JD, Rutgers Law School
BA, Cornell University

• District of Columbia Bar
• New York State Bar

Technical and specialized engagements:

• Mobile app privacy testing on Android, iOS, and Kindle devices
• Website privacy testing and analysis
• Data Lake privacy controls
• API testing
• IoT privacy and feature testing
• Hard-coding legal decision making in privacy control platforms
• Privacy and security training
• Online ad ecosystem training

Privacy-related class action litigation defense and regulatory defense:

• Represented companies in litigation resulting from use of social network widgets
• Represented companies in relation to state attorneys general inquiries, Civil Investigative Demands (CIDs), subpoenas and investigations.
• Represented several companies in class action litigation related to the use of cookies and flash cookies.

General Compliance and Corporate Governance:

• Provided advice to large retailers with respect to geo-fencing projects
• Provided strategic advice and counsel on local, national and international privacy and data protection and data transfer laws for numerous companies
• Assisted numerous companies in drafting, design and implementation of internal company policies, including information security, data and records management and retention, data classification and handling, device management and "Bring Your Own Device" policies, codes of conduct, white papers, marketing materials, vendor white lists and internal policies on Internet tracking.
• Provided counseling for large communication provider, software companies and mobile app developers with respect to issues pertaining to security, encryption and authentication.
• Provided advice to numerous companies with respect to the use of geo-location information.
• Developed privacy training programs.

• Chambers USA, Nationwide, Privacy and Data Security: Privacy, Chambers and Partners, 2024
• Legal 500, Recommended Lawyer, Cyber law (including data privacy and data protection), The Legal 500, 2022-2024
• Legal 500, Recommended Lawyer, General Commercial Disputes, The Legal 500, 2021
• New York Trailblazer, New York Law Journal, 2020
• Who's Who Legal, Data: Information Technology, Legal Business Research Ltd., 2018
• Outstanding Lawyer, Nightingale's Healthcare News, 2009
• Top 40 Under 40, New Jersey Law Journal, 2008

• Co-author, "Google's Data Safety Form: Timeline Extended and Key Considerations," NT Analyzer Insights, February 28, 2022
• Co-author, "Google's Data Safety Form: Timeline Extended and Key Considerations," Data Protection Report, February 28, 2022
• Co-author, "European rulings on the use of Google Analytics and how it may affect your business," Data Protection Report, February 14, 2022
• Co-author, "Data Privacy Concerns in 2022 and Beyond," NT Analyzer Insights, January 31, 2022
• Co-author, "iOS 15 Privacy Report Update: What it Means for App Owners," NT Analyzer Insights, January 19, 2022
• Co-author, "Google Play Store Releases Data Safety Form," NT Analyzer Insights, November 19, 2021
• Co-author, "Does Your App Track Users that Opted-out of Tracking?," NT Analyzer Insights, October 26, 2021
• Co-author, "iOS 15: New Privacy Features Industry Should Note - NT Analyzer," NT Analyzer Insights, October 7, 2021
• Co-author, "Why is Unintended Data Leakage and Third Party Code So Prevalent?," NT Analyzer Insights, July 26, 2021
• Co-author, "Global Privacy Control Opt-Out of "Sale" – A Technical and Legal Viewpoint," NT Analyzer Insights, July 16, 2021
• Co-author, "Google Will Nix the "GAID" for Opted-Out Users on Android," NT Analyzer Insights, June 8, 2021
• Co-author, "How Data Privacy Can Affect Consumer Goods," NT Analyzer Insights, June 2, 2021
• Co-author, "iOS 14.5 and ATT Framework Coming to an App Near You," NT Analyzer Insights, April 22, 2021
• Co-author, "Rejected: Don't Let Apple Determine Your App's Fate," NT Analyzer Insights, April 13, 2021
• Co-author, "NT Analyzer Navigates Virginia's New Privacy Law," NT Analyzer Insights, April 7, 2021
• Co-author, "Google Privacy Sandbox Won't Support Alternate Identity Solutions," NT Analyzer Insights, March 19, 2021
• Author, "iOS: IDFA/Tracking Opt-In: What You Should Know," NT Analyzer Insights, March 11, 2021
• Co-author, "Solving Apple's New App Privacy Requirements," NT Analyzer Insights, October 16, 2020
• Co-author, "101 Problems and Schrems Ain't One," NT Analyzer Insights, September 25, 2020
• Co-author, "IDFA Opt-In: Good for User Privacy or Not So Much?," NT Analyzer Insights, July 21, 2020
• Author, "Why So Many Cookie Policies Are Broken," NT Analyzer Insights, June 25, 2020
• Co-author, "How to navigate Advanced Persistent Threat (APT) intrusions," New York Law Journal, March 2020
• Co-author, "CCPA:  'Wait and see' is not the right approach," Norton Rose Fulbright Data Protection Report, August 29, 2019
• "A Deep Dive Into the Privacy and Security Risks for Health, Wellness and Medical Apps," IAPP Privacy Tech, April 6, 2015
• "How Much Does Cybercrime Threaten Latin American Companies?" Inter-American Dialogue Financial Services Advisor, March 20-April 2, 2014
• "Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model", Internet Computing, IEEE, February 6, 2013, co-author Stephen Schultze, (Peer Reviewed)
• Co-author, "Study Criticizing Android Apps Was Pretty Lame," Law360, December 3, 2012
• Co-author, "The New Corporate Approach To Privacy Compliance," Law360, July 31, 2012
• "SSL Hacked: 2011 Proved That The Enterprise Can't Rely On Encrypted Communications; But Corporate Counsel Can Champion a Fix," Corporate Counsel, Law.com, September 28, 2011
• "Information Security and Privacy: A Practical Guide for Global Executives, Lawyers, and Technologists," Science and Technology Law Section, American Bar Association, February 17, 2011
• "The Flawed Legal Architecture of the Certificate Authority Trust Model," Freedom to Tinker Blog, December 15, 2010
•  "Encryption Is Not Enough: Why It's Time for General Counsel to Weigh In on Authentication Practices Associated With Secure Communications," e-Commerce Law Report, Vol. 12, Issue 11, West Publications, November 2010
• "The 'Certificate Authority' Trust Model for SSL: A Defective Foundation for Encrypted Web Traffic and a Legal Quagmire," Intellectual Property & Technology Law Journal, Vol. 22, No. 11, November 2010
• "The Next Generation of Artificial Intelligence in Light of In re Bilski," The Intellectual Property & Technology Law Journal, Vol. 21, No. 3, March 2009

• International Association of Privacy Professionals (IAPP) Little Big Stage Online, NT Analyzer: Empowering You to Manage Digital Privacy Risk at Every Level, June 3, 2021
• Webinar - NT Analyzer: Partnering With Your Business to Prepare for the Future of AdTech, May 25, 2021
• Webinar - Solving Apple's New App Privacy Requirement, November 13, 2020
• "The Insecure Digital World: Data Breaches and Other Threats to Consumers," Consumer Federation of America Consumer Assembly, May 10-11, 2018
• "Moral Humans, Immoral Algorithms," Privacy Security Risk (IAPP), San Diego, October 2017
• Steven Roosa and Josh Kroll, "The Algorithm Made Me Do It: Predictive Power, Ethics and the Law in the Age of Machine Learning, Artificial Intelligence, and Mathematical Perplexity," Highmark Health All-Hands Privacy Workshop, Pittsburgh, PA, January 11, 2017. (Invited).
• "Moral Humans and Amoral Algorithms: How Machine Learning Creates Privacy and Ethics Exposure and What You Need to Know About It," Privacy + Security Forum, October 24-26, 2016
•  "New Legal Challenges Resulting from an Escalation of Cyber Risks and Data Breaches," New York Bankers Association's Bank Counsel Seminar, April 23, 2015
• "AdvaMed's Mobile Health, Wellness and Medical: A Privacy Workshop," Regulatory Oversight of Mobile Medical Devices and Health and Wellness Apps by the FDA and FTC, Hands on Testing of Mobile Apps for Privacy and Security, Shortcomings in De-Identification Schemes, April 22, 2015
• "Mobile Apps and Network-Aware Devices: Legal Exposure in the Collection of Data and What to Do About It," AdvaMed Webinar, November 4, 2014
• "Cyber Security Risks that Threaten Corporate Intellectual Property and Client Confidentiality," IP Trademark, Copyright & Licensing Counsel Forum, October 28-29, 2014
• "Financial Services IT – Avoidance of Risks," Information Security Issues, Practising Law Institute, May 21, 2014
• Moderator, "Mobile Apps and Privacy: The Hidden Risks," IP Trademark, Copyright & Licensing Counsel Forum, October 22, 2013
• Moderator, "Compromise and Control at the Perimeter of the Network: Online Trust, Mobile Security and Mitigating Risk in Mergers and Acquisitions," North Virginia Technology Council General Counsel Committee Event, June 7, 2013
• "Mobile Privacy and Security," The Current Regulatory Landscape and New Risk Threat Model, April 16, 2013
• "Mobile Privacy and Monetization: Risks and Opportunities in the Era of Networked Data," L2 Blog Social CRM Clinic, April 4, 2013
• "Privacy and Security in Mobile Apps, the Cloud, and the Internet of Things: The Role of In-House Counsel In Mitigating New Risks," Association of Corporate Counsel, Northeast Chapter, October 3, 2012
• "Mobile Security & Privacy Best Practices," Online Trust Alliance's Forum, October 1-4, 2012
• Presenter, "The Devil Is in the Indemnity Agreements: A Critique of the Certificate Authority Trust Model's Putative Legal Foundation," The Center for Information Technology Policy at Princeton University, December 9, 2010