Practice Expertise

  • Cloud Computing
  • Consumer Products
  • Crisis Management
  • Corporate

Areas of Practice

  • Cloud Computing
  • Consumer Products
  • Corporate
  • Crisis Management
  • AI, Metaverse, and Emerging Technologies
  • Cybersecurity Incidents
  • Data Breach
  • Energy Sector Security Team
  • European Data Protection and Privacy
  • FinTech
  • Global Privacy and Cybersecurity
  • Information Technology
  • Marketplace Lending and FinTech
  • National Security
  • Privacy and Cybersecurity
  • Privacy and Data Security
  • Records Management
  • Retail
  • Sustainability and Corporate Clean Power
  • View More

Profile

Aaron advises clients on a broad range of complex global privacy, data protection and cybersecurity matters, including with respect to existing and emerging requirements in the US and EU.

As a leader on the firm’s global privacy team, Aaron’s work includes advising clients on large-scale cybersecurity incidents; conducting diligence and negotiating privacy and data security aspects of corporate transactions; developing of cross-border data transfer solutions; developing local, regional and international privacy and data protection compliance programs with existing and emerging data protection requirements in Europe and the US; and negotiating data-driven commercial agreements.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, The Legal 500 and Computerworld for his work on behalf of clients. Aaron splits his time between the firm’s New York and London offices, and is the only lawyer currently listed in both The Legal 500 United Kingdom and The Legal 500 United States guides, providing clients with a broad and unique transatlantic perspective. He is a sought-after media resource on privacy issues and has been quoted in such publications as Time Magazine, Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine and The Times. Aaron regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Relevant Experience

  • Advises clients with due diligence and negotiation of privacy and data security issues in corporate transactions.
  • Advises clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
  • Advises clients on all legal issues associated with cybersecurity events pursuant to requirements imposed by laws and regulatory guidance in the European Union and the United States.
  • Prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises.
  • Advises clients on international data protection requirements, including the EU General Data Protection Regulation and developing mechanisms to comply with cross-border data transfer requirements (such as through BCRs, the Privacy Shield and Standard Contractual Clauses).

Bar Admissions

  • New York

Education
BA, The University of Texas, High Honors, 1997

Areas of Practice

  • Cloud Computing
  • Consumer Products
  • Corporate
  • Crisis Management
  • AI, Metaverse, and Emerging Technologies
  • Cybersecurity Incidents
  • Data Breach
  • Energy Sector Security Team
  • European Data Protection and Privacy
  • FinTech
  • Global Privacy and Cybersecurity
  • Information Technology
  • Marketplace Lending and FinTech
  • National Security
  • Privacy and Cybersecurity
  • Privacy and Data Security
  • Records Management
  • Retail
  • Sustainability and Corporate Clean Power

Professional Career

Significant Accomplishments
  • Advises clients with respect to U.S. and international privacy and information security requirements, including GLB, HIPAA, CAN-SPAM, COPPA, state information security laws, the PCI Data Security Standard, and EU Directives governing general data protection, e-commerce and data retention.
  • Advises clients on all legal issues associated with information security breach events pursuant to requirements imposed by state law, the HITECH Act, Interagency Guidance and international law.
  • Advises clients on international data protection issues, including developing mechanisms to comply with data transfer requirements.
  • Prepares online and offline privacy and information security policies, procedures and notices for clients.
  • Assists clients with the development of full-scale records management programs, including records-retention schedules.


Professional Associations
  • Member, Board of Editors, Pratt’s Privacy & Cybersecurity Law Report
  • Member, Section of Antitrust Law–Privacy and Information Security Committee, American Bar Association
  • Member, Association of the Bar of the City of New York
  • Former Member, Information Technology Law Committee

Professional Activities and Experience
  • Listed for Cyber Law (2016) and for Data Protection and Privacy, Legal 500 United States, 2009-2016
  • Recognized as a Leader for Telecommunications, Media and Technology Law, Who’s Who Legal, 2017
  • Recognized as Up and Coming in Privacy & Data Security, National, Chambers USA, 2013
  • Named among the Best Privacy Advisers, Computerworld magazine, 2008
  • Selected as a Super Lawyer, New York Super Lawyers, 2015. Also selected as a Rising Star, New York Super Lawyers, 2011-2014. A description of the selection methodology can be found on Super Lawyers’ webpage.


Articles

Additional Articles
  • Data Security Handbook, ABA Section of Antitrust Law, Data Security Handbook
  • Complying with Breach Notification Obligations in a Global Setting: A Legal Perspective, The Guide to Cyber Investigations, Global Investigations Review, Edition 1
  • Data Protection & Privacy 2015, The Future of Safe Harbor, Getting the Deal Through
  • Data Protection & Privacy 2017, Safe Harbor and the Privacy Shield and United States Chapters, Getting the Deal Through
  • Cybersecurity and Data Breach, Bloomberg BNA Privacy & Data Security Portfolio Series
  • Data Protection & Privacy 2022, United Kingdom, Getting the Deal Through
  • Data Protection & Privacy 2022, Privacy Shield, Getting the Deal Through
  • Data Protection & Privacy 2023, EU Overview, Getting the Deal Through
  • Data Protection & Privacy 2016, The Future of Safe Harbor, Getting the Deal Through
  • European Commission Presents EU-U.S. Privacy Shield, Pratt’s Privacy & Cybersecurity Law Report
  • USA, The International Comparative Legal Guide to Data protection 2017
  • USA, The International Comparative Legal Guide to: Data Protection 2016, 3rd Edition
  • The Journey to GDPR: Compliance Did Not End on 25 May, Lawyer Monthly
  • Data Protection & Privacy 2019, Belgium, Getting the Deal Through
  • Data Protection & Privacy 2020, Overview, Getting the Deal Through
  • Do We Need a Data Protection Officer? (Flowchart), Thomas Reuters Practical Law
  • Data Protection & Privacy 2015, United States, Getting the Deal Through
  • Data Protection & Privacy 2020, Introduction, Getting the Deal Through
  • Data Protection & Privacy 2021, United Kingdom, Getting the Deal Through
  • USA Data Protection 2015, ICLG
  • Data Protection & Privacy 2023, United Kingdom, Getting the Deal Through
  • Data Protection & Privacy 2022, Introduction, Getting the Deal Through
  • Data Protection & Privacy 2022, United States, Getting the Deal Through
  • Data Protection & Privacy 2018, Safe Harbor and the Privacy Shield, United States, and United Kingdom Chapters, Getting the Deal Through
  • Dealmakers Ignore Cyber Risks at Their Own Peril, Pratt’s Privacy & Cybersecurity Law Report
  • Chapter 36: USA, The International Comparative Legal Guide to: Data Protection 2017, 4th Edition
  • California Consumer Privacy Act and Its Impact on M&A Transactions, Deal Lawyers
  • Data Protection & Privacy 2019, EU Overview, Getting the Deal Through
  • Data Protection & Privacy 2019, Introduction, Getting the Deal Through
  • White House Proposes Cybersecurity Legislation, Bloomberg Technology Law Reporter
  • Data Protection & Privacy 2021, Introduction, Getting the Deal Through
  • Data Protection & Privacy 2021, Privacy Shield, Getting the Deal Through
  • Data Protection & Privacy 2023, USA, Getting the Deal Through
  • Accountability in Cybersecurity and Privacy: Keeping Your Name Out of the Headlines, Retail Industry 2022 Year in Review
  • Data Protection & Privacy 2019, United Kingdom, Getting the Deal Through
  • The UK’s commitment to the GDPR, ITProPortal
  • Data Protection & Privacy 2020, Getting the Deal Through
  • In Confronting Cyberattacks, Preparation is Key, Digital Transactions
  • Privacy and Data Security Law Deskbook, Aspen Publishers
  • European Union Data Protection, Chapter 11 in West’s Data Security and Privacy Law: Combating Cyberthreats
  • International: EU-US cross-border data transfers, OneTrust DataGuidance
  • Data Protection & Privacy 2022, EU Overview, Getting the Deal Through
  • Emerging Legal Issues in Managing Cyber Risk for Pipelines, Pipeline & Gas Journal
  • Data Protection & Privacy 2014, United States, Getting the Deal Through
  • Emerging Privacy Issues in Bankruptcy, New York Law Journal
  • The Stimulus Package and Health Privacy Breaches, Lawdragon
  • Data Protection & Privacy 2020, United States, Getting the Deal Through
  • Data Protection & Privacy 2019, The Privacy Shield, Getting the Deal Through
  • Data Protection & Privacy 2020, United Kingdom, Getting the Deal Through
  • Data Protection & Privacy 2020, The Privacy Shield, Getting the Deal Through
  • The Privacy Shield Gets the Green Light from the European Union, Bloomberg BNA World Data Protection Report
  • Data Protection & Privacy 2021, EU Overview, Getting the Deal Through
  • Data Protection & Privacy 2021, United States, Getting the Deal Through
  • Data Breach Resource Center
  • Privacy Shield Redux: Looking Ahead to a New EU-U.S. Data Transfer Framework, CPO Magazine
  • Comment: Data Protection Outlook for 2011: A Global Discussion, Data Protection Law & Policy
  • 2020 Retail Industry Year in Review
  • The Shifting Sands of Data Protection and Resulting Privacy Pitfalls, State Bar of Texas – 10th Annual Advanced In-House Counsel Course
  • HITECH Breaches: A How-To Guide, BNA’s Health Law Reporter and Privacy & Security Law Report
  • Data Protection & Privacy 2016, United States, Getting the Deal Through
  • Surviving an FTC Investigation After a Data Breach, New York Law Journal
  • Preservation and Monitoring of Corporate Messaging, New York Law Journal
  • Virginia and Colorado Add to the Evolving US Privacy Landscape, Retail Industry 2021 Year in Review
  • Privacy and Data Security in ESG, Corporate Counsel
  • How the EU Digital Markets Act Affects GDPR, Lawyer Monthly
  • USA: SB 3300 and omnibus federal data protection efforts, DataGuidance
  • Data Protection & Privacy 2019, United States, Getting the Deal Through
  • California Consumer Privacy Act and Its Impact, Los Angeles Business Journal
  • Data Protection & Privacy 2023, Introduction, Getting the Deal Through
  • California Consumer Privacy Act: A Sea of Change for Retailers, Chain Store Age
  • Best Practices for Data Privacy and Security in the HR Space, Practical Law Practice Note
  • EU Digital Markets Act: Key Aspects and Lingering Questions, CPO Magazine
  • Board Oversight of Privacy and Cybersecurity Risk: Why Delaware Developments Matter, The Computer & Internet Lawyer
  • U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea, The Banking Law Journal

Meet our Firms and Professionals

WSG’s member firms include legal, investment banking and accounting experts across industries and on a global scale. We invite you to meet our member firms and professionals.