Tim is a member of Reed Smith's Data Security, Privacy & Management practice group. His most recent experience is as in house counsel with a global financial services firm where he supported security, privacy and technology executives. Additionally, with a broad background in security and privacy across government and industry, Tim can support clients in the areas of government contracts, financial services, energy and health care regulatory matters.
- Tim has drafted and implemented security and privacy policies and practices that comply with the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA) and its Red Flags Rules, the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI-DSS), and the Federal Information Security Management Act (FISMA).
- As a member of a corporate data breach response team, he participated in all aspects of a breach including event identification, forensic evaluation, initial response, coordination with external agencies and regulators, and making notifications required by federal and state guidance.
- As principal legal counsel for the global Chief Information Security Officer, Tim advised on issues involving network security and monitoring, use of authentication and encryption, phishing, and developing issues such as use of social media, mobile device management, response to hacktivist incidents and emergence of the advanced persistent threat.
- As counsel for a global security executive, he advised on the use of biometric devices for access to facilities, identification and response to global fraud rings, coordination with law enforcement, and background screening of employees.
- He has advised government and private sector network penetration testing teams on appropriate practices, use of social engineering, and code evaluation of operating systems and applications.
- He has drafted and negotiated security, privacy and business continuity terms of vendor agreements, and acquisition, divestiture, and joint venture formation documents.
- As counsel to a Chief Data Officer, he has advised on the appropriate collection, use, dissemination and quantitative analysis of large datasets for marketing, risk calculation and monetization purposes.
- As chair of the National Security Telecommunications Advisory Committee’s Legislative and Regulatory Task Force, and as a bank representative to the Financial Services Sector Coordinating Council, he has been involved in public/private partnership discussions including security standards and assessments, exchange of threat information, and coordination in actual events.