Privacy and cybersecurity counseling

Wendell has extensive experience guiding clients on compliance with federal privacy laws and guidance, state privacy laws such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Colorado's Consumer Privacy Act (CPA), Connecticut's Data Privacy Act (CTDPA), Utah's Consumer Privacy Act (UCPA) and Virginia's Consumer Data Protection Act (CDPA), as well as the European Union (EU) General Data Protection Regulation (GDPR). He also regularly advises clients on compliance with industry sector-specific laws, international considerations and best practices with respect to processing and securing employee data, marketing campaigns, vendor risk management, machine learning and artificial intelligence (AI), big data, biometric data, employee monitoring, online tracking, credit card and automated clearing house (ACH) payment processing, the Internet of Things (IoT), and the metaverse.

Compliance matters commonly involve implementing and maintaining privacy and data security programs, including drafting internal and external policies and procedures, performing privacy impact assessments, and designing online products and services to reduce legal risk. For example, Wendell counsels clients on considerations for engaging AI-based services vendors, and advises AI developers on product and contracting issues.

Technology and data commercialization strategy and agreements

Wendell also regularly advises clients on various technology and data deals, including data sharing arrangements, system interface/integration agreements, software licensing, software development, cloud services licensing such as software as a service (SaaS), AI services agreements, data protection terms, and outsourcing. He also counsels clients about the potential business and legal risks associated with deal and contract breaches and the related contractual provisions.

The multifaceted nature of his practice is evident, for example, when Wendell advises clients on the implementation of Information Blocking and Interoperability Rules under the 21st Century Cures Act. The rules significantly impact the exchange of patient health information and the development of interoperable technology in health care. Wendell combines his regulatory and transactional experience to advise providers, payers, and technology developers on their product development, regulatory compliance, and commercialization and contracting strategy under these rules.

Security breach preparedness, response, remediation, and follow-on regulatory scrutiny

Wendell routinely helps clients prepare for security incidents by advising on cybersecurity requirements and standards, engaging vendors (including handling privilege issues), drafting and revising incident response plans and playbooks, assisting with communications to senior management including the Board, and participating and leading training and practice exercises. He also handles data breach and cybersecurity incidents from start to finish, which includes managing security incident risk, developing breach notification strategies, communicating with senior management, managing consultants (including forensics), drafting voluntary and legally required notices, and communicating with law enforcement and other government officials. He also regularly assists clients with the communications, mitigation, and remediation strategy of incidents involving vendors. Wendell has had great success advising clients during post-breach regulatory investigations, particularly in responding to detailed data security questions from the Office of Civil Rights within the Department of Health and Human Services.

Wendell’s experience at the intersection of law and technology is critical for providing practical advice to assist organizations with achieving their compliance and commercialization objectives in a business-friendly manner. For example, the combination is particularly important for informing innovative digital health clients’ technology and data strategies within a patchwork regulatory overlay.

Wendell is a Certified Information Privacy Professional/U.S. (CIPP/US) with the International Association of Privacy Professionals (IAPP).