Bess Hinson-Greenspan

Hospitality

• Advised the general counsel and senior management of a casino and resort hotel on ransomware attack, including advising on cyber forensic investigation, threat actor negotiations, data mining and e-discovery, and consumer and regulatory notifications
• Advised the general counsel of a multinational food company through a ransomware attack with direct operational impact on the country's largest grocers and food chains; directed forensic investigation and disclosures to external auditors
• Directed the response to a ransomware incident for a hospitality management company, also owning private clubs, hotels and restaurants through attack impacting daily operations and data of multiple business lines; coordinated and led responses to multiple regulatory investigations regarding the attack
• Counseled a restaurant franchise regarding response to breach of point of sale (POS) system, employee theft of confidential information and post-breach litigation

Financial Services

• Advised the chief legal officer and C-suite of a consumer financial services company through a ransomware attack that impacted lending operations; provided strategic direction regarding the investigation, customer and employee communications, and notices to millions of individuals
• Led a team of professionals in response to a ransomware attack on an employee benefits company, including advising on cyber forensic investigation, threat actor negotiations and e-discovery process for purpose of satisfying customer contractual notification obligations
• Advised the CEO of an insurance company regarding ransomware attack impacting operations and financial position; directed response to regulatory inquiries and employee and investor communication strategy to mitigate legal risks

Technology

• Coached a global software as a service (SaaS) web content management and optimization solution through Office 365 data breach forensic investigation and compliance with Canadian, European and U.S. reporting requirements
• For an open source analytics and monitoring solution, assessed legal and contractual notification obligations related to coding errors resulting in data disclosures and advised on customer notifications

Manufacturers

• Advised a global product design and technology company in investigating, responding to, and defending response strategy to wide-ranging cybersecurity events
• Advised a beverage co-packer for leading beverage brands on a ransomware attack and regulatory notifications

Education

• Advised an educational accreditation association through all stages of a third-party vendor data breach impacting member school confidential and student personal information, including notifications and enhancing information security controls and policies
• Counseled a private university on a ransomware attack, including advising on cyber forensic investigation, threat actor negotiations, data mining and e-discovery, individual and regulatory notifications, and cyber liability insurance claim

• Advised a luxury yacht cruise line in the development of its privacy and cybersecurity program, including drafting and negotiating data processing addendums (DPAs) for vendor agreements and privacy policy implementation
• Assisted an underwear manufacturer in assessment of information security and data protection policies and procedures and enhancement of existing compliance program to conform to European, Canadian and U.S. laws
• Counseled a social media network on the integration of facial recognition technology and risks associated with the processing of biometric information
• Advised a global consumer goods company on ecommerce privacy compliance strategy and negotiated data protection agreement with a global dropship supplier
• Counseled an internet-based delivery service regarding data monetization strategy
• Led and coordinated response to European Data Protection Authority inquiry on behalf of a digital experience intelligence platform
• Assisted a global pasta company on U.S. and Canadian privacy disclosures, cross-border data transfers and email marketing campaigns
• Counseled an electronic billing and payment company on privacy and data security compliance program, including data retention policy and procedures, incident response plan, vendor agreements and privacy disclosures
• Advised an international auto manufacturer regarding privacy and data security employee training, including the preparation of training materials
• Counseled a toy manufacturer on Children's Online Privacy Protection Act (COPPA) requirements related to producing children's content on streaming channels
• Assisted a global hotel management company on the development and implementation of General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) compliance programs
• Advised administration of a private liberal arts college on data protection requirements for student and employee personal information when contracting with third-party vendors to support operational services
• Assisted the chief information officer of a private college regarding cybersecurity management, information security policies and standards and enhancement of data risk management program

• For a corporate travel management services company, drafted a data protection addendum (DPA) to address global data protection requirements in customer agreements
• For a luxury hotel brand, negotiated data sharing and selling partnership agreements for various marketing initiatives; drafted and negotiated DPA for back-end technology services
• In preparation for mergers and acquisitions (M&A) auction process, advised a health and life science company on the development and implementation of data protection and privacy compliance program
• Prepared data sharing agreements for practice management, electronic health records (EHR) and electronic medical records (EMR) software platform company
• For a regional children's hospital, assessed data protection risks associated with imaging vendor engagement and negotiated a DPA to services agreement
• Advised an international auto manufacturer in the revision and renegotiation of vendor services and data protection agreements
• For multiple clients, conducted pre- and post-acquisition due diligence and assessments of data security and privacy compliance and security incidents at target companies