Shannon Yavorsky

Partner

San Francisco


Read full biography at www.orrick.com

Shannon K. Yavorsky is a leading authority on U.S. and European data privacy and security issues. She is uniquely qualified in California, England and Wales and Ireland, bringing a deep understanding of the increasingly complex global privacy and data security regulatory landscape.

Shannon routinely advises clients on a broad range of U.S. and European data privacy and cybersecurity issues. She advises on emerging issues surrounding the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR) and the e-Privacy Directive. Shannon helps clients undertake comprehensive privacy and cybersecurity assessments worldwide, evaluate privacy and security risks in corporate transactions, and draft and negotiate contracts concerning data-related vendors and arrangements. She also advises and represents clients on cross-border data transfers, data breaches and developing global privacy compliance programs. She has significant experience with model contract clauses, privacy policies, website terms and conditions, data processing agreements, and self-certifying to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

In addition to the GDPR and CCPA, Shannon advises on an array of privacy and security laws and regulations, including the FCRA, ECPA, TCPA, HIPAA, CAN-SPAM, GLBA, state breach notification laws, and self-regulatory frameworks, including those covering online advertising and payment card processing. 

Shannon’s clients are multinational clients across diverse industry sectors, with an emphasis on technology, financial services, retail, staffing, advertising, healthcare, and automotive.

Posts by: Shannon Yavorsky

California AG Releases More Modifications to CCPA Regulations

On March 11, 2020, the California Attorney General, Xavier Becerra, (“California AG”) released a second set of modifications to the proposed regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). These recent modifications reflect some minor changes and clarifications from the first set of modifications to the proposed regulations (published on February 10, 2020).[1]

READ MORE

COVID-19 Impacts Cyber Vulnerability

On March 10, Orrick lawyers Shannon Yavorsky, Rebecca Harlow, Brett Cooper and Julie Totten recorded a discussion about COVID-19 operational issues associated with managing employees and businesses, including covering the topic of cyber vulnerability. The conversation shares insights into how COVID-19 is creating increased cybersecurity and privacy risks as companies prepare for the spread of the virus and are forced to adapt to a new way of doing business. This video is a segment from a one-hour CLE program entitled “The Early Legal Impact of COVID-19.” To view our video and the full length CLE click here. READ MORE

Guidance from E.U. Supervisory Authorities on Data Processing in a Time of COVID-19

The European Data Protection Board (EDPB) and a number of European data protection supervisory authorities have recently issued guidance on processing personal data, including special categories of personal data (i.e., health data), in connection with COVID-19. While the General Data Protection Regulation (“GDPR”) generally harmonizes data protection laws across Europe, E.U. Member States may derogate from the law in certain circumstances, including in matters of “public interest.” It is therefore critical for companies to keep abreast of the latest guidance issued by supervisory authorities in jurisdictions relevant to their businesses to ensure they comply with any local law guidance. READ MORE