Andrew L. Hoffman
As an associate in Norton Rose Fulbright's New York office, Andrew L. Hoffman advises companies on the legal requirements and best practices for the collection, use, and protection of personal information and confidential corporate information. In addition, Andrew counsels clients on sourcing and technology transactions in the financial, technology, life sciences, and energy industries. Recently, Andrew completed a nine-month secondment at a global financial services company, where he advised on the implementation of Privacy by Design principles, drafted privacy provisions for incorporation into form agreements, and negotiated technology vendor agreements.
Prior to joining Norton Rose Fulbright, Andrew worked at an international law firm and a highly-regarded boutique national law firm focusing on information technology, privacy, and data security. He has experience handling a variety of commercial and fiduciary litigation matters at both the trial and appellate levels. Previously, he clerked at the Florida Fourth District Court of Appeal.
Andrew holds the Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Manager (CIPM) credentials from the International Association of Privacy Professionals. He is licensed to practice in New York and Florida and before the United States Court of Appeals Eleventh Circuit and all Florida U.S. District Courts.
JD, cum laude, University of Florida Levin College of Law, 2009
BA, summa cum laude, English, University of Florida, 2006
BS, cum laude, Psychology, University of Florida, 2006
While in law school, Andrew won three best brief awards in appellate advocacy competitions as a member of the Florida Moot Court Team and was a research assistant to Professor and Dean Emeritus Jon L. Mills, who wrote on matters of privacy law and policy. He was also the research editor for the Florida Journal of International Law. In addition, he interned for U.S. District Judge Steven D. Merryday of the Middle District of Florida.
- Advising on the implementation of Privacy by Design in connection with websites and mobile apps.
- Counseling regarding compliance with privacy and consumer protection statutes and regulations (including TCPA, GLBA, HIPAA, Do-Not-Call Rule, and the California Song-Beverly Credit Card Act and similar state laws).
- Developing strategies to comply with cross-border data transfer requirements, such as the transfer of data from Europe to the United States.
- Developing data use agreements for companies in the life sciences and financial services industries.
- Drafting employee-facing agreements and policies (including Bring Your Own Device (BYOD) policies, and policies regarding physical searches, telephone monitoring, and employer data collection and retention of information).
- Counseling corporate clients in response to data security breaches.
- Developing a form product agreement for a financial services company sharing financial transaction data with business partners.
- Reviewing websites and mobile apps for compliance with privacy, security, and consumer protection laws and regulations.
- Representing corporate clients in privacy & consumer protection litigation and government investigations (including defense of TCPA claims and suit over disclosure of health information).
- Representing financial institutions, large US and multi-national corporations, and ultra high-net worth clients in trial- and appellate-level commercial disputes and adversarial estate and trust matters.
- Florida State Bar License
- New York State Bar License
Rankings and recognitions
- Florida Bar One Client One Attorney One Promise Pro Bono Award, The Florida Bar Foundation, 2012
- Empire State Counsel Gold Supporter Award Honoree, New York State Bar Association, 2011
- Managing Editor & Contributor, The Data Protection Report
- Co-Author, "Civil litigation risks following data breaches," Financier Worldwide, June 2015
- Co-Author, "Legal Considerations for Electronic Health Records," Journal of the California Dental Association, May 2015
- Author, "2 Years of Clapper: Takeaways From 12 Data Breach Cases," Law360, Feb. 25, 2015
- Author, "Where Point-Of-Sale Data Collection Litigation Is Headed," Law360, March 5, 2014, updated and republished at The PointofSale News, August 1, 2014
- Co-Author, "Stored Communications Act ruling muddles business online data privacy," SearchSecurity, January 2013
- Co-Author, "Companies Must Consider Travel Providers' Data Practices or Risk Being Harmed," InfoSec Island, Nov. 4, 2012
- Co-Author, "Acai Of Relief?: Lessons From FTC Acai Settlements," Law360, April 11, 2012
- Author, "Emerging Electronic Receipt Option Requires Creative Thinking for Retailers under State Law," Cyberspace Lawyer, November 2011
- Author, "Why Google Got Buzzed By the FTC," Law360, April 26, 2011
- Author, "Case Study: Penzer v. Transportation Insurance," Law360, March 5, 2010
- Co-Author, "Psychology in the Study of Physical Security," Journal of Physical Security, 2007
- Panelist, Privacy, Private Business and the Media in the Age of Drones, Body Cams and Hidden Cameras, The Florida Bar Media Law Conference, Orlando, Florida, June 17, 2016
- Guest Lecturer, An Overview of U.S. Information Security Legal Issues, Post-Graduate Course: Legal Aspects of Information Security in the Corporate Environment, Prof. Renato Opice Blum, University of Sao Paulo School of Engineering [Escola Politecnica da Universidade de Sao Paulo], Sao Paulo, Brazil, March 19, 2015
- Guest Lecturer, An Introduction to Information Security Legal Issues in the United States, Post-Graduate Course: Legal Aspects of Information Security in the Corporate Environment, Prof. Renato Opice Blum, University of Sao Paulo School of Engineering [Escola Politecnica da Universidade de Sao Paulo], Sao Paulo, Brazil, April 3, 2014
- Guest Lecturer, Enforcement of Privacy Rights in the United States, Post-Graduate Course in Civil Procedure, Prof. Marcelo Negri Soares, Universidade Nove de Julho (UNINOVE), Sao Paulo, Brazil, August 19, 2013
- Speaker, Guidance from the California Attorney General's Data Breach Report, State Bar of California Cyberspace Law Committee (Business Law Section), Teleconference, August 13, 2013
- Co-Speaker, October 2012 Privacy & Information Security Update, American Bar Association (ABA) Privacy & Information Security Committee (Section of Antitrust Law), Teleconference, November 6, 2012
- Speaker, US Privacy and Data Security Law: A Brief Introduction, AMCHAM Brasil, The Evolution of Digital Rights and Privacy in Europe, USA and Brazil, Sao Paulo, Brazil, October 5, 2012
Memberships and activities
- Certified Information Privacy Professional (CIPP/US), International Association of Privacy Professionals
- New York City Bar Association
- Florida Bar
- Media & Communications Law Committee, 2013-2014
- Judicial Administration & Evaluation Committee, 2010-2013
- Appellate Practice Section, 2009-2015