Heather Sussman

Partner

Boston


Read full biography at www.orrick.com

Heather Egan Sussman is Global Co-chair of Orrick’s Cyber, Privacy & Data Innovation practice, and the leader of Orrick’s Boston Office. Her practice focuses on privacy, cybersecurity and information management, and she is ranked by Chambers USA and The Legal 500 United States as a leader in her field. Chambers explains companies turn to Heather because she is “generous with her time and endeavors greatly to educate her clients and understand a given client’s risk profile."

Heather routinely guides clients through the existing patchwork of laws impacting privacy and cybersecurity around the globe.  In the U.S. this includes advising on federal and state laws such as FCRA, ECPA, TCPA, HIPAA, CAN-SPAM, GLBA, California’s Consumer Privacy Act, state breach notification laws, and state data security laws, as well as existing self-regulatory frameworks, including those covering online advertising and payment card processing. Outside of the U.S., she manages teams of talented counsel around the world to deliver seamless advice for clients that operate across many jurisdictional lines, developing comprehensive privacy and cybersecurity programs that address competing regulatory regimes.  She drafts online privacy notices for global rollout and implements data transfer mechanisms for the free flow of data worldwide.

Heather also helps clients develop and achieve their data innovation strategies, so they can leverage the incredible value of data and digital technologies in ways that not only meet compliance obligations, but also support innovation, deliver value to the business, meet security needs and solidify brand and consumer trust.

Heather devotes a significant part of her practice to helping clients reduce the risk of privacy and security incidents, and she offers a comprehensive menu of services designed to do just this.  In the event of a privacy or security breach, she helps companies respond, successfully guiding them through investigation, remediation, notification and any ensuing government inquiries.  Companies routinely rely on her to manage their response to catastrophes, investigations and government probes involving conduct by employees, contractors and third parties.

Heather guides clients through comprehensive privacy and cybersecurity assessments worldwide, vets privacy and security risks in corporate transactions, conducts internal investigations stemming from data incidents, and she drafts and negotiates contracts concerning data-related vendors and arrangements. She regularly counsels businesses on how to mitigate risks associated with the collection, use, retention, disclosure, transfer and disposal of personal data.

Her clients come from diverse business sectors, including technology, financial services, retail, consumer products, energy and infrastructure, healthcare and life sciences, manufacturing, food and beverage, media, academic institutions, service industries.

Heather frequently writes on current privacy and information security issues before trade and legal organizations and has been quoted in hundreds of major news outlets, including MSNBC.comABCNews.comThe New York TimesThe Los Angeles TimesBloomberg BusinessWeekThe San Francisco ChronicleWashington TimesHouston Chronicle.

Posts by: Heather Egan Sussman

California Governor Signs CCPA and Breach Notification Statute Amendments into Law

With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would clarify ambiguities and address discrepancies underlying the prominent privacy statute. On October 11, 2019, six CCPA amendments were signed into law by the California Governor, as well as an amendment to the state’s breach notification statute. The rest of the CCPA amendments have either failed or will have to wait until next year for further consideration.

READ MORE

Up for Interpretation: Proposed CCPA AG Regulations Open for Public Comment

On October 10, 2019, the California Attorney General added to the complexity of the California Consumer Privacy Act of 2018 (“CCPA”) by releasing long-awaited proposed regulations that provide guidance on various elements of the CCPA. The text of the proposed regulations is available here and the California Attorney General has made other documents and information relating to the proposed regulations available here. The comment period for the proposed regulations will close on December 6, 2019. Interested parties may review and provide written comments addressing the proposed regulations prior to that date or attend one of four scheduled public hearings on the proposed regulations to be held on December 2-5, 2019. READ MORE

Orrick Webinar: Last-Minute Amendments – Changes to California’s New Privacy Law Ahead of the Effective Date

Please join Heather Sussman, Emily Tabatabai, and Nick Farnsworth for the Cyber, Privacy & Data Innovation practice’s webinar “Last-Minute Amendments- Changes to California’s New Privacy Law Ahead of the Effective Date.”

READ MORE

Orrick Webinar: Spotlight on Fintech – How the New California and Nevada Privacy Laws Will Impact Data in Fintech

Webinar | July 30.2019

Download Powerpoint Presentation

Please join Heather Sussman, Barrie VanBrackle and David Curtis for the Cyber, Privacy & Data Innovation practice’s webinar “Spotlight on Fintech – How the New California and Nevada Privacy Laws Will Impact Data in Fintech.”

READ MORE

State Legislatures Continue to Update Breach Notification Laws

While the California Consumer Privacy Act (“CCPA”) has inspired many states to consider their own consumer privacy bills, including Nevada which recently enacted a new law, not to be lost in the CCPA-focused frenzy is the fact that states continue to revise their data breach notification statutes. In recent weeks, the new Massachusetts breach notification amendment has gone into effect, New Jersey, Maryland, Oregon, Texas, and Washington have enacted their own breach notification amendments, and Illinois has proposed a bill that is poised to become law in the near term. READ MORE

Orrick Webinar: New U.S. Privacy Laws – What Companies Need to Know

Webinar (recording available) | June.25.2019

Click to Play

Download Powerpoint Presentation

Please join Heather Sussman and Matthew Coleman for the Cyber, Privacy & Data Innovation practice’s webinar “California’s and Nevada’s New Privacy Laws – What Companies Need to Know.”

California was the first U.S. state to enact a sweeping new privacy law, known as the CCPA, with an effective date of January 2020. Nevada has now enacted a scaled-down version of the CCPA that is slated to take effect even sooner – as early as October 2019.
READ MORE

2019 IAPP Global Privacy Summit: Lessons from GDPR, Plans for CCPA and the Future of U.S. Privacy Law

At the beginning of this month, more than 4,000 privacy professionals from around the globe gathered in Washington, D.C. for the International Association of Privacy Professionals’ Global Privacy Summit 2019. The conference focused on lessons learned from the first year of GDPR enforcement in Europe, the expansion of European-style rights to more jurisdictions around the world, plans for addressing new obligations imposed by the CCPA in California, and the future of privacy law in the United States including whether federal legislature is likely or desired – especially in light of the CCPA and similar proposed legislation in states throughout the nation. READ MORE

Orrick Launches Automated Tool to Assess Readiness for California Consumer Privacy Act

Today, Orrick announced the launch of our automated CCPA Readiness Assessment Tool which helps businesses globally determine whether they are covered by the California Consumer Privacy Act (CCPA) and, if yes, their readiness to comply with the new law that is revolutionizing the United States privacy landscape. This free tool is available to all organizations and takes 10-30 minutes to complete.  It segments the CCPA into five workable themes and guides users through a series of dynamic questions relating to each theme. Upon completion of the questionnaire, the tool provides a free and comprehensive readiness assessment tailored to the business’s unique positioning and individual needs.

READ MORE

State Legislators Joining the Consumer Privacy Protection Party: Introduced CCPA-Like Bills

In 2018, the California legislature made headlines with its game-changing data protection law: the California Consumer Privacy Act of 2018. Other state legislators across the country appear to be hot on its heels as a flurry of CCPA-like bills have been introduced across the United States. While it is too early to predict which of these bills, if any, will be enacted, this increased focus on privacy in the state legislatures is clearly a sign that the privacy landscape—and consequent compliance challenges for companies—is going to get more complicated. READ MORE