Professionals:Lisa J. Sotto

Lisa J. Sotto

Partner

Practices

Contact

New York
p212.309.1223
f212.309.1100

Education

JD, University of Pennsylvania Law School, Law Review, 1987
BA, History, Cornell University, distinction in all subjects, 1984

Bar Admissions

District of Columbia
New York

Awards & Recognition

Named among The National Law Journal's "100 Most Influential Lawyers," 2013
Selected as one of The Top Women Attorneys in the New York Metro Area by Super Lawyers in the field of Information Technology/Outsourcing, February 2013
Voted Number 1 for the past three years in Computerworld poll of global privacy advisors
Named among Ethisphere Magazine's 2012 "Attorneys Who Matter," listing approximately 100 attorneys who "have risen to the top"
Leader in the Field, National Privacy & Data Security, Band 1, Chambers USA, 2011-2012
Recognized as a leading lawyer in The Legal 500 United States, 2012
Elected as a Fellow, American Bar Foundation, 2011
Recognized as one of the world's leading practitioners of The International Who's Who of Internet, E-Commerce & Data Protection Lawyers, 2012
Certified Information Privacy Professional/United States (CIPP/US), International Association of Privacy Professionals, 2012
Selected as New York Super Lawyer, 2006–2012
Awarded 2000 Champion of Justice Award by the New York City Bar Association
Recognized as "leader in your field" in 2012 Chambers Global Guide
Honoree, 2011 Empire State Counsel Program, New York State Bar Association, Pro Bono Affairs, December 2011

Memberships

Chair, U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee (2012) appointed by Secretaries Napolitano, Chertoff and Ridge; Chair, Policy Subcommittee, 2010 - present; former Committee Vice Chair, 2005 - 2009
Member, Board of Directors, International Association of Privacy Professionals, 2010 - 2015
Co-chair, International Privacy Law Committee, New York State Bar Association, 2007 - present
Chair, New York Privacy Officers Forum, 2007 - present
Lead Advisor, DataGuidance U.S. Panel of Experts, 2008 - present
Member, Law and Ethics Advisory Board, SAI Global, 2005 - present

Blogs

Privacy & Information Security Law Blog

New York
p212.309.1223
f212.309.1100

Lisa's practice focuses on privacy, cybersecurity and records management.

Relevant Experience

|
News

|
Alerts

|
Publications

|
Events

Related Publications

What Went Wrong at Bloomberg, and Where Do They Go Now? (Sotto quoted), IAPP Privacy Advisor

May 15, 2013

Bloomberg's Reputation Takes a Hit – Giving Reporters Access to Log Data Damages Trust (Sotto quoted), GovInfo Security

May 14, 2013

As Data Breaches Rise, AGs Emerge as Primary Enforcers (Sotto quoted), Law360

May 6, 2013

Cybersecurity Bill Enjoys Better Prospects After Exec Order (Sotto quoted), Law 360

April 22, 2013

With Email Ban, King & Spalding Misses Bigger Picture (Sotto quoted), Law 360

April 17, 2013

How Manageable Data Breaches Go Bad (Sotto quoted), Law 360

March 28, 2013

Battling Breaches: Rules, Regulations & Reining in the Players (Sotto quoted), Clinical Innovation + Technology

March 2013

Co-author, Preventive Measures: Records and Information Management Companies Need to Take Steps to Comply with the Newly Adopted HIPAA Omnibus Rule, Storage & Destruction Business Magazine

March/April 2013

Cyber Attacks Pose Growing Legal Risks (Sotto quoted), BNA Privacy Law Watch

February 21, 2013

Cyber Insecurity (Sotto quoted), Latin American Corporate Counsel Association

February 21, 2013

A Cybersecurity Blanket; New Executive Order Means a Broad Review for Lawyers, Clients (Sotto quoted), The National Law Journal

February 18, 2013

Co-author, HITECH Breaches: A How-To Guide, BNA's Health Law Reporter and Privacy & Security Law Report

January 24, 2013

HSS Data-Scrubbing Guidance Backs Strict Privacy Definitions (Sotto quoted), Law360

November 29, 2012

IT Lessons Learned from Hurricane Sandy (Sotto quoted), Baseline

November 9, 2012

Obama's Win to Turn Up Heat on Privacy Regulation (Sotto quoted), Law360

November 6, 2012

Hurricane Sandy Puts Security Systems at Risk (Sotto quoted), AFP Fraudwatch

November 5, 2012

Co-author, Online Behavioral Advertising: A User's Guide, IP Litigator

November/December 2012

FTC's Privacy "Nutrition Label" May Not Fit Complex Data Use (Sotto quoted), Law360 and IAPP Daily Dashboard

October 25, 2012

"Privacy Bill of Rights" Faces Uncertainty Under Romney Presidency, Observers Say (Sotto quoted), BNA's Daily Report for Executives, October 22, 2012, and Bloomberg BNA Privacy Law Watch, October 23, 2012

Firms Push for Privacy Groups as Data Security Realm Heats Up (Sotto quoted), Law 360

September 19, 2012

How to Avoid a Costly Data Breach (Sotto quoted), Internet Retailer

September 13, 2012

In-House Privacy Hiring Boom Shows No Signs of Fading (Sotto quoted), Law 360

September 10, 2012

The Lurking Dangers of Data Security (Sotto interviewed), Lodging Hospitality

August 31, 2012

Wyndham Data Security Suit Could Hamper FTC Enforcement (Sotto quoted), Law 360

August 28, 2012

Press release of the Republic of Serbia's Commissioner for Information of Public Importance and Personal Data Protection (Sotto mentioned)

July 9, 2012

EU Privacy Panel Endorses Cloud Computing, But at a Cost (Sotto quoted), Law360

July 3, 2012

Co-author, Technology: The privacy perils of mobile technology, InsideCounsel

June 1, 2012

Privacy Bill of Rights: Not Be-All, End-All (Sotto interviewed), BankInfoSecurity.com

February 24, 2012

The Move Toward a More Comprehensive Privacy Regime in the US (Sotto featured), Ernst & Young: 2012 Privacy Top Trends, Insights on IT Risk

January 2012

Privacy and the Risk of Security Breaches: Evolving Legislation, Continued Risk (Sotto interviewed), The Bottom Line

December 2011

Attorney's Role in Breach (Sotto interviewed), BankInfoSecurity.com

November 22, 2011

State and Federal Regulators Step Up Efforts in Privacy and Data Security (Sotto speech reprinted), HB Litigation Conferences

August 8, 2011

Co-author, The Shifting Sands of Data Protection and Resulting Privacy Pitfalls, State Bar of Texas – 10th Annual Advanced In-House Counsel Course

July 2011

Hottest Practice Area? (Sotto featured), Legal Bisnow

April 25, 2011

Top Security and Privacy Topics of 2011 (Sotto interviewed), Government Information Security

January 7, 2011

Co-author, Comment: Data Protection Outlook for 2011: A Global Discussion, Data Protection Law & Policy

January 2011

Author, Notice and Choice Paradigm in the US: Shifting the Focus, Data Protection Law & Policy

December 1, 2010

Co-author, The Boucher Bill: Shaping the Privacy Landscape in the U.S., Data Protection Law & Privacy

May 30, 2010

Co-author, Emerging Privacy Issues in Bankruptcy, New York Law Journal

June 2010

Co-author, Privacy and Data Security Risks in Cloud Computing, Electronic Commerce & Law Report

February 3, 2010

Co-author, Preservation and Monitoring of Corporate Messaging, New York Law Journal

November 11, 2009

Co-author, FTC's Red Flags Rule: Delays Suggest Confusion on the Part of the Industry, Privacy & Data Security Law Journal

2009

Co-author, Behavioural Advertising: Legislative Steps, dataprotectionlaw&policy, Volume 6, Issue 7

July 2009

Co-author, Proposed HHS Guidance on HITECH Act Breach Notice Obligations, Privacy Law Watch and BNA Privacy & Security Law Report

April 27, 2009

Co-author, FTC Publishes Red Flags Rule Compliance Guide; Confirms Broad Interpretation of the Rule, Privacy & Information Law Report, Volume 10

2009

Co-author, New Jersey Publishes Pre-Proposal of Rules Protecting Personal Information, Privacy & Data Security Law Journal

April 2009

Do you Know Where your Data Is? (Sotto interviewed), Corporate Governance

March 2009

Co-author, Massachusetts Revises Information Security Regulations and Extends Compliance Deadline, Privacy & Information Law Report and Lexology/ACC Newsstand

March 1, 2009 and February 20, 2009

Co-author, The Stimulus Package and Health Privacy Breaches, Lawdragon

February 2009

Data-Theft Victims in Monster, Heartland Cases May Not Be Notified (Sotto interviewed), USA Today TechnologyLive Blog

2009

Author, Privacy Enters the Mainstream, IAPP Privacy Advisor

December 20, 2008

Author, Identity Theft Red Flags and Address Discrepancies Rule, Our Viewpoint, SAI Global

2008

Co-author, Surviving an FTC Investigation After a Data Breach, New York Law Journal

September 18, 2008

Co-author, Strategic Information Management, BNA, Inc. Privacy and Security Law Report

September 15, 2008

Co-author, U.S. Commerce Department Develops Safe Harbor Certification Mark, IAPP, The Privacy Advisor

September 1, 2008

Co-author, eDiscovery for Corporate Counsel, Thomson Reuters/West

2008

Author, Views from Beyond the Beltway: Cyber Security Recommendations from the Experts, CSIS's Commission on Cyber Security for the 44th Presidency, Hunton & Williams Client Alert

May 30, 2008

Author, The New CAN-SPAM Rule, Hunton & Williams Client Alert

May 29, 2008

"ReachMD" regarding HIPAA and physicians' use of text messaging (Sotto interviewed)

January 24, 2008

Author, Data Security in 2008, IAPP Privacy Advisor

2008

Co-author, Data Breach! Correct Response Crucial, New York Law Journal

May 29, 2007

Co-author, A How-To Guide to Information Security Breaches, Privacy and Information Law Report, IAPP Privacy Advisor, BNA's Privacy & Security Law Report

May 2007

Co-author, Sounding the Alert on Data Breaches, New York Law Journal

July 20, 2006

Co-author, What Every U.S. Employer Should Know About Workplace Privacy (Part Two), ALM's Privacy & Data Protection Legal Reporter

June 2006

Co-author, What Every U.S. Employer Should Know About Workplace Privacy (Part One), ALM's Privacy & Data Protection Legal Reporter

May 2006

Close