Professionals:Lisa J. Sotto

Lisa J. Sotto

Partner
vCard

Practices

Contact

  • New York
    p212.309.1223
    f212.309.1100

Education

  • JD, University of Pennsylvania Law School, Law Review, 1987
  • BA, History, Cornell University, distinction in all subjects, 1984

Bar Admissions

  • District of Columbia
  • New York

Awards & Recognition

  • Voted Number 1 for the past three years in Computerworld poll of global privacy advisors
  • Leader in the Field, National Privacy & Data Security, Band 1, Chambers USA, 2011
  • Recognized as a leading lawyer in The Legal 500 United States, 2011
  • Elected as a Fellow, American Bar Foundation, 2011
  • Recognized as one of The International Who's Who of Internet, E-Commerce & Data Protection Lawyers, 2011
  • Named one of Ethisphere Magazine's 100 "2009 Attorneys Who Matter," listing attorneys who "have risen to the top"
  • Selected as New York Super Lawyer, 2006 - 2011
  • Awarded 2000 Champion of Justice Award by the New York City Bar Association
  • Recognized as "leader in your field" in 2012 Chambers Global Guide
  • Honoree, 2011 Empire State Counsel Program, New York State Bar Association, Pro Bono Affairs, December 2011
  • Nominated as one of the world's leading practitioners of the International Who’s Who of Internet, e-Commerce & Data Protection Lawyers 2011, Who's Who Legal, ABA Section of International Law and the International Bar Association, 2011

Memberships

  • Chair, U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee (2012) appointed by Secretaries Napolitano, Chertoff and Ridge; Chair, Policy Subcommittee, 2010 - present; former Committee Vice chair, 2005 - 2009
  • Member, Board of Directors, International Association of Privacy Professionals, 2010 - 2015
  • Co-chair, International Privacy Law Committee, New York State Bar Association, 2007 - present
  • Chair, New York Privacy Officers Forum, 2007 - present
  • Lead Advisor, DataGuidance U.S. Panel of Experts, 2008 - present
  • Member, Law and Ethics Advisory Board, SAI Global, 2005 - present

Blogs

  • New York
    p212.309.1223
    f212.309.1100

Lisa's practice focuses on privacy, data security and records management.

  • Relevant Experience
  • |
  • News
  • |
  • Alerts
  • |
  • Publications
  • |
  • Events

Lisa is the managing partner of the firm's New York office, and her practice focuses on privacy, data security and records management issues. She assists clients in identifying, evaluating and managing risks associated with privacy and information security practices of companies and third parties. Lisa advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA/FACTA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU and Latin America). She conducts all phases of online and offline privacy assessments and information security policy audits. Lisa drafts and negotiates contractual agreements concerning data uses, privacy and security. She also develops corporate records management programs, including policies, procedures, records retention schedules and training modules.

Lisa was rated the "No. 1 privacy expert" for the past three consecutive years by Computerworld magazine. She also earned a Band 1 U.S. national ranking for Privacy & Data Security from Chambers and Partners, and was recognized as a leading lawyer by The Legal 500 United States. In addition, Hunton & Williams’ Privacy and Data Security practice received a Band 1 U.S. national ranking from Chambers USA in Privacy & Data Security and a Tier 1 ranking by The Legal 500 United States. Lisa speaks frequently at conferences and seminars, testifies regularly before the U.S. Congress and other legislative and regulatory agencies, is the author of numerous treatises and articles, has been tapped to lead several industry committees and organizations, is sought after by media outlets and industry publications for her professional insights, and appears regularly on national television and radio news programs. She is the editor and lead author of the Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business.

Relevant Experience

  • Testified before U.S. House of Representatives, "Data Protection and the Consumer: Who Loses When Your Data Takes a Hike?"
  • Testified before U.S. Department of Health & Human Services' Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics regarding RFID use in health care.
  • Testified before CSIS Commission on Cyber Security for the 44th Presidency.
  • Briefed Congressional staffers in preparation for data breach hearings held by the House of Representatives Committee on Homeland Security, Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, and in connection with drafting of comprehensive privacy bill.
  • Requested by U.S. Government Accountability Office to participate in GAO study on data security breaches.
  • Requested by U.S. Office of Management and Budget to participate in OMB analysis of DHS Privacy Office.
  • Advising multiple clients on FTC, OCR and state Attorney General investigations and enforcement actions for alleged data security violations.
  • Advised multiple clients on managing FTC Consent Order and FTC access letters in connection with data security incidents.
  • Advising numerous major health care providers and other health plans on all aspects of HITECH security breaches, including OCR and state enforcement.
  • Led HITECH Act breach notification effort for one of the largest PHI data breaches (1.2 million individuals).
  • Advising two major retailers on security breaches resulting from criminal tampering of POS terminals, including U.S. Secret Service involvement, forensic investigations, all aspects of breach notification and PR efforts.
  • Advised Texas State Comptroller in connection with well-known data security incident involving 3.5 million state workers.
  • Advised major retailers on well-known data breaches, including managing FTC and Canadian DPA response and investigation, and consumer notification issues.
  • Represented global leader in premium lifestyle products in FTC investigation regarding significant data security breach, including U.S. Secret Service involvement.
  • Advised over 800 companies (including health care companies, retailers, consumer goods companies, insurers, utilities and industrial manufacturers) on all aspects of information security breaches and developed media and consumer communications programs following breaches.
  • Advising numerous multinational clients on Safe Harbor certification and annual recertification.
  • Counseled several Web 2.0 companies on data collection and sharing issues, and Safe Harbor certification.
  • Counseled major consumer goods companies on privacy issues associated with the use of radio frequency identification (RFID).
  • Advising numerous publishers and advertisers on online behavioral advertising issues.
  • Advising multiple clients on employee and visitor monitoring and surveillance issues under federal and state laws, and preparing related policies (including personal computing device issues).
  • Advising numerous clients on complex cloud computing solutions.
  • Advising numerous clients on compliance with Payment Card Industry Data Security Standard and preparation of related policies and procedures.
  • Advised multiple clients with FCRA and FACTA compliance.
  • Conducted comprehensive privacy and information security policy assessment of major U.S. electric utility.
  • Advised client on compliance with the Privacy Act, including preparation of a System of Records Notice and Privacy Impact Assessment, in connection with significant new government mortgage program.
  • Conducted full-scale consumer information privacy assessments for one of the world's largest food companies and a Fortune 15 consumer goods company, including extensive data flow mapping, remediation, and development and implementation of multiple privacy, information security and records management policies and procedures.
  • Represented leading information provider in developing new, company-wide privacy, credentialing and compliance program.
  • Advising numerous clients on privacy requirements under GLB, HIPAA, HITECH and state law, and preparing related documentation.
  • Served as HIPAA privacy counsel to large health care system, including over 40 hospitals and long-term care and assisted living facilities, and major academic medical center.
  • Prepared HIPAA and HITECH policies and procedures (including training) for numerous employer-sponsored group health plans.
  • Developed and implemented comprehensive global records management program in over 100 countries for one of world's largest software companies, including preparation and implementation of policies and procedures, numerous records retention schedules, in-person and web-based training and audit program.
  • Outside counsel to leading U.S. mutual fund company, financial services provider and commercial and consumer finance company to develop omnibus records management program.
  • Outside counsel to major U.S. government agency on new initiative to develop agency-wide, comprehensive records management program.
  • Drafted numerous website Terms of Use. 

Books

  • Editor and Lead Author, Privacy and Data Security Law Deskbook (1,400-page treatise), Aspen Publishers, Wolters Kluwer Law & Business, 2010
  • Co-author, Chapter 11 European Union Data Protection, Data Security and Privacy Law: Combating Cyberthreats, West, Thomson Reuters, 2008
  • Co-author, Data Security Handbook, ABA Section of Antitrust Law, 2008
  • Co-author, Privacy Primer: An Overview of Global Data Protection Laws, 2006

Media Appearances

  • Law360, Q&A with Hunton & Williams' Lisa Sotto (Sotto interviewed), November 4, 2011
  • KUCI 88.9 FM, Protect Your Privacy in the Information Age (Sotto featured in 30-minute interview), September 19, 2011
  • FoxLive.com, Is There Need for a Data Privacy Law? (Sotto interviewed), September 6, 2011
  • Bank Information Security Podcasts, Epsilon Breach: Risks and Lessons; Incident is a Wake-Up Call about Database Security Gaps (Sotto interviewed), April 5, 2011
  • End to End Trust, Microsoft Corporation, regarding cross industry collaboration and a safer Internet (Sotto interviewed), September 2009
  • CNN's American Morning, Privacy in the Obama Administration (Sotto interviewed), December 8, 2008
  • ClearChannel Radio, "Tech Talk with Craig Peterson," regarding the use of RFID in health care (Sotto interviewed), March 4, 2006
Hunton & Williams LLP
  • RSS
  • Share Page
  • Email Hunton & Williams LLP
ATTORNEY ADVERTISING. Case results depend upon a variety of factors unique to each case. Case results do not guarantee or predict a similar result in any future case.
Close
Generate a PDF of Your eFolio
Clear Your eFolio
Close X
Remove
Error: There was an error with your eFolio. Please try again.
Add to eFolio
Already Added
View eFolio
Warning: Please Confirm You Would Like to Delete All eFolio Content.
There are no items in your eFolio. You can add professional and practice detail pages to your Briefcase by navigating to the pages and adding the page through the eFolio icon.
See content you want to save or print? Add it to your personalized eFolio. Select 'Add to eFolio' to add professional bios and practice content. Select 'View eFolio' to review your folder content. You can revise, save or print your eFolio at any time during your visit to hunton.com.
false
http://www.hunton.com/professionals/uniEntity.aspx?xpST=ProfessionalDetail&professional=108
a[href='javascript:packetBuilderSingleClick(document.title);']