Utah Poised to Enact Consumer Privacy Law

Cathy Lee focuses her practice on privacy and cybersecurity matters, including compliance and GDPR related matters. Cathy’s experience encompasses, working with digital advertising companies to confirm compliance policies with the digital advertising ecosystem, as well as drafting training materials on the comprehensive data privacy laws globally including in Australia, Georgia, Hong Kong, Moldova, Montenegro, South Korea, Turkey and New Zealand. During law school, Cathy was editor-in-chief for the American Intellectual Property Law Association Quarterly Journal.

Austin Mooney focuses his practice on global privacy, cybersecurity and emerging technologies. He helps clients in a variety of industries understand and manage risks relating to the collection, use and storage of personal and other sensitive information. In his privacy practice, Austin advises clients on implementing global compliance programs designed to navigate the evolving legal landscape around data privacy, including the Federal Trade Commission (FTC) Act, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other emerging US state consumer privacy laws. He is experienced in consumer privacy litigation and investigations, privacy contract drafting and negotiation, cross-border data transfers and compliance issues with federal surveillance law including the Foreign Intelligence Surveillance Act (FISA). Austin also advises on cybersecurity matters, including conducting enterprise security assessments under privilege, drafting and negotiating vendor contracts, compliance with federal and state security laws and data breach response and remediation. Austin regularly speaks and writes on technology law topics. He has featured in Ars Technica, JD Supra, National Law Review, Lexology and ACC Docket. He has represented clients ranging from startups to Fortune 500 companies, including in the professional services, technology, healthcare, life sciences, finance, retail, entertainment and e-commerce sectors. He advises on risks relating to emerging technologies including autonomous vehicles, blockchain/cryptocurrencies, Internet of Things (IoT) devices, encryption and encrypted messaging, artificial intelligence, biometrics and advertising technology. He has also advised on privacy and security risks arising from large M&A transactions. Before McDermott, Austin served as a law clerk for the US Senate Judiciary Committee, where he worked on Supreme Court and Attorney General nominations, executive branch oversight and investigations, FISA reform and other legislative initiatives. He has also held positions with a nationally ranked law firm, the Federal Trade Commission, the Network Advertising Initiative and as a research assistant for Professor Daniel Solove. Austin is a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E).

David P. Saunders (CIPP/US, CIPM) is an experienced litigator who focuses his practice on privacy and cybersecurity matters. David helps clients mitigate and manage risks related to data privacy and cybersecurity, from counseling on compliance with privacy regulations and managing data incident responses, to navigating regulatory investigations and handling biometric and other privacy-related litigation. David works collaboratively with a diverse range of clients, from small business and pro bono clients to multinational Fortune 100 companies, understanding and advising on their data practices to provide guidance on the myriad issues that arise in today’s digital world. Additionally, David has experience conducting risk assessments, developing privacy programs, drafting privacy policies, performing due diligence for corporate transactions, planning around cross-border data transfers, negotiating vendor agreements and working with clients through data incident response. He regularly counsels on HIPAA, HITECH, GDPR, GLBA, CCPA and state law privacy obligations, including engaging with key rulemakers at the state level to advance clients’ interests. He has litigated and helped resolve matters related to data privacy and cybersecurity issues, including navigating potential and actual regulatory investigations. David has successfully worked with a number of state attorney general’s offices and federal regulators, and advocated on behalf of clients in the telecommunications, consulting and financial services sectors whether in response to routine inquiries or in response to reported data incidents. His work also includes collaborating with clients to provide testimony and comment on existing and planned data privacy legislation at the state and federal levels. David maintains an active pro bono practice, having represented inmates in various actions in state and federal courts, and providing privacy program development, counseling and training to non-profits.