Norton Rose Fulbright US LLP
Related services and key industries
- Information governance, privacy and cybersecurity
- Sourcing and technology
- Tech sector
- Regulation and investigations
- Corporate, M&A and securities
- Environmental, social and governance (ESG)
Key industry sectors
Anna advises clients in the financial services, healthcare, insurance, and technology industries on data protection, privacy, cybersecurity, and governance issues. Anna's expertise encompasses the secure handling of confidential and personally identifiable information, as well as compliance with international, federal and state privacy regulations including GDPR, CCPA, HIPAA, CAN-SPAM, BIPA, and TCPA. She has worked closely with companies to build and mature privacy compliance programs, audit their privacy practices, conduct privacy impact assessments and map the use and processing of personal information. She also provides product counsel to clients on the use of AI, biometric data, and new and emerging technologies.
Anna routinely works with clients on issues related to protecting data during transactions or reorganizations, such as M&A deals and drafting and negotiating tailored privacy and data security contract provisions. She has also advised companies on cross border data issues and the use of data transfer mechanisms.
Anna has significant experience working with clients to identify and remediate potential data security incidents. She works with clients and third parties to contain incidents and their effects, investigate their cause and impact, and deliver public and regulatory communications on behalf of clients. Anna also assists clients with all aspects of breach preparedness, including information security governance and risk management and counseling executives on cybersecurity matters.
As part of her incident response practice, Anna manages cross-border regulatory investigations. In addition, she regularly assists clients respond to requests from regulators following cyber incidents. Anna has successfully defended clients in numerous privacy and cyber-related federal and state investigations, including by the HHS Office for Civil Rights, FTC, and state attorneys general.
Anna spent a year working in the Global Privacy Office of a multinational pharmaceutical company to assist with privacy and legal matters such as developing consent documents, creating internal data handling policies and procedures, and negotiating privacy and security terms with vendors. Prior to joining Norton Rose Fulbright, Anna served as Vice President of Global Privacy at JPMorgan Chase. Anna is a Certified Information Privacy Professional (CIPP/US) and is licensed to practice in New York.
Professional experienceExpand all Collapse all
JD, Graduated with Distinction, Brooklyn Law School, 2013
MA, American Literature, The Graduate Center, City University of New York, 2011
BA, Honors, Political Science and English, McGill University, 2008
- New York State Bar
- "Healthcare Regulatory and Privacy Issues in Reproductive Technologies and Big Data," ABA Health eSource, American Bar Association, October 18, 2018
- Co-author, "Mic Drop: California AG releases long-awaited CCPA Rulemaking," Bloomberg Law, October 16, 2019
- "The Future of Cyber Threats: When Attacks Cause Physical Harm," New York Law Journal, June 1, 2018
- "Cybersecurity of Toll Roads: Are We There Yet?," Law360, Expert Analysis, March 27, 2018
- "Navigating pharma's privacy risks: GDPR and beyond," Pharma Times, March 19, 2018
- "Working party publishes draft of GDPR guidelines for Article 49 (export derogations)," Data Protection Report, March 5, 2018.
- "WP29 brings Binding Corporate Rules in line with the GDPR," Data Protection Report, February 28, 2018.
- "But the Emails - Companies' SEC Filings Reflect Ransomware Risks," Data Protection Report, September 11, 2017.
- "US Senators Introduce IoT Cybersecurity Bill," Data Protection Report, August 3, 2017.
- "US Coast Guard Releases Draft Cybersecurity Guidelines," Data Protection Report, July 26, 2017.
- "US Government Contractors Now Required to Train Employees on Privacy" Data Protection Report, February 23, 2017.
- "FDA Issues Final Guidance on Postmarket Medical Device Cybersecurity," Data Protection Report, January 5, 2017.
- "US Commission on Enhancing National Cybersecurity: Action Plan for the President-Elect," Data Protection Report, December 14, 2016.
- "EMA Issues Guidance on Anonymization in Clinical Trials," Data Protection Report, November 14, 2016.
- "HHS Update: Looking Toward Audits and Increased Enforcement" Data Protection Report, September 8, 2016.
- "Your Money or Your PHI: New Guidance on Ransomware," Data Protection Report, July 14, 2016.
- International Association of Privacy Professionals
For whom the bell tolls: FTC, regulators and private parties are coming for online tracking technologies
Blog | February 09, 2023
2023 Annual Litigation Trends Survey
Publication | January 18, 2023
2023 Annual Litigation Trends Survey | Class actions
Publication | January 18, 2023