Josh focuses on privacy and data security issues while maintaining an active technology transactions practice. He draws on his in-house experience at two health care companies to provide practical, holistic solutions aligned with clients’ objectives and risk tolerances.
In the privacy and data security space, Josh counsels clients on laws governing the appropriate collection, use, and security of customer information. He advises on CCPA, GDPR, GLBA, HIPAA, and similar laws while updating clients on legislative developments and regulators’ enforcement activities. Clients seek his guidance on domestic and international contracting, risk assessments, policy development, and product counseling. If things go sideways, clients rely on Josh to interact with regulators and lead all stages of incident response.
When Josh wears his technology transactions hat, he assists companies with SaaS contracts, purchase agreements, and similar transactions. Working with small companies up to Fortune 50 businesses, Josh tailors his negotiation strategy to deliver timely wins on clients’ important issues.
Outside of work, Josh can be found walking Pliny, his chocolate lab; running on the treadmill; or teaching his one-year-old to root for University of Washington football.
Presentations
Data Privacy Primer, Sedona Conference, October 30, 2024.
Colorado’s Bill on AI: Protecting Consumers in Interactions with AI Systems, OneTrust, June 11, 2024 (with Camila Tobón).
Updates on U.S. Privacy Law, ACC-Washington Chapter 2024 Technology Summit, June 6, 2024 (with Julian Diaz-Morales).
Six of One, Half a Dozen of the Other? Comprehending the Differences in U.S. Comprehensive State Privacy Laws, PLI’s Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law, June 3, 2024 (with Elizabeth Canter).
Data Privacy Primer, Sedona Conference, May 2, 2024.
An Overview of EU and US Cybersecurity Regulations, Interact Law, September 25, 2023 and November 8, 2023 (with Colman McCarthy and Jasper Holsebosch).
Online Data Sharing in Healthcare: Cookies, Pixels, Adtech, and (most) Everything Else, Colorado Bar Association - Health Law Section, October 18, 2023 (with Iliana Peters).
Data Breach Liability in Cloud Service Agreements, Update of the Law CLE webinar, June 2, 2022 (with Amy Ragen).
Data Privacy Trends & Cybersecurity Preparedness, ACC Mid-America Chapter and Shook, Hardy & Bacon, L.L.P., April 13, 2022 (with Colman McCarthy).
Publications
External Publications
Privacy Breaches, Settlements, and Regulator Activity: A Year (and Then Some) in Review, Tort Trial & Insurance Practice Law Review, American Bar Association, Summer 2024.
Recent Developments in Cybersecurity & Data Privacy, Tort Trial & Insurance Practice Law Journal, American Bar Association, Summer 2024 (with Tara Kennedy, Lindsey Knapton, Ali Cabeza, Anna A. Gadberry, et al.).
Colorado: Act concerning consumer protections in interactions with AI systems, Data Guidance, May 27, 2024.
Florida Bill Introduces Data Breach Immunity for Entities Meeting Industry Cybersecurity Standards, IAPP, April 2, 2024.
California: The Draft ADMT Rules – Top Takeaways, DataGuidance, February 29, 2024.
Limiting Data Breach Liability in Cloud Service Agreements, Cybersecurity Law Report, February 23, 2022.
The Case for Revisiting Contingent Liabilities Under Article VIII, 90 Washington Law Review Online 105, 2015.
Client Alerts
California Jumps Into Privacy Rulemaking (Again), Privacy and Cybersecurity Client Alert, November 14, 2024.
Pennsylvania’s Amended Data Breach Law Upends Standard Framework, Privacy and Cybersecurity Client Alert, July 18, 2024.
Court Vacates Key Portion of OCR’s Online Tracking Tool Guidance, Privacy and Cybersecurity Client Alert, June 21, 2024.
Colorado Enacts Artificial Intelligence Law, Privacy and Cybersecurity Client Alert, May 21, 2024.
Bipartisan Group of Lawmakers Unveils Federal Privacy Bill, Privacy and Cybersecurity Client Alert, April 10, 2024.
HIPAA Update: OCR Updates Bulletin on Website Tracking Tools, Privacy and Cybersecurity Client Alert, March 22, 2024.
Florida Legislature Passes Data Breach Immunity Legislation, Privacy and Cybersecurity Client Alert, March 12, 2024.
California Shares Draft Rules on Audits, Assessments and Automated Decisionmaking, Privacy and Cybersecurity Client Alert, December 4, 2023.
OCR Faults Business’s Data Security Practices After Ransomware Attack, Privacy and Cybersecurity Client Alert, November 21, 2023.
New York Adds More Stringent Cybersecurity Requirements, Privacy and Cybersecurity Client Alert, November 14, 2023.
SEC Issues Rules on Cybersecurity Reporting Obligations, Privacy and Cybersecurity Client Alert, August 10, 2023.
Where Is AI Regulation Heading and What Can Companies Do to Prepare?, Privacy and Cybersecurity Client Alert, July 26, 2023.
Washington’s New Health Care Data Law Is Expansive and Takes Effect Soon. Are You Ready?, Privacy and Cybersecurity Client Alert, June 7, 2023.
California DOJ Treats Data Transfers for Website Analytics as a Sale in First CCPA Settlement, Privacy and Cybersecurity Client Alert, September 15, 2022.
California Legislature Passes Bill Regulating Data Processing on Websites “Likely To Be Accessed by Children,” Privacy and Cybersecurity Client Alert, September 6, 2022.
Practical Suggestions for CCPA Compliance, Privacy and Cybersecurity Client Alert, February 24, 2022.
Multimedia
Colorado’s Impact on AI, Law.com, ALM, October 28, 2024 (with Camila Tobon).