from Paul's ability to apply his technical understanding to overcome challenges associated with implementing compliant privacy and security processes while reducing potential legal exposure.
He is a Certified Information Privacy Professional (CIPP/US) and a member of the International Association of Privacy Professionals (IAPP).
Guiding over 50 companies in the financial, e-commerce healthcare, retail and banking industries on data security incident and breach response and their notification obligations under state and federal laws following cyberattacks or unauthorized access to sensitive customer and business information.
Conducting "tabletop" execises with company executives and information technology teams to assess preparedness, and advise on implementation of incident response plan.
Counseled an online advertising provider on permissible data collection and usage, and on development of a privacy notice to comply with online and mobile data industry standards such as DAA and NAI.