Heather Egan Sussman

Heather Egan Sussman is Global Co-chair of Orrick’s Cyber, Privacy & Data Innovation practice, and the leader of Orrick’s Boston Office. Her practice focuses on privacy, cybersecurity and information management, and she is ranked by Chambers USA and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she is “generous with her time and endeavors greatly to educate her clients and understand a given client’s risk profile.”

Heather routinely guides clients through the existing patchwork of laws impacting privacy and cybersecurity around the globe.  In the U.S. this includes advising on federal and state laws such as FCRA, ECPA, TCPA, HIPAA, CAN-SPAM, GLBA, California’s Consumer Privacy Act, state breach notification laws, and state data security laws, as well as existing self-regulatory frameworks, including those covering online advertising and payment card processing. Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes.  She drafts online privacy notices for global rollout and implements data transfer mechanisms for the free flow of data worldwide.

Heather also helps clients develop and achieve their data innovation strategies, so they can leverage the incredible value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, meet security needs and solidify brand and consumer trust.

Heather devotes a significant part of her practice to helping clients reduce the risk of privacy and security incidents, and she offers a comprehensive menu of services designed to do just this.  In the event of a privacy or security breach, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries.  Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties.

Heather guides clients through comprehensive privacy and cybersecurity assessments worldwide, vets privacy and security risks in corporate transactions, conducts internal investigations stemming from data incidents, and she drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data.

Her clients come from diverse business sectors, including technology, financial services, retail, consumer products, energy and infrastructure, healthcare and life sciences, manufacturing, food and beverage, media, academic institutions, service industries.

Heather frequently writes on current privacy and information security issues before trade and legal organizations and has been quoted in hundreds of major news outlets, including MSNBC.comABCNews.comThe New York TimesThe Los Angeles TimesBloomberg BusinessWeekThe San Francisco ChronicleWashington TimesHouston Chronicle.