Named among The National Law Journal’s “100 Most Influential Lawyers” in 2013, Lisa is the managing partner of the firm’s New York office, and her practice focuses on privacy, cybersecurity and records management issues. She assists clients in identifying, evaluating and managing risks associated with privacy and information security practices of companies and third parties. Lisa advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA/FACTA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU and Latin America). She conducts all phases of online and offline privacy assessments and information security policy audits, and advises clients on cybersecurity risks, incidents and policy issues. Lisa drafts and negotiates contractual agreements concerning data uses, privacy and security. She also develops corporate records management programs, including policies, procedures, records retention schedules and training modules.
Lisa has been rated the “No. 1 privacy expert” for the past three consecutive years by Computerworld magazine. She was recognized by Chambers and Partners as a “Star” performer (the highest honor) for privacy and data security for the second consecutive year; she was one of only two privacy lawyers in the United States to receive this distinguished ranking. Lisa also is recognized as a leading lawyer by The Legal 500 United States for cyber crime, 2014, and data protection and privacy, 2009-2014. Lisa was named one of Ethisphere Magazine’s 2013 “Attorneys Who Matter,” listing approximately 100 attorneys who “have risen to the top.” In addition, Hunton & Williams’ Privacy and Data Security practice received a Band 1 U.S. national ranking from Chambers USA in Privacy & Data Security and a Tier 1 ranking by The Legal 500 United States. Lisa speaks frequently at conferences and seminars, testifies regularly before the U.S. Congress and other legislative and regulatory agencies, is the author of numerous treatises and articles, has been tapped to lead several industry committees and organizations, is sought after by media outlets and industry publications for her professional insights, and appears regularly on national television and radio news programs. She is the editor and lead author of the Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business.
- Named to The National Law Journal’s “100 Most Influential Lawyers” list (2013).
- Appointed by Secretaries Johnson and Napolitano as Chair of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (2012-present); previously served as Vice Chair (2005-2009)
- Selected to represent the U.S. Chamber of Commerce in Indonesia to present “Business Without Borders: The Importance of Cross-Border Data Transfers to Global Prosperity,” a report prepared by Hunton & Williams and the Chamber.
- Selected to advise the Serbian government on global data protection law and to draft the country's data security and breach notification laws. Sotto was sponsored by the USAID-funded Judicial Reform and Government Accountability Project.
- Editor and lead author of the Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business.
- Testified before U.S. House of Representatives, “Data Protection and the Consumer: Who Loses When Your Data Takes a Hike?”
- Testified before U.S. Department of Health & Human Services’ Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics regarding RFID use in health care.
- Testified before CSIS Commission on Cyber Security for the 44th Presidency.
- Briefed Congressional staffers in preparation for data breach hearings held by the House of Representatives Committee on Homeland Security, Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, and in connection with drafting of comprehensive privacy bill.
- Selected to advise DHS’s Homeland Security Science and Technology Committee (HSSTAC) regarding Third Party Pre-Screening Program
- Selected by U.S. Government Accountability Office to participate in GAO study on data security breaches.
- Selected by U.S. Office of Management and Budget to participate in OMB analysis of DHS Privacy Office.
- Routinely assisting clients in developing policy positions regarding privacy and cybersecurity legislative and regulatory proposals both in the U.S. and abroad.
- Advising multiple clients on FTC, OCR and state Attorney General investigations and enforcement actions for alleged data security violations.
- Advising multiple clients on managing FTC Consent Orders and FTC CIDs and access letters in connection with data security incidents.
- Advising numerous major health care providers and other health plans on all aspects of HITECH security breaches, including OCR and state enforcement.
- Advised two major retailers on security breaches resulting from criminal tampering of POS terminals, including U.S. Secret Service involvement, forensic investigations, all aspects of breach notification and PR efforts.
- Advised Texas State Comptroller in connection with well-known data security incident involving 3.5 million state workers.
- Led HITECH Act breach notification effort for one of the largest PHI data breaches (1.2 million individuals).
- Advised major retailers on well-known data breaches, including managing FTC and Canadian DPA response and investigation, and consumer notification issues.