Wendell J. Bartnick is a tech and data attorney in Holland & Knight's Houston office, where he counsels clients across various industries on privacy compliance, data protection and breaches, technology product development and commercialization, and e-commerce matters.

Mr. Bartnick has extensive experience guiding clients on compliance with federal privacy laws and guidance, state privacy laws such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Colorado's Consumer Privacy Act (CPA), Connecticut's Data Privacy Act (CTDPA), Utah's Consumer Privacy Act (UCPA) and Virginia's Consumer Data Protection Act (CDPA), as well as the European Union (EU) General Data Protection Regulation (GDPR). He also regularly advises clients on compliance with industry sector-specific laws, international considerations and best practices with respect to processing and securing employee data, marketing campaigns, vendor risk management, machine learning and artificial intelligence (AI), big data, biometric data, employee monitoring, online tracking, credit card and automated clearing house (ACH) payment processing, the Internet of Things (IoT) and the metaverse.

Compliance matters commonly involve implementing and maintaining privacy and data security programs, including drafting internal and external policies and procedures, performing privacy impact assessments and designing online products and services to reduce legal risk. For example, Mr. Bartnick counsels clients on considerations for engaging AI-based services vendors, and advises AI developers on product and contracting issues.

Mr. Bartnick also regularly advises clients on various technology and data deals, including data sharing arrangements, system interface/integration agreements, software licensing, software development, cloud services licensing such as software as a service (SaaS), AI services agreements, data protection terms and outsourcing. He also counsels clients about the potential business and legal risks associated with deal and contract breaches, and the related contractual provisions.

In addition, Mr. Bartnick routinely helps clients handle data breach and cyber security incidents from start to finish, which includes managing security incident risk, developing breach notification strategies, communicating with senior management, managing consultants (including forensics), drafting voluntary and legally required notices, and communicating with law enforcement and other government officials. He also regularly assists clients with the communications, mitigation and remediation strategy of incidents involving vendors.

Mr. Bartnick is a Certified Information Privacy Professional/US (CIPP/US) with the International Association of Privacy Professionals (IAPP).

Prior to joining Holland & Knight, Mr. Bartnick was tech and data attorney for an international law firm in its Houston office.

Representative Experience

  • Guiding clients with respect to personal, confidential and proprietary information collection, handling and sharing practices and security measures
  • Advising clients (in all industries including heavily regulated industries such as healthcare) that engage software and information technology (IT) service providers, including software-as-a-service (SaaS) providers
  • Assisting retail clients with the privacy and data protection implications of launching e-commerce services globally
  • Counseling software and IT service providers, including artificial intelligence (AI), SaaS services, software development and other IT-related services, on product development, privacy, data security and contracting strategies
  • Counseling AI customers and vendors about considerations for training data, AI models, service levels, regulatory compliance and bias, privacy and data protection, data retention and intellectual property rights
  • Advising organizations with risk management associated with new product and service offerings, especially in internet, mobile and health IT environments
  • Advising healthcare industry participants on implications of the U.S. information blocking rule and the interoperability rule with respect to health IT and related contractual arrangements
  • Negotiating technology interface agreements with healthcare client and technology vendors
  • Counseling clients on written information security policies, incident response plans and other corporate policies addressing information governance, technical infrastructure and cybersecurity risk management
  • Advising medical device manufacturers and other healthcare device manufacturers on data rights and protection strategy
  • Guiding clients on post-acquisition or merger integration of privacy and data protection compliance programs
  • Negotiating agreements related to the provision and use of big data analytics services


  • George Mason University School of Law, J.D., magna cum laude
  • Macalester College, B.A.
Bar Admissions/Licenses
  • District of Columbia
  • Maryland
  • Texas
  • Virginia
  • International Association of Privacy Professionals
Honors & Awards
  • The Legal 500 USA, Cyber Law (including Data Privacy and Protection), Next Generation Partner, 2022


Speaking Engagements