Josh focuses his practice on privacy and data security issues. After becoming certified in American and European Union privacy law, he transitioned into the privacy field following work as a federal clerk, a federal litigator and as an in-house regulatory attorney. At each step in his career, Josh has crafted practical solutions reflecting the appropriate balance between risks and business goals, and he continues to do so by drawing on his background in highly regulated industries to provide holistic analyses and actionable advice responsive to evolving privacy standards. 

Josh came to Shook after working in the health care industry. As part of DaVita’s privacy team, he investigated data privacy incidents, created and conducted a HIPAA privacy audit, advised senior leaders on state privacy laws and created processes to comply with the California Consumer Privacy Act (CCPA). He also drafted internal policies on the Telephone Consumer Protection Act (TCPA), HIPAA and CAN-SPAM, while working with business leaders to identify and redress privacy issues during program development. Before joining DaVita, Josh served as counsel at a pharmaceutical company where he drafted policies, revised contracts, provided regulatory guidance on drug development, and advised stakeholders during a pharmacovigilance audit. 

Before his time in the health care industry, Josh worked as a regulatory litigator. He served as a special assistant United States attorney in the civil division litigating cases, negotiating settlements and advising agencies on regulatory compliance. Josh also clerked at trial and appellate courts, starting by clerking at the Northern Mariana Islands Supreme Court before untangling regulatory issues arising in government contract disputes at the United States Court of Federal Claims. 


An Overview of EU and US Cybersecurity Regulations, Interact Law, September 25, 2023 and November 8, 2023 (with Colman McCarthy).

Data Breach Liability in Cloud Service Agreements, Update of the Law CLE webinar, June 2, 2022 (with Amy Ragen). 

Data Privacy Trends & Cybersecurity Preparedness, ACC Mid-America Chapter and Shook, Hardy & Bacon, L.L.P., April 13, 2022 (with Colman McCarthy).


Limiting Data Breach Liability in Cloud Service Agreements, Cybersecurity Law Report, February 23, 2022.

The Case for Revisiting Contingent Liabilities Under Article VIII, 90 Washington Law Review Online 105, 2015.