Privacy and AI compliance
As a Certified Information Privacy Professional (CIPP/US), LB provides end-to-end privacy counsel across the full spectrum of U.S. and global privacy regimes, including the California Consumer Privacy Act (CCPA) as well as the evolving state privacy laws, Biometric Information Privacy Act (BIPA), Children’s Online Privacy Protection Act (COPPA),Telephone Consumer Protection Act (TCPA), CAN-SPAM, and General Data Protection Regulation (GDPR). His work includes drafting and updating privacy policies and terms of use, developing consent frameworks, structuring data governance programs, negotiating and drafting data protection agreements and vendor contracts, and advising on automated decision-making technology (ADMT) and AI-specific compliance obligations. LB is particularly well-versed in the privacy-AI intersection – advising clients on AI governance frameworks, building enterprise AI policy and risk tier structures, conducting privacy impact assessments for AI deployments, and ensuring compliance with section 5 of the FTC Act and emerging state laws governing high-risk and consequential uses of machine learning models, generative AI, and LLMs.
Cybersecurity, data breaches, and incident response
LB has led multi-jurisdictional data breach responses for a variety of organizations across sectors, handling breach analysis, regulatory notification obligations, cross-border compliance, and sensitive client communications. He advises clients on incident preparedness, written information security programs, and cybersecurity risk mitigation strategies, including vendor security requirements and contractual protections.
Mergers and acquisitions: privacy and cybersecurity coverage
LB brings deep experience in transactional privacy diligence, having guided privacy-related due diligence and risk assessment in several M&A transactions. He advises both acquirers and targets on data flow audits, regulatory risk exposure, and post-closing compliance integration, working closely with M&A deal counsel to identify and mitigate privacy and cybersecurity risks in complex, high-value transactions.
CIPA compliance and privacy litigation
LB has extensive experience in California Invasion of Privacy Act (CIPA) matters and other anti-wiretap claims, including pre-suit demand response, litigation strategy, and settlement negotiations. He developed a Ninth Circuit CIPA litigation playbook, has secured favorable settlements in multiple trap-and-trace and wiretap disputes, and advises clients on proactive compliance measures to minimize exposure to the growing wave of CIPA class actions.
Fintech, advertising, and technology transactions
LB advises financial institutions and fintech companies on privacy compliance within digital personal finance ecosystems, including data flows governed by the FCRA, consent management in credit reporting contexts, and risk mitigation strategies related to the use of consumer financial data on third-party platforms. He also supports diverse consumer brands and agencies in advertising and marketing matters, including digital advertising transactions, agency-advertiser agreements, consumer loyalty and incentive programs, gift cards, sweepstakes, and promotional campaigns. His technology transactions experience spans technology vendor agreements, SaaS contracts, data processing addenda, and complex commercial agreements for clients across the technology, consumer products, media, and life sciences sectors.
Thought leadership
LB is a frequent speaker on AI and privacy law, having presented at CLEs and industry panels on generative AI governance, responsible AI deployment, AI contracting, CIPA developments, CCPA enforcement trends, and ADMT compliance. He has also co-authored multiple thought leadership pieces on CIPA developments, including for the Washington Legal Foundation.
