Boris Segalis is a US co-chair of Norton Rose Fulbright's Data Protection, Privacy & Cybersecurity practice group. He edits the practice's data protection blog, DataProtectionReport.com.
Boris counsels clients regarding a broad range of privacy, information security, cybersecurity and information management issues. The practice addresses all aspects of information management lifecycle, including its collection, use, storage, disclosure and destruction, as well as the protection of the information and the infrastructure supporting the data.
Boris advises clients on information law issues that arise in the context of data-based products and services, big data programs, smart grid operations, marketing and advertising, corporate transactions (including M&A and bankruptcy), state and federal investigations and regulatory actions, cross-border data transfer, vendor management, cloud computing, technology transactions, incident and breach response and pre-response planning. Boris represents clients in a variety of industries, ranging from start-ups to Fortune 100 companies. His clients include companies in the consumer products and services areas, online retailers and media companies, pharmaceutical companies, utilities, travel-related businesses, B2B technology providers, payment processing businesses, and non-profit organizations.
Prior to joining Norton Rose Fulbright, Boris practiced at two national firms, and subsequently joined InfoLawGroup LLP, a boutique national law firm focusing on information technology, privacy, and data security. As one of the core partners at the firm, Boris helped develop InfoLawGroup into one of the leading privacy and data security practices in the United States, recognized by Chambers USA in 2013 and 2014. From 2014 to present, Boris has been individually recognized by Chambers USA as a Ranked Lawyer in the Nationwide, Privacy & Data Security category. Boris began his professional career in the aerospace industry, where he worked as an engineer on the Space Shuttle and other space programs.
Boris is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.
Boris advises clients on a variety of privacy, data protection and cybersecurity legal requirements and self-regulatory guidance and programs, such as:
- Tile V of GLBA, and the banking, insurance and FTC regulations implementing the GLBA's privacy and security requirements, including the interagency guidance on breach response
- FCRA, as amended by FACTA, and FTC and banking regulations implementing the law, including the Disposal Rule and the Red Flags Rule
- State breach notification laws and information security laws
- State financial privacy laws, including in California and Vermont
- NIST privacy and cybersecurity guidance, including NIST 800-53, 800-122, and the Cyber Security Framework
- The PCI-DSS payment card industry standards
- Cross-border data transfer requirements, including the U.S.-EU and U.S.-Swiss Safe Harbor frameworks for the transfer of personal data from Europe to the U.S., model clauses and BCRs
- HIPAA and HITECH privacy and data security requirements, including HHS regulations, and state health information privacy laws, including in Texas and California
- FERPA educational privacy and data security requirements, and analogous state requirements
- Federal guidance and public utility commission regulations governing the confidentiality and security of energy usage data, including requirements in California, Colorado, Minnesota, Texas and other states
- The Privacy Act and FISMA requirements applicable to federal government agencies and federal contractors
- NLRB guidance on employee use of social media, and state employee privacy requirements
- CalOPPA online privacy disclosure requirements for websites, mobile apps and other Internet services
- COPPA requirements governing children's privacy
- TCPA, including FTC and FCC requirements governing mobile marketing, and equivalent state requirements
- Mobile carrier rules for mobile marketing
- CAN-SPAM email marketing requirements
- FTC guidance on behavioral advertising and endorsements
- IAB behavioral advertising principles and the MMA code of conduct for mobile marketing