Camila assists clients with data protection compliance, cyber risk preparedness and information governance. As director of Shook’s International Privacy Task Force, Camila leverages her in-depth knowledge of data protection regulations worldwide to counsel clients on the compliant handling of personal data in a way that moves business forward.

With reputation and confidential information at stake, companies need a trusted advisor who has experience understanding the differing requirements of multiple jurisdictions and integrating them into a seamless privacy program. Camila’s experience working proactively with clients to streamline privacy practices and develop creative solutions to embed privacy awareness into an organization’s procedures, together with her commitment to client service, positions her well to advise companies navigating the complexities of U.S. state and federal and international data protection requirements. Camila also helps clients assess privacy and cybersecurity risk and proactively implement mitigating measures, and regularly advises companies of all sizes and in multiple industries on information governance, data classification and data retention issues.

Camila has achieved the Privacy Law Specialist (PLS) designation and has been certified as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP), demonstrative of her comprehensive knowledge of privacy laws, privacy program management and essential data protection practices. She has also been certified as an Information Privacy Professional in European Law (CIPP/E) and U.S. Law (CIPP/US) as well as Information Privacy Manager (CIPM). She speaks regularly on data protection and cybersecurity issues at various events, including those hosted by the IAPP, the Association of Corporate Counsel and the American Bar Association.

Representative Matters

GDPR Compliance

Camila has helped companies on their path to compliance with the EU’s General Data Protection Regulation (GDPR). This includes not only advising on the applicability and main requirements of the law, but also drafting policies and developing procedures to ensure compliance going forward. She helps companies with addressing information governance, data mapping, preparing a record of processing activities, updating incident response procedures, drafting and negotiating vendor agreements, drafting privacy notices and conducting training and awareness.

Camila’s representative experience includes:

  • Developing GDPR compliance programs for companies in the e-commerce, retail, financial services, life sciences, hospitality, education and adtech industries, including drafting policies, data subject consent forms and data processing agreements, as well as developing procedures for handling data subject requests and responding to information security incidents;
  • Assisting a marketing company with implementing GDPR-compliant policies and procedures, including updating notices, preparing controller-to-processor and processor-to-subprocessor contract templates, advising on handling data subject access requests and advising on responding to information security questionnaires;
  • Advising a multinational consumer-goods manufacturer on implementing a consent-based program for collecting and processing a subset of company data;
  • Drafting GDPR-compliant privacy notices for multiple companies in various industries;
  • Advising a pharmaceutical company on the specific requirements for the collection and handling of biometric data of employees;
  • Drafting a global data processing addendum for a financial services provider to use with vendors in 180+ countries;
  • Preparing global contract templates for a multinational medical device firm, including co-controller, controller-to-processor and processor-to-subprocessor agreements; and
  • Advising multiple entities on the appropriate implementation of Standard Contractual Clauses for the transfer of personal data outside the EU/EEA. 
Privacy and Data Security Compliance

Camila also helps clients proactively address requirements for privacy and data security legislation in the U.S., Latin America, and Canada. As a fluent Spanish speaker, Camila is able to draft and review policies, notices and agreements relating to the processing of customer and employee data throughout the region. Camila also has a unique perspective on privacy and data security compliance, after having spent seven months in-house on secondment to a life sciences company developing and implementing policies and procedures to streamline their U.S.-based privacy program. Camila believes that privacy compliance is a tool, rather than an obstacle, that helps companies effectively meet objectives while maintaining information integrity and confidentiality.

Camila’s experience in this area includes:
  • Assisting a consumer goods manufacturer and a transportation provider with developing and implementing an enterprise-wide risk assessment process. This work includes creating a risk methodology, drafting questionnaires, identifying stakeholders, preparing a plan for execution, conducting the assessments and analyzing potential risks to develop risk mitigation plans;
  • Developing a semi-automated risk assessment process for a multinational company by creating templates and establishing risk assessment guidelines;
  • Advising a company in the food and beverage industry on data protection issues associated with a market research project, including advising on risk mitigation through contractual arrangements and transparency measures;
  • Advising a pharmaceutical company on the processing and transfer of employee data from a Mexican subsidiary, including drafting privacy notices in Spanish;
  • Assisting an equipment manufacturer with preparing a Spanish-language privacy notice for consumers in Mexico;
  • Assisting a U.S. retailer with negotiating data processing agreements with a vendor in the Dominican Republic;
  • Advising a multinational retailer on the handling of biometric information for employees in Canada;
  • Preparing incident response plans for a variety of organizations from midsize to multinational;
  • Assisting with responding to data security incidents and conducting breach notification in multiple jurisdictions; and
  • Advising on the implementation of a compliance program to address the requirements of Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CPA).

Publications and Presentations

Panelist, Privacy, Microtransit and Micromobility, American Public Transportation Association Legal Affairs Seminar, June 16, 2021.

Panelist, U.S. Privacy Law Updates, Colorado Bar Association’s 19th Annual Rocky Mountain Intellectual Property and Technology Institute, June 4, 2021.
 

Presenter, Colorado Privacy Act Update, Colorado Technology Association Technology Affairs Council, May 27, 2021.

Panelist, U.S. State and EU Privacy Developments, University of Denver Sturm College of Law Privacy Seminar, April 30, 2021.

Author, Toward a Patchwork of State Privacy Regulations: Recommendations for Colorado Businesses, Law Week Colorado, April 26, 2021.

Panelist, The Balancing Act of Data Privacy in 2021, Sirius Communications Webinar, April 27, 2021.

Presenter, Colorado Privacy Act, Davis Graham & Stubbs Webinar, April 13, 2021.

Presenter, U.S. State Privacy and Data Security Laws: An Overview, Rocky Mountain Mineral Law Foundation, April 7, 2021.

Presenter, Colorado Privacy Act Overview, Colorado Technology Association Technology Affairs Council, March 25, 2021.

Panelist, LATAM Data Privacy Roundup: Harmonising Compliance Across the Region, PrivSec Global, March 23, 2021.

Author, Colorado Privacy Act Introduced, DGS Legal Alert, March 19, 2021.

Panelist, Vendor Risk Management: Best Practices and Impact of Schrems II, IAPP Denver KnowledgeNet, December 15, 2020.

Contributor, IAPP Latin America Dashboard Digest, December 8, 2020.

Panelist, Top Tech Policy Debates, Colorado Bar Association Webinar, December 3, 2020.

Panelist, Policy Issues in Emerging Technologies Affecting Colorado Businesses, Denver Metro Chamber of Commerce Public Policy Affairs Council, October 29, 2020.

Panelist, Top Tech Policy Debates, Davis Graham & Stubbs webinar, October 21, 2020.

Panelist, Data Privacy and Employment Law, Davis Graham & Stubbs webinar, September 23, 2020.

Moderator, Data Privacy, Cybersecurity, Technology, Ethics and Business Lawyers, Colorado Bar Association’s Business Law Institute, September 8, 2020.

Panelist, COVID-19 Impacts on Colorado Businesses, Davis Graham & Stubbs Webinar, August 25, 2020.

Panelist, 2020 Data Privacy Update, Colorado Bar Association’s 18th Annual Rocky Mountain Intellectual Property and Technology Institute, August 6, 2020.

Author, Privacy Implications of Open Banking, Davis Graham & Stubbs, July 2020.

Panelist, How to Maximize Your 2020 Legal Budget in Privacy, IP, and Licensing Contracts, Davis Graham & Stubbs webinar, July 21, 2020.

Author, Privacy Shield Invalidated by the Court of Justice of the European Union, Davis Graham & Stubbs Legal Alert, July 17, 2020.

Panelist, Early Lessons for Asset Managers from COVID-19, Davis Graham & Stubbs webinar, July 14, 2020.

Co-Author, Pandemic v. Privacy: Implications of Social Distancing and Contact-Tracing Technologies, Law Week Colorado, April 27, 2020.

Panelist, How Does the Pandemic Challenge Privacy-Smart Companies, Davis Graham & Stubbs/Boundree Webinar, April 16, 2020.

Panelist, DGS COVID-19 Town Hall, Webinar Series, April 9, 2020.

Panelist, ADA Website Compliance, Association of Corporate Counsel Speaker Series, February 20, 2020.

Panelist, Privacy Law Update, Davis Graham & Stubbs Public Company Update, January 14, 2020.

Panelist, Cybersecurity Resilience and Best Practices for Fraud Prevention, by The Denver CFO Leadership Council, December 5, 2019.

Panelist, CCPA: Updates and Top 10 Things Companies Should Focus on to Comply, IAPP KnowledgeNet Meeting, November 20, 2019.

Panelist, Cybersecurity, Risk Compliance & Insurance Trends, Davis Graham & Stubbs Seminar, October 17, 2019.

Panelist, Data Security for Law Firms, IAPP Privacy.Security.Risk Conference, Las Vegas, Nevada, September 24, 2019.

Presenter, Consumer Privacy Overview, Colorado Technology Association’s Tech Affairs Council, July 25, 2019.

Panelist, AI and Machine Learning: What is Big Data? Colorado Bar Association’s 17th Annual Rocky Mountain Intellectual Property and Technology Institute, May 30, 2019.

Moderator, Will Colorado’s Innovative Approach to Blockchain Play Nationally? Hispanics in Technology, May 20, 2019.

Panelist, Privacy & Data Security Updates, Davis Graham & Stubbs Seminar, May 15, 2019.

Presenter, New Year, New Toys, New Laws, Women in eDiscovery (WIE), Denver Chapter, January 8, 2019.

Co-Author, California Consumer Privacy Act: A Comprehensive Review, Information Law Journal, Winter 2019 (with Al Saikali and Steve Vieux).

Webinar, Navigating Lei Geral de Proteção de Dados Pessoais: Brazil’s New General Data Privacy Law, (with Al Saikali and Marina Lima Silviera de Souza), November 2018.

Presenter, Privacy by Design Starts Here: Assessing Privacy Risk Under the GDPR, IAPP Privacy.Security.Risk Conference, Austin, Texas, October 18, 2018. 

Webinar, Privacy by Design Starts Here: Assessing Privacy Risk Under the GDPR, IAPP, October 16, 2018. 

Presenter, Privacy and Data Security - How to Identify and Avoid Traps for the Unwary, ACC Tampa, July 19, 2018.

Panelist, Breach Notification Under the GDPR, ABA Third National Institute on Cybersecurity Law, June 21, 2018.

Panelist, The Legal and Ethical Risks of Privacy and Data Security Traps, Update of the Law CLE, Kansas City, Missouri, June 14, 2018 (with Alfred Saikali, Eric Boos, Patrick Castle, Bill Sampson, and Colman McCarthy).

Presenter, What In-House Counsel Needs to Know About the GDPR and Other Privacy & Data Security Developments, ACC South Florida Chapter, May 9, 2018.

Moderator, Data Breach Response: Tips from the Trenches, IAPP Europe Data Protection Intensive, London, England, April 19, 2018.

Presenter, Biometric Information Privacy Overview, ACC Colorado, Denver, Colorado, April 11, 2018.

Co-Presenter, GDPR: What Litigators Should Know, ABA Webinar, March 8, 2018 (with Melia Archie and David Manek).

Panelist, Money for Nothing: Preventing and Defending Class Actions Seeking Statutory Damages for Technical Violations of the Law, Association of Corporate Counsel, Chicago, Illinois, January, 24, 2018 (with Patrick Castle, Matt Wolfe, and Anna S. Knight).

Panelist, The GDPR is Upon Us: Prioritize Your Response, Webinar, January 11, 2018.

Co-Presenter, Ethics in the Digital Age, ACC Colorado, Denver, Colorado, December 6, 2017 (with Cory Fisher, Lynn Murray and Wendy Cassity). 

Co-Presenter, Privacy Goes Global, Update of the Law CLE, June 22, 2017 (with Bill Sampson). 

Panelist, What A Fine Mess: Avoiding the Privacy and Cybersecurity Regulators' Crosshairs, Minority Corporate Counsel Association Global TEC Forum, June 20, 2017. 

Co-Presenter, Will New Regulations Make It More Difficult to Comply with Data Protection Requirements?, Association of Corporate Counsel (ACC)  In-House Counsel Forum, April 2017

Co-Presenter, International Privacy Law Bootcamp and Updates on EU Privacy Law, Third Annual South Florida Privacy and Data Security Summit, October 2016

Author, European Commission Adopts EU-U.S. Privacy Shield for Transatlantic Data Flows, Shook, Hardy & Bacon Client Alert, July 2016

Co-Presenter, A Compliance Toolbox to Minimize Privacy and Data Security Risks, ACC Colorado, June 2016

Co-Presenter, Recent Developments in EU Privacy Law, Rocky Mountain IP Institute, June 2016

Co-Presenter, Changes Impacting US Business: UK Insurance and EU Data Protection, Shook, Hardy & Bacon Webinar, April 2016.

Co-Presenter, Riding the Wave of Change in EU Privacy Law, ACI Data Breach & Privacy Litigation and Enforcement Conference, March 2016.

Co-Presenter, The New EU General Data Protection Regulation, IAPP KnowledgeNet Meeting, March 2016.

Presenter, EU-U.S. Privacy Shield, Shook, Hardy & Bacon Conversations in Privacy, February 2016.

Co-Presenter, Legal Issues in Privacy for the Hospitality Industry, Hospitality eResources Privacy & Data Security Bootcamp, January 2016.

Co-Presenter, Schrems and the Safe Harbor Framework: What’s Next?, IAPP KnowledgeNet Meeting, December 2015

Author, European Court of Justice Invalidates the U.S.-EU Safe Harbor Framework for Transfers of Personal Data, Shook, Hardy & Bacon Client Alert, October 2015

Co-Presenter, Mining Customer Data & Minimizing Privacy and Data Security Risks, Association of Corporate Counsel (ACC), October 2015

Presenter, Privacy Law in Latin America: Trends and Hot Topics, Latin American Corporate Counsel Association (LACCA) Meeting, September 2015

Co-Presenter, Data Protection and Employee Monitoring: Developments in Latin America, Global Employment Law & Litigation, Trends for the Multinational Corporations, September 2015

Co-Presenter, International Issues in Privacy and Data Security, Sedona Conference Working Group 11 on Privacy and Data Security mid-year meeting, June 2015

Co-Presenter, Responding Like a Pro: A Mock Data Breach Response, Denver Litigation Roundtable, June 2015

Presenter, Understanding the EU “Cookie Directive,” Rocky Mountain IP Institute, June 2015

Co-Presenter, Industry-Specific International Privacy Issues for Multi-National Companies, South Florida Data Privacy and Data Security Law Summit, March 2015

Co-Presenter, International Data Security Legal Risks for Financial Institutions, Florida International Bankers Association, March 2015

Author, Data Privacy Laws in Latin America: An Overview, American Bar Association International Law News, Spring 2015

Co-Presenter, Emerging Data Privacy Issues: What Corporate Counsel Needs to Know, Association of Corporate Counsel (ACC), September 2014

Presenter, An Overview of Latin America Data Privacy Law, South Florida Data Privacy and Data Security Law Summit, June 2014

Co-Author, Mexico’s Class Action Law: An Overview, Defense Research Institute (DRI), Summer 2013

Media

Colorado Is the Third State to Pass a Consumer Data Privacy Bill. Now What? Colorado Sun, June 17, 2021.

Data Privacy Bill Could Affect Consumer-Facing Companies Across Colorado, Denver Business Journal, April 9, 2021.

Countdown Begins for California’s New Privacy Law, Law Week Colorado, December 14, 2020.

Viva a Revolução? Brazil’s New Data Protection Regime, PrivSec Global, October 12, 2020.

Navigating Business Responsibilities and Consumer Consent, Law Week Colorado, May 27, 2019.

Congress Makes New Attempt at Data Privacy Legislation, Law Week Colorado, December 3, 2018.

The GDPR Effect - Lawyers Help Companies Prepare for 2018's Biggest Task in Cybersecurity Law, Law Week Colorado, May 28, 2018. 

Symbiosis Through Secondment, Law Week Colorado, January 25, 2017. 

Camila’s representative experience includes:

  • Developing a GDPR compliance program for the clinical trial arm of a pharmaceutical company, including drafting policies, data subject consent forms, and data processing agreements, as well as developing procedures for handling data subject requests and responding to information security incidents;
  • Advising two financial software companies on issues relating to the GDPR for the processing of customer and employee data;
  • Assisting a marketing company with implementing GDPR-compliant policies and procedures, including updating notices, preparing controller-to-processor and processor-to-subprocessor contract templates, advising on handling data subject access requests and advising on responding to information security questionnaires;
  • Assisting a financial services provider with employees and franchisees in the EU on the implementation of a GDPR compliance program, including preparing policies, updating notices and working on technological solutions to streamline compliance practices;
  • Advising a multinational consumer-goods manufacturer on implementing a consent-based program for collecting and processing a subset of company data.
  • Advising an e-commerce company on website policies;
  • Advising two insurance companies on GDPR contract issues, including negotiating data protection terms with customers and vendors;
  • Advising a pharmaceutical company on the specific requirements for the collection and handling of biometric data of employees;
  • Preparing global contract templates for a multinational medical device firm, including joint controller, controller-to-processor, and processor-to-subprocessor agreements.
  • Assisting a technology company with implementation of a GDPR compliance framework for handling employee data;
  • Assisting a U.S.-based retailer with obtaining Privacy Shield certification;
  • Advising multiple entities on the appropriate implementation of Standard Contractual Clauses for the transfer of personal data outside the EU/EEA;
  • Advising on compliance with the ePrivacy directive.

Privacy and Data Security Compliance

Camila also helps clients proactively address requirements for privacy and data security legislation in the U.S., Latin America, and Canada. As a fluent Spanish speaker, Camila is able to draft and review policies, notices and agreements relating to the processing of customer and employee data throughout the region. Camila also has a unique perspective on privacy and data security compliance, after having spent seven months in-house on secondment to a life sciences company developing and implementing policies and procedures to streamline their U.S.-based privacy program. Camila believes that privacy compliance is a tool, rather than an obstacle, that helps companies effectively meet objectives while maintaining information integrity and confidentiality.

Camila’s experience in this area includes:

  • Assisting a consumer goods manufacturer with developing and implementing an enterprise-wide risk assessment process. This work includes creating a risk methodology, drafting questionnaires, identifying stakeholders, preparing a plan for execution, conducting the assessments and analyzing potential risks to develop risk mitigation plans;
  • Developing a semi-automated risk assessment process for a multinational company by creating templates and establishing risk assessment guidelines;
  • Advising a company in the food and beverage industry on data protection issues associated with a market research project, including advising on risk mitigation through contractual arrangements and transparency measures;
  • Advising a pharmaceutical company on the processing and transfer of employee data from a Mexican subsidiary, including drafting privacy notices in Spanish;
  • Assisting an equipment manufacturer with preparing a Spanish-language privacy notice for consumers in Mexico;
  • Assisting a U.S. retailer with negotiating data processing agreements with a vendor in the Dominican Republic;
  • Advising a multinational retailer on the handling of biometric information for employees in Canada;
  • Preparing incident response plans for a variety of organizations from midsize to multinational;
  • Assisting with responding to data security incidents and conducting breach notification in multiple jurisdictions;
  • Advising on the implementation of a compliance program to address the requirements of Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) and the new California Consumer Privacy Act.

Other international matters

Camila has also advised clients on other types of matters with an international focus, ranging from dispute resolution to public policy to commercial transactions. Her experience includes:

  • Serving as coordinating counsel for the defense of products liability litigation in Latin America;
  • Assisting with claims filed before consumer protection agencies relating to the disparate treatment of consumers based on geolocation;
  • Advising on public policy issues and legislative trends throughout the region;
  • Drafting and negotiating commercial agreements relating to transactions in several countries in Latin America and the Caribbean, while on secondment to the Latin American in-house legal department of a Fortune 50 company.