Brittany M. Bacon

  • New York

Brittanys practice focuses on privacy, data security and information management issues.

Brittany assists clients in identifying, evaluating and managing global privacy and information security risks and compliance issues. She has assisted with the development and implementation of comprehensive information security programs, and has drafted privacy notices, policies, standards and procedures. Brittany routinely advises multinational clients on data breach response and notification responsibilities and counsels clients on US state, federal and international privacy requirements. She conducts privacy impact assessments and advises clients on managing risk in connection with data collection and use. Brittany also regularly negotiates privacy and data security provisions of complex commercial and technology-related contracts. 

Brittany volunteers as a welfare advocacy attorney for the City Bar Justice Center’s Legal Clinic for the Homeless and assists pro bono clients with securing public benefits. She also has served as a Legal Fellow Staff Attorney for Volunteer Lawyers for the Arts, counseling low-income artists and arts organizations with corporate, intellectual property and litigation issues. Brittany previously worked as a legal writer for

Relevant Experience

  • Advised over 50 companies (including health care companies, retailers, consumer goods companies, and financial institutions) on data breach and cybersecurity incident response, including preparation of required notifications pursuant to state breach notification laws, the HITECH Act and Interagency Guidance, call center training and development of media strategies.
  • Advised major multi-national company with a data security incident extending to 78 countries, managed the U.S. legal escalation call center and responded to multiple international data protection authorities.
  • Advises clients on FTC, SEC and state Attorney General (including Multistate Task Force) investigations and enforcement actions for alleged data security and privacy violations.
  • Provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.
  • Assisted Fortune 100 company in responding to congressional inquiries relating to a cybersecurity incident.
  • Prepares comprehensive data security policies, standards and procedures in connection with corporate information security programs.
  • Assists clients with complying with privacy and information security requirements, including under GLB, HIPAA and state information security laws.
  • Advises clients on managing FTC Consent Orders and CIDs in connection with data security incidents.
  • Advised major global bank on massive cyber intrusion.
  • Advised multinational clients on Safe Harbor certification and annual recertification.
  • Develops comprehensive vendor management programs.
  • Counsels clients in negotiating information sharing agreements with government agencies.
  • Assists clients in establishing a vendor management program, including evaluating and negotiating privacy and data security provisions and indemnities contained in vendor agreements.
  • Evaluates compliance issues and drafts notices and consents for corporate programs involving business uses of employee-owned electronic devices.
  • Drafts online and offline privacy policies, procedures and notices.
  • Evaluates compliance and enforcement issues related to the collection of information in the context of credit card transactions under the Song-Beverly Act and other state and federal laws.
  • Develops employee training materials and handbooks focusing on privacy and information security practices.
  • Counsels clients on HIPAA compliance, including security breach notification obligations under the HITECH Act and preparation of HIPAA security policies and procedures.

Media Appearances

  • Radio Times, Privacy and Security on the Internet (Bacon interviewed), July 22, 2015
  • FOX5NY, Cash, Credit Cards, Chips – Consumer Payment Methods Fluctuate in Light of Data Breaches (Bacon interviewed), October 21, 2014