Bart W. Huffman is a data strategy, security and privacy attorney in Holland & Knight's Houston office. Mr. Huffman has a systems engineering and intellectual property (IP) background, as well as deep experience in privacy and cyber security matters and sophisticated technology transactions. He provides legal advice concerning a wide range of matters, particularly in the energy, healthcare, financial, transportation and other critical infrastructure sectors.

Mr. Huffman leads engagements involving data, information systems and/or operational technology in connection with large-scale software as a service (SaaS) and other cloud-platform implementations, ransomware and data breach response, technology vendor contracting and oversight, domestic and international privacy and cybersecurity compliance projects and programs, business intelligence and data analysis, terrestrial and satellite Wi-Fi networks, software and information systems development and licensing, assessment and allocation of legal and contractual cybersecurity risks, and governance advice. He often serves as lead "breach coach" for critical infrastructure companies, and he has served as lead outside counsel for investigations, recovery, negotiations, notifications and regulatory compliance in ransomware and other cyber and data security incidents – company-wide or system-specific, third-party or first-party – for more than 15 years.

In addition, Mr. Huffman is a Certified Information Privacy Professional – U.S. and Europe (CIPP/US and CIPP/E), and a cybersecurity fellow at the Robert Strauss Center for International Security and Law at The University of Texas School of Law in Austin.

Mr. Huffman regularly supports clients both in the negotiation of information technology (IT) transactions and license agreements, and in regard to compliance with privacy and data protection regulation on a national and international scale, including with respect to laws such as the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Children's Online Privacy Protection Act (COPPA) and the European Union (EU) General Data Protection Regulation (GDPR). He is also experienced in matters involving the Payment Card Industry Data Security Standard (PCI DSS) and other payment systems privacy and security issues.

Mr. Huffman counsels clients as to the legal aspects of both IT and operational technology (OT) security matters. He provides analysis and negotiates agreements concerning artificial intelligence (AI), data enrichment and data analytics, including associated issues of ownership, licensing, implementation and use. As a litigator, he has appeared in federal and state courts across the country, including in precedent-setting online copyright and privacy matters. He is conversant in and has counseled leading internet service providers with respect to the Digital Millennium Copyright Act (DMCA).

Mr. Huffman also serves as an adjunct professor at The University of Texas School of Law, where he teaches U.S. and EU privacy law.

Representative Experience

  • Handled negotiations on behalf of a major airline with respect to contracts for satellite-provided internet connectivity (Wi-Fi) and related data, cybersecurity and licensing terms
  • Handled negotiation of a master cybersecurity agreement on behalf of a global wind turbine manufacturer for application at multiple utility-owned projects
  • Served as legal team member for a joint venture arrangement for global digital media format development and licensing
  • Handled incident response for first-party and supplier ransomware and exfiltration events involving consumer records, patient medical records, employee records and/or business records; as applicable, provided coordination of records review, forensic investigations, risk analysis and compliance with foreign data protection laws
  • Provided global privacy advice for a cryptocurrency wallet, including U.S. analysis under wide range of privacy laws as well as coordination of support work by foreign counsel and work with European Union (EU) counsel on data protection impact analysis
  • Provided privacy advice, in coordination with EU counsel, on collection and use of online meeting content for artificial intelligence (AI) purposes
  • Handled analysis and contract negotiation with respect to distributed antenna systems and internet connectivity infrastructure for a digital arts museum and grounds
  • Handled negotiation of contracts and response support for security incidents involving financial data aggregators
  • Handled negotiation with various leading internet company affiliates for large-scale enterprise cloud and professional services project on behalf of a healthcare insurer and provider, including development of integrated experience layer (IEL), personal health solutions and next best action technology
  • Served as an industry-knowledgeable counsel in successful defense ransomware-based class actions filed in multiple jurisdictions
  • Served on and assisted specific teams (IP, IT, privacy, cybersecurity) for numerous corporate mergers and acquisitions (M&A) and similar transactions
  • Handled negotiation of license and related use and revenue-sharing terms for development and implementation of automated cryptocurrency trading software
  • Provided industry-knowledge support (IP, IT, privacy, cybersecurity) in negotiations on behalf of private equity funds for outsourcing projects
  • Handled preparation of terms and privacy policies on behalf of global pharmaceutical company for COVID-19 test mobile applications
  • Served as privacy and cybersecurity counsel for leading players in various industries, including oil and gas exploration, industrial infrastructure, banking and highway tolling
  • Served as counsel to companies for cybersecurity and other information security incident preparedness, including development of incident response plans and template materials, tabletop support, and information security policies and procedures
  • Provided advice to boards and senior executives on cybersecurity, privacy and legal risks associated with privacy, information technology (IT) and operational technology (OT)
  • Representation of internet service providers in online copyright, intellectual property (IP) address lookup, and subscriber identifications disputes and negotiations, and related internal policies and procedures
  • Handled negotiation of internet-based commercial services agreements for browser development, remote technology support, mobile-controlled home security and vehicle content delivery
  • Provided legislative support and testimony before Texas House and Senate committees on privacy issues
  • Served as lead counsel for pretexting litigation in Texas and California on behalf of a national internet service provider


  • The University of Texas School of Law, J.D.
  • Princeton University, B.S.E., Civil Engineering/Operations Research, Certificate in Engineering and Management Systems
Bar Admissions/Licenses
  • California
  • New York
  • Texas
Court Admissions
  • U.S. Patent and Trademark Office
  • U.S. Court of Appeals for the District of Columbia Circuit
  • U.S. Court of Appeals for the Fourth Circuit
  • U.S. Court of Appeals for the Fifth Circuit
  • U.S. Court of Appeals for the Seventh Circuit
  • U.S. Court of Appeals for the Ninth Circuit
  • U.S. District Court for the Central District of California
  • U.S. District Court for the Eastern District of California
  • U.S. District Court for the Northern District of California
  • U.S. District Court for the Southern District of California
  • U.S. District Court for the Eastern District of New York
  • U.S. District Court for the Southern District of New York
  • U.S. District Court for the Eastern District of Texas
  • U.S. District Court for the Northern District of Texas
  • U.S. District Court for the Southern District of Texas
  • U.S. District Court for the Western District of Texas
  • U.S. District Court for the District of Arizona
  • U.S. District Court for the Northern District of Illinois
  • U.S. District Court for the Southern District of Illinois
  • U.S. District Court for the District of Maryland
  • U.S. District Court for the Eastern District of North Carolina
  • Robert Strauss Center for International Security and Law, Senior Fellow – Cybersecurity, 2019-Present
  • Texas Bar Foundation, Life Fellow, 2018-Present
  • The University of Texas School of Law Technology Law Conference, Chair/Co-Chair, 2010-Present
  • Leadership Committee, Parents Council, University of Virginia, 2022-Present
  • Brumley Next Generation Graduate Fellows Program, Robert Strauss Center for International Security and Law, Scholar-Mentor, 2022-2023
  • Texas Privacy Protection Advisory Council, Council Member, 2020
  • International Association of Privacy Professionals (IAPP), Member, 2014-2022; Certification Advisory Board Member, 2014-2019
  • Greater Houston Partnership, Working Group Leader, Cybersecurity Task Force, 2013-2017
  • Business/Civic Leadership Forum, Center for Houston's Future, Class of Spring 2014
  • Center for Information Technology Policy, Princeton University, Visiting Fellow, 2011-2012
  • Princeton Alumni Association of San Antonio and South Texas, President, 2003-2012
  • Princeton University Alumni Council, Executive Committee, 2005-2009; Regional Associations Chair, 2007-2009
  • San Antonio Convention and Visitors Commission, Commissioner, 2003-2007; Budget and Finance Chair, 2006-2007
Honors & Awards
  • The Legal 500 USA, Media, Technology and Telecoms – Cyber Law (Including Data Privacy and Data Protection), 2023


Speaking Engagements