Alissa Lynwood

Alissa counsels clients on various privacy law requirements, including the use of consumer opt-out requirements, privacy due diligence, and general compliance under various state privacy laws and regulations. 

Representative Matters

• Advises privately held corporate clients on various privacy laws and regulations including California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act, Connecticut Data Privacy Act, Colorado Privacy Act, and Utah Consumer Privacy Act. 
• Conducts incident response work for clients experiencing cybersecurity incidents including ransomware attacks and business email compromises and assists clients with regulatory investigations from state and federal regulators. 
• Advises clients on responding to cybersecurity incidents, ranging from small business email compromise incidents to sophisticated, state-sponsored, network intrusions and ransomware attacks.
• Provides data security risk assessments and counsels clients in response to regulatory reporting.
• Advises clients with guidance on federal, state, and international breach notification law requirements, in addition to contractual notification obligations.
• Drafts notification materials, including Communications Playbooks, notification letters, press releases, website, and social media notices.
• Responds to post-breach inquiries, including assisting clients in responding to call center escalations and preparing responses from consumers, regulators, and the media.
• Analyzes complex Excel data files, including notification lists containing more than 50,000 individuals, and develops statutorily compliant notifications letters to consumers.
• Led discussions with law enforcement agencies to assist with identifying a threat actor group responsible for large ransomware attacks.
• Assists with developing client’s global privacy program, including developing policies, due diligence frameworks, and training to comply with various state privacy laws.
• Analyzes employee privacy laws, including state electronic monitoring laws and applicable case laws.
• Conducts tracking technology scans to assist with providing counsel on the use of cookies on websites and apps and analyzes Data Processing Agreements.
• Conducts various website audits to inform compliant privacy policies consistent with various state privacy laws.
• Conducts tracking technology assessments for large healthcare providers and analyzes risks associated with tracking technologies.
• Assists healthcare providers with drafting complaint privacy policies and assessing data collection practices.
• Assists large healthcare providers with the assessment of data collection and storage practices and management of consumer rights requests.

Professional Experience

• Associate, Private law practice (2021-2024)
• Law Clerk, Verizon, Antitrust/Policy Division (2020-2021)
• Legal Policy Intern, Future of Privacy Forum (2020)
• Legal Privacy Intern, Traackr (2020)
• Law Clerk, Federal Trade Commission (FTC), Division of Privacy and Identity Protection (2019-2020)
• Law Clerk, Federal Communications Commission (FCC), Global Strategies and Negotiation Division (2019)

Affiliations

• Federal Communications Bar Association (FCBA)