Bart Huffman headshot
Bart Huffman
+1.713.244.8215

Overview

Bart W. Huffman is a data strategy, security and privacy attorney in Holland & Knight's Houston office. Mr. Huffman has a systems engineering and intellectual property (IP) background, as well as deep experience in privacy and cyber security matters and sophisticated technology transactions. He provides legal advice concerning a wide range of matters, particularly in the transportation, energy, healthcare, financial and other critical infrastructure sectors.

Mr. Huffman leads engagements involving data, information systems and/or operational technology in connection with technology service and vendor contracting, ransomware and data breach or other security incident response, domestic and international privacy and cybersecurity compliance projects and programs, large-scale software as a service (SaaS) and other cloud-platform implementations, artificial intelligence (AI) contracting and compliance, business intelligence and data analysis, terrestrial and satellite Wi-Fi networks, software and information systems development and licensing, assessment and allocation of legal and contractual cybersecurity risks, tabletop exercises and governance advice. He often serves as lead "breach coach" for critical infrastructure companies, and he has served as lead outside counsel for investigations, recovery, negotiations, notifications and regulatory compliance in ransomware and other cyber and data security incidents – company-wide or system-specific, third-party or first-party – for approximately 20 years.

Mr. Huffman is a registered patent attorney at the U.S. Patent and Trademark Office (USPTO), a Certified Information Privacy Professional – U.S. and Europe (CIPP/US and CIPP/E), and a senior cybersecurity fellow at the Robert Strauss Center for International Security and Law at The University of Texas School of Law in Austin. He also serves as an adjunct professor at The University of Texas School of Law, where he has taught U.S. and European Union (EU) privacy law for a decade.

Mr. Huffman regularly supports clients in the negotiation of information technology (IT) transactions and license agreements, as well as compliance with privacy and data protection regulation on a national and international scale, including with respect to laws such as the Texas Data Privacy and Security Act (TDPSA), California Consumer Privacy Act (CCPA), Gramm-Leach Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Health Insurance Portability and Accountability Act (HIPAA), Children's Online Privacy Protection Act (COPPA) and the EU General Data Protection Regulation (GDPR). He is also experienced in matters involving the Payment Card Industry Data Security Standard (PCI DSS) and other payment systems privacy and security issues.

Mr. Huffman counsels clients as to the legal aspects of IT systems and governance and IT and operational technology (OT) security matters. He provides analysis and negotiates agreements concerning AI, data enrichment and data analytics, including associated issues of ownership, licensing, implementation and use. As a litigator, he has appeared in federal and state courts across the country, including in precedent-setting online copyright and privacy matters. Among other things, he is conversant in and has counseled leading internet service providers with respect to the Digital Millennium Copyright Act (DMCA), and he has led or participated on both sides of the bench in litigation involving large-scale data breach and/or cybersecurity incident response.

Representative Experience

  • Handled negotiations on behalf of a major airline with respect to contracts for satellite-provided internet connectivity (Wi-Fi) and related data, cybersecurity and licensing terms
  • Handled negotiation of a master cybersecurity agreement on behalf of a global wind turbine manufacturer for application at multiple utility-owned projects
  • Handled incident response for first-party and supplier ransomware and exfiltration events involving consumer records, patient medical records, employee records and/or business records, providing, as applicable, coordination of records review, forensic investigations, risk analysis, regulatory response, indemnity issues and compliance with foreign data protection laws
  • Provided global privacy advice for a cryptocurrency wallet, including U.S. analysis under a wide range of privacy laws as well as coordination of support work by foreign counsel and work with European Union (EU) counsel on data protection impact analysis
  • Provided product technology and data advice (including artificial intelligence (AI) and privacy considerations for multilayered support, innovation and data lake systems) for an innovative, leading manufacturer in the agricultural industry
  • Handled negotiation of contracts and response support for security incidents involving financial data aggregators
  • Served as lead counsel in litigation regarding financial harm arising from the pursuit of divergent interests in ransomware cybersecurity incident response
  • Served as an industry-knowledgeable counsel in successful defense of ransomware-based class actions filed in multiple jurisdictions
  • Served as privacy and cybersecurity counsel for leading players in various industries, including oil and gas exploration, industrial infrastructure, banking and highway tolling
  • Served as counsel to companies for cybersecurity and other information security incident preparedness, including development of incident response plans and template materials, tabletop support, and information security policies and procedures
  • Provided advice to boards and senior executives on cybersecurity, privacy and legal risks associated with privacy, information technology (IT) and operational technology (OT)
  • Provided legislative support and testimony before the Texas House and Senate committees on privacy issues
  • Consistently advise on effective regulatory reporting and responses across multiple sectors (including healthcare, financial and general consumer) in cybersecurity incident response

  • Served as one of a three-person legal team overseeing a joint venture for global digital media format development and licensing
  • Led re-development and drafting of a full suite of revised information technology (IT) policies and procedures in connection with incorporation of updated risk management function for a large governmental authority with IT- and data-centric operations in the transportation industry
  • Led negotiations and template contract development for a global medical assistance and crisis response provider in the aviation industry
  • Provided privacy advice, in coordination with European Union (EU) counsel, on collection and use of online meeting content for artificial intelligence (AI) purposes
  • Transition of a national health screening company from Health Insurance Portability and Accountability Act (HIPAA)-based to state law-based privacy compliance regime
  • Negotiations and advice for transactions involving systemwide payment card-based offer network, including associated data processing, analytics and multilayer, rule-based contracting
  • Handled analysis and contract negotiation with respect to distributed antenna systems and internet connectivity infrastructure for a digital arts museum and grounds
  • Analysis and coding of multiple U.S. and Canadian laws for purposes of research and development of AI systems to facilitate international exchange of neurodata
  • International transactional and intellectual property (IP) representation of a regional nonprofit sports federation
  • Handled negotiation with various leading internet company affiliates for a large-scale enterprise cloud and professional services project on behalf of a healthcare insurer and provider, including development of integrated experience layer, personal health solutions and next best action technology
  • Negotiated long-term, large-scale disaster recovery (systems and services) contracts
  • Served on and assisted specific teams (IP, IT, privacy, cybersecurity) for numerous corporate mergers and acquisitions (M&A) and similar transactions
  • Handled negotiation of license and related use and revenue-sharing terms for development and implementation of automated cryptocurrency trading software
  • Provided industry-knowledge support (IP, IT, privacy, cybersecurity) in negotiations on behalf of private equity funds for outsourcing projects
  • Handled preparation of terms and privacy policies on behalf of a global pharmaceutical company for COVID-19 test mobile applications
  • Representation of internet service providers in online copyright, IP address lookup, and subscriber identifications disputes and negotiations, and related internal policies and procedures in dozens of state and federal district and appellate courts
  • Handled negotiation of internet-based commercial services agreements for browser development, remote technology support, mobile-controlled home security and vehicle content delivery
  • Served as lead counsel for pretexting litigation in Texas and California on behalf of a national internet service provider

Credentials

Education
  • The University of Texas School of Law, J.D., with honors
  • Princeton University, B.S.E., Civil Engineering/Operations Research, Certificate in Engineering and Management Systems, summa cum laude
Bar Admissions/Licenses
  • California
  • New York
  • Texas
Court Admissions
  • U.S. Patent and Trademark Office
  • U.S. Court of Appeals for the District of Columbia Circuit
  • U.S. Court of Appeals for the Fourth Circuit
  • U.S. Court of Appeals for the Fifth Circuit
  • U.S. Court of Appeals for the Seventh Circuit
  • U.S. Court of Appeals for the Ninth Circuit
  • U.S. District Court for the Central District of California
  • U.S. District Court for the Eastern District of California
  • U.S. District Court for the Northern District of California
  • U.S. District Court for the Southern District of California
  • U.S. District Court for the Eastern District of New York
  • U.S. District Court for the Southern District of New York
  • U.S. District Court for the Eastern District of Texas
  • U.S. District Court for the Northern District of Texas
  • U.S. District Court for the Southern District of Texas
  • U.S. District Court for the Western District of Texas
  • U.S. District Court for the District of Arizona
  • U.S. District Court for the Northern District of Illinois
  • U.S. District Court for the Southern District of Illinois
  • U.S. District Court for the District of Maryland
  • U.S. District Court for the Eastern District of North Carolina
Memberships
  • Robert Strauss Center for International Security and Law, Senior Fellow – Cybersecurity, 2019-Present
  • The University of Texas School of Law Technology Law Conference, Chair/Co-Chair, 2010-Present
  • Texas Bar Foundation, Sustaining Life Fellow, 2018-Present
  • Leadership Committee, Parents Council, University of Virginia, 2022-2025
  • Brumley Next Generation Graduate Fellows Program, Robert Strauss Center for International Security and Law, Scholar-Mentor, 2022-2023
  • Princeton University, John Maclean Society, 2022-Present
  • Texas Privacy Protection Advisory Council, Council Member, 2020
  • International Association of Privacy Professionals (IAPP), Member, 2014-2026; Certification Advisory Board Member, 2014-2019
  • Greater Houston Partnership, Working Group Leader, Cybersecurity Task Force, 2013-2017
  • Business/Civic Leadership Forum, Center for Houston's Future, Class of Spring 2014
  • Center for Information Technology Policy, Princeton University, Visiting Fellow, 2011-2012
  • Princeton Alumni Association of San Antonio and South Texas, President, 2003-2012
  • Princeton University Alumni Council, Executive Committee, 2005-2009; Regional Associations Chair, 2007-2009
  • San Antonio Convention and Visitors Commission, Commissioner, 2003-2007; Budget and Finance Chair, 2006-2007
Honors & Awards
  • The Best Lawyers in America guide, Technology Law, 2026
  • The Legal 500 USA, Media, Technology and Telecoms – Cyber Law (Including Data Privacy and Data Protection), 2024
  • Tau Beta Pi

Multimedia

Publications

Speaking Engagements

News