As Director of Shook’s International Privacy Task Force, Camila leverages her in-depth knowledge of data protection regulations worldwide to counsel clients on the compliant handling of personal data in a way that moves business forward. With reputation and confidential information at stake, companies need a trusted advisor who has experience understanding the differing requirements of multiple jurisdictions and integrating them into a seamless privacy program. Camila’s experience working proactively with clients to streamline privacy practices and develop creative solutions to embed privacy awareness into an organization’s procedures, together with her commitment to client service, positions her well to advise companies navigating the complexities of international data protection requirements.

Camila has been certified as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP), a designation signifying comprehensive knowledge of privacy laws, privacy program management and essential data protection practices. She has also been certified as an Information Privacy Professional in European Law (CIPP/E) and Information Program Manager (CIPM). She speaks regularly on international data protection issues at various events, including those hosted by the IAPP, the Association of Corporate Counsel, and the American Bar Association.

Representative Matters

GDPR Compliance

Camila has helped companies on their path to compliance with the EU’s General Data Protection Regulation (GDPR). This includes not only advising on the applicability and main requirements of the law, but also drafting policies and developing procedures to ensure compliance going forward. She helps companies with addressing information governance, data mapping, preparing a record of processing activities, updating incident response procedures, drafting and negotiating vendor agreements, drafting privacy notices and conducting training and awareness.

Camila’s representative experience includes:

  • Developing a GDPR compliance program for the clinical trial arm of a pharmaceutical company, including drafting policies, data subject consent forms, and data processing agreements, as well as developing procedures for handling data subject requests and responding to information security incidents;
  • Advising two financial software companies on issues relating to the GDPR for the processing of customer and employee data;
  • Assisting a marketing company with implementing GDPR-compliant policies and procedures, including updating notices, preparing controller-to-processor and processor-to-subprocessor contract templates, advising on handling data subject access requests and advising on responding to information security questionnaires;
  • Assisting a financial services provider with employees and franchisees in the EU on the implementation of a GDPR compliance program, including preparing policies and updating notices as well as advising on data subject requests;
  • Advising a multinational consumer-goods manufacturer on implementing a consent-based program for collecting and processing a subset of company data.
  • Advising an e-commerce company on website policies;
  • Advising two insurance companies on GDPR contract issues, including negotiating data protection terms with customers and vendors;
  • Advising a pharmaceutical company on the specific requirements for the collection and handling of biometric data of employees;
  • Preparing global contract templates for a multinational medical device firm, including joint controller, controller-to-processor, and processor-to-subprocessor agreements.
  • Assisting a technology company with implementation of a GDPR compliance framework for handling employee data;
  • Assisting a U.S.-based retailer with obtaining Privacy Shield certification;
  • Advising multiple entities on the appropriate implementation of Standard Contractual Clauses for the transfer of personal data outside the EU/EEA;
  • Advising on compliance with the ePrivacy directive.
Privacy and Data Security Compliance

Camila also helps clients proactively address requirements for privacy and data security legislation in the U.S., Latin America, and Canada. As a fluent Spanish speaker, Camila is able to draft and review policies, notices and agreements relating to the processing of customer and employee data throughout the region. Camila also has a unique perspective on privacy and data security compliance, after having spent seven months in-house on secondment to a life sciences company developing and implementing policies and procedures to streamline their U.S.-based privacy program. Camila believes that privacy compliance is a tool, rather than an obstacle, that helps companies effectively meet objectives while maintaining information integrity and confidentiality.

Camila’s experience in this area includes:
  • Assisting a consumer goods manufacturer with developing and implementing an enterprise-wide risk assessment process. This work includes creating a risk methodology, drafting questionnaires, identifying stakeholders, preparing a plan for execution, conducting the assessments and analyzing potential risks to develop risk mitigation plans;
  • Developing a semi-automated risk assessment process for a multinational company by creating templates and establishing risk assessment guidelines;
  • Advising a company in the food and beverage industry on data protection issues associated with a market research project, including advising on risk mitigation through contractual arrangements and transparency measures;
  • Advising a pharmaceutical company on the processing and transfer of employee data from a Mexican subsidiary, including drafting privacy notices in Spanish;
  • Assisting an equipment manufacturer with preparing a Spanish-language privacy notice for consumers in Mexico;
  • Assisting a U.S. retailer with negotiating data processing agreements with a vendor in the Dominican Republic;
  • Advising a multinational retailer on the handling of biometric information for employees in Canada;
  • Preparing incident response plans for a variety of organizations from midsize to multinational;
  • Assisting with responding to data security incidents and conducting breach notification in multiple jurisdictions;
  • Advising on the implementation of a compliance program to address the requirements of Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) and the new California Consumer Privacy Act.
Other international matters

Camila has also advised clients on other types of matters with an international focus, ranging from dispute resolution to public policy to commercial transactions. Her experience includes:
  • Serving as coordinating counsel for the defense of products liability litigation in Latin America;
  • Assisting with claims filed before consumer protection agencies relating to the disparate treatment of consumers based on geolocation;
  • Advising on public policy issues and legislative trends throughout the region;
  • Drafting and negotiating commercial agreements relating to transactions in several countries in Latin America and the Caribbean, while on secondment to the Latin American in-house legal department of a Fortune 50 company.

Publications and Presentations

Co-Author, California Consumer Privacy Act: A Comprehensive Review, Information Law Journal, Winter 2019 (with Al Saikali and Steve Vieux).

Webinar, Navigating Lei Geral de Proteção de Dados Pessoais: Brazil’s New General Data Privacy Law, (with Al Saikali and Marina Lima Silviera de Souza), November 2018.

Presenter, Privacy by Design Starts Here: Assessing Privacy Risk Under the GDPR, IAPP Privacy.Security.Risk Conference, Austin, Texas, October 18, 2018. 

Webinar, Privacy by Design Starts Here: Assessing Privacy Risk Under the GDPR, IAPP, October 16, 2018. 

Presenter, Privacy and Data Security - How to Identify and Avoid Traps for the Unwary, ACC Tampa, July 19, 2018.

Panelist, Breach Notification Under the GDPR, ABA Third National Institute on Cybersecurity Law, June 21, 2018.

Panelist, The Legal and Ethical Risks of Privacy and Data Security Traps, Update of the Law CLE, Kansas City, Missouri, June 14, 2018 (with Alfred Saikali, Eric Boos, Patrick Castle, Bill Sampson, and Colman McCarthy).

Presenter, What In-House Counsel Needs to Know About the GDPR and Other Privacy & Data Security Developments, ACC South Florida Chapter, May 9, 2018.

Moderator, Data Breach Response: Tips from the Trenches, IAPP Europe Data Protection Intensive, London, England, April 19, 2018.

Presenter, Biometric Information Privacy Overview, ACC Colorado, Denver, Colorado, April 11, 2018.

Co-Presenter, GDPR: What Litigators Should Know, ABA Webinar, March 8, 2018 (with Melia Archie and David Manek).

Panelist, "Money for Nothing: Preventing and Defending Class Actions Seeking Statutory Damages for Technical Violations of the Law," Association of Corporate Counsel, Chicago, Illinois, January, 24, 2018 (with Patrick Castle, Matt Wolfe, and Anna S. Knight).

Panelist, The GDPR is Upon Us: Prioritize Your Response, Webinar, January 11, 2018.

Co-Presenter, Ethics in the Digital Age, ACC Colorado, Denver, Colorado, December 6, 2017 (with Cory Fisher, Lynn Murray and Wendy Cassity). 

Co-Presenter, Privacy Goes Global, Update of the Law CLE, June 22, 2017 (with Bill Sampson). 

Panelist, What A Fine Mess: Avoiding the Privacy and Cybersecurity Regulators' Crosshairs, Minority Corporate Counsel Association Global TEC Forum, June 20, 2017. 

Co-Presenter, Will New Regulations Make It More Difficult to Comply with Data Protection Requirements?, Association of Corporate Counsel (ACC)  In-House Counsel Forum, April 2017

Co-Presenter, International Privacy Law Bootcamp and Updates on EU Privacy Law, Third Annual South Florida Privacy and Data Security Summit, October 2016

Author, European Commission Adopts EU-U.S. Privacy Shield for Transatlantic Data Flows, Shook, Hardy & Bacon Client Alert, July 2016

Co-Presenter, A Compliance Toolbox to Minimize Privacy and Data Security Risks, ACC Colorado, June 2016

Co-Presenter, Recent Developments in EU Privacy Law, Rocky Mountain IP Institute, June 2016

Co-Presenter, Changes Impacting US Business: UK Insurance and EU Data Protection, Shook, Hardy & Bacon Webinar, April 2016.

Co-Presenter, Riding the Wave of Change in EU Privacy Law, ACI Data Breach & Privacy Litigation and Enforcement Conference, March 2016.

Co-Presenter, The New EU General Data Protection Regulation, IAPP KnowledgeNet Meeting, March 2016.

Presenter, EU-U.S. Privacy Shield, Shook, Hardy & Bacon Conversations in Privacy, February 2016.

Co-Presenter, Legal Issues in Privacy for the Hospitality Industry, Hospitality eResources Privacy & Data Security Bootcamp, January 2016.

Co-Presenter, Schrems and the Safe Harbor Framework: What’s Next?, IAPP KnowledgeNet Meeting, December 2015

Author, European Court of Justice Invalidates the U.S.-EU Safe Harbor Framework for Transfers of Personal Data, Shook, Hardy & Bacon Client Alert, October 2015

Co-Presenter, Mining Customer Data & Minimizing Privacy and Data Security Risks, Association of Corporate Counsel (ACC), October 2015

Presenter, Privacy Law in Latin America: Trends and Hot Topics, Latin American Corporate Counsel Association (LACCA) Meeting, September 2015

Co-Presenter, Data Protection and Employee Monitoring: Developments in Latin America, Global Employment Law & Litigation, Trends for the Multinational Corporations, September 2015

Co-Presenter, International Issues in Privacy and Data Security, Sedona Conference Working Group 11 on Privacy and Data Security mid-year meeting, June 2015

Co-Presenter, Responding Like a Pro: A Mock Data Breach Response, Denver Litigation Roundtable, June 2015

Presenter, Understanding the EU “Cookie Directive,” Rocky Mountain IP Institute, June 2015

Co-Presenter, Industry-Specific International Privacy Issues for Multi-National Companies, South Florida Data Privacy and Data Security Law Summit, March 2015

Co-Presenter, International Data Security Legal Risks for Financial Institutions, Florida International Bankers Association, March 2015

Author, Data Privacy Laws in Latin America: An Overview, American Bar Association International Law News, Spring 2015

Co-Presenter,Emerging Data Privacy Issues: What Corporate Counsel Needs to Know, Association of Corporate Counsel (ACC), September 2014

Presenter, An Overview of Latin America Data Privacy Law, South Florida Data Privacy and Data Security Law Summit, June 2014

Co-Author, Mexico’s Class Action Law: An Overview, Defense Research Institute (DRI), Summer 2013

Media

The GDPR Effect - Lawyers Help Companies Prepare for 2018's Biggest Task in Cybersecurity Law, Law Week Colorado, May 28, 2018. 

Symbiosis Through Secondment, Law Week Colorado, January 25, 2017. 

Camila’s representative experience includes:

  • Developing a GDPR compliance program for the clinical trial arm of a pharmaceutical company, including drafting policies, data subject consent forms, and data processing agreements, as well as developing procedures for handling data subject requests and responding to information security incidents;
  • Advising two financial software companies on issues relating to the GDPR for the processing of customer and employee data;
  • Assisting a marketing company with implementing GDPR-compliant policies and procedures, including updating notices, preparing controller-to-processor and processor-to-subprocessor contract templates, advising on handling data subject access requests and advising on responding to information security questionnaires;
  • Assisting a financial services provider with employees and franchisees in the EU on the implementation of a GDPR compliance program, including preparing policies, updating notices and working on technological solutions to streamline compliance practices;
  • Advising a multinational consumer-goods manufacturer on implementing a consent-based program for collecting and processing a subset of company data.
  • Advising an e-commerce company on website policies;
  • Advising two insurance companies on GDPR contract issues, including negotiating data protection terms with customers and vendors;
  • Advising a pharmaceutical company on the specific requirements for the collection and handling of biometric data of employees;
  • Preparing global contract templates for a multinational medical device firm, including joint controller, controller-to-processor, and processor-to-subprocessor agreements.
  • Assisting a technology company with implementation of a GDPR compliance framework for handling employee data;
  • Assisting a U.S.-based retailer with obtaining Privacy Shield certification;
  • Advising multiple entities on the appropriate implementation of Standard Contractual Clauses for the transfer of personal data outside the EU/EEA;
  • Advising on compliance with the ePrivacy directive.

Privacy and Data Security Compliance

Camila also helps clients proactively address requirements for privacy and data security legislation in the U.S., Latin America, and Canada. As a fluent Spanish speaker, Camila is able to draft and review policies, notices and agreements relating to the processing of customer and employee data throughout the region. Camila also has a unique perspective on privacy and data security compliance, after having spent seven months in-house on secondment to a life sciences company developing and implementing policies and procedures to streamline their U.S.-based privacy program. Camila believes that privacy compliance is a tool, rather than an obstacle, that helps companies effectively meet objectives while maintaining information integrity and confidentiality.

Camila’s experience in this area includes:

  • Assisting a consumer goods manufacturer with developing and implementing an enterprise-wide risk assessment process. This work includes creating a risk methodology, drafting questionnaires, identifying stakeholders, preparing a plan for execution, conducting the assessments and analyzing potential risks to develop risk mitigation plans;
  • Developing a semi-automated risk assessment process for a multinational company by creating templates and establishing risk assessment guidelines;
  • Advising a company in the food and beverage industry on data protection issues associated with a market research project, including advising on risk mitigation through contractual arrangements and transparency measures;
  • Advising a pharmaceutical company on the processing and transfer of employee data from a Mexican subsidiary, including drafting privacy notices in Spanish;
  • Assisting an equipment manufacturer with preparing a Spanish-language privacy notice for consumers in Mexico;
  • Assisting a U.S. retailer with negotiating data processing agreements with a vendor in the Dominican Republic;
  • Advising a multinational retailer on the handling of biometric information for employees in Canada;
  • Preparing incident response plans for a variety of organizations from midsize to multinational;
  • Assisting with responding to data security incidents and conducting breach notification in multiple jurisdictions;
  • Advising on the implementation of a compliance program to address the requirements of Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) and the new California Consumer Privacy Act.

Other international matters

Camila has also advised clients on other types of matters with an international focus, ranging from dispute resolution to public policy to commercial transactions. Her experience includes:

  • Serving as coordinating counsel for the defense of products liability litigation in Latin America;
  • Assisting with claims filed before consumer protection agencies relating to the disparate treatment of consumers based on geolocation;
  • Advising on public policy issues and legislative trends throughout the region;
  • Drafting and negotiating commercial agreements relating to transactions in several countries in Latin America and the Caribbean, while on secondment to the Latin American in-house legal department of a Fortune 50 company.