Josh focuses on privacy and data security issues while maintaining an active technology transactions practice. He draws on his in-house experience at two health care companies to provide practical, holistic solutions aligned with clients’ objectives and risk tolerances. 

In the privacy and data security space, Josh counsels clients on laws governing the appropriate collection, use, and security of customer information. He advises on CCPA, GDPR, GLBA, HIPAA, and similar laws while updating clients on legislative developments and regulators’ enforcement activities. Clients seek his guidance on domestic and international contracting, risk assessments, policy development, and product counseling. If things go sideways, clients rely on Josh to interact with regulators and lead all stages of incident response. 

When Josh wears his technology transactions hat, he assists companies with SaaS contracts, purchase agreements, and similar transactions. Working with small companies up to Fortune 50 businesses, Josh tailors his negotiation strategy to deliver timely wins on clients’ important issues. 

Outside of work, Josh can be found walking Pliny, his chocolate lab; running on the treadmill; or teaching his one-year-old to root for University of Washington football. 



Colorado’s Bill on AI: Protecting Consumers in Interactions with AI Systems, OneTrust, June 11, 2024 (with Camila Tobón).

Updates on U.S. Privacy Law, ACC-Washington Chapter 2024 Technology Summit, June 6, 2024 (with Julian Diaz-Morales).

Six of One, Half a Dozen of the Other? Comprehending the Differences in U.S. Comprehensive State Privacy Laws, PLI’s Twenty-Fifth Annual Institute on Privacy and Cybersecurity Law, June 3, 2024 (with Elizabeth Canter).

An Overview of EU and US Cybersecurity Regulations, Interact Law, September 25, 2023 and November 8, 2023 (with Colman McCarthy and Jasper Holsebosch).

Online Data Sharing in Healthcare: Cookies, Pixels, Adtech, and (most) Everything Else, Colorado Bar Association - Health Law Section, October 18, 2023 (with Iliana Peters).

Data Breach Liability in Cloud Service Agreements, Update of the Law CLE webinar, June 2, 2022 (with Amy Ragen). 

Data Privacy Trends & Cybersecurity Preparedness, ACC Mid-America Chapter and Shook, Hardy & Bacon, L.L.P., April 13, 2022 (with Colman McCarthy).


Colorado: Act concerning consumer protections in interactions with AI systems, Data Guidance, May 27, 2024.

Florida Bill Introduces Data Breach Immunity for Entities Meeting Industry Cybersecurity Standards, IAPP, April 2, 2024.

California: The Draft ADMT Rules – Top Takeaways, DataGuidance, February 29, 2024.

Limiting Data Breach Liability in Cloud Service Agreements, Cybersecurity Law Report, February 23, 2022.

The Case for Revisiting Contingent Liabilities Under Article VIII, 90 Washington Law Review Online 105, 2015.