Samuel (Sam) Goldstick is a data privacy and cybersecurity associate at Foley & Lardner LLP. He is a member of the firm’s Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices, as well as Technology and Health Care Industry Teams. He also is accredited by the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional in both the United States and Europe (CIPP/US and CIPP/E).
Prior to joining Foley, Mr. Goldstick was an associate at a prominent law firm in Chicago, where he regularly counseled clients across a broad range of industries on compliance with applicable international, federal and state privacy and data security laws and regulations, including state and federal breach notification requirements (HIPAA, GLBA), industry-based cybersecurity standards and best practices, and the European Union’s (EU) General Data Protection Regulation (GDPR), as well as the EU-U.S. Privacy Shield Framework.
Mr. Goldstick began his legal career in private practice at a top AmLaw 100 firm in Chicago, where he was a member of the firm’s Information Technology, Privacy & Data Security Group, and Financial Industry Group.
As a law student, Mr. Goldstick served as a judicial extern to the Honorable Robert W. Gettleman of the United States District Court for the Northern District of Illinois.
- Handled more than 150 data breaches and security incidents involving system-wide malware attacks, phishing schemes, ransomware infections, lost or stolen laptops/paper documents, insider wrongdoing, and misdirected communications
- Assisted clients in different industries (including financial services, healthcare, hospitality, insurance, retail, and professional services) as a “breach coach” by managing all phases of the incident response process, including investigation, containment, notification, remediation and regulator interface (such as with HHS OCR and state attorneys general)
- Advised a global technology company on legal compliance obligations under current state biometric privacy laws in connection with the proposed implementation of internal processing operations that capture employee biometric data
- Counseled one of the largest public employee pension funds in the United States on applicable GDPR requirements and compliance strategies
- Advised a web-based 3D graphics company on privacy issues and common theories of liability applicable to “data scraping” under U.S. and Canadian law, including claims for breach of contract, copyright infringement, trespass to chattels, and statutory violation(s) under the Computer Fraud and Abuse Act and Canada’s Anti-Spam Legislation
- Advised a pharmaceutical company on data security issues associated with its data access and acceptable use policy for electronic communications policies in relation to maintaining HIPAA compliance, ensuring legality of employee monitoring procedures, and incorporating appropriate data classification levels and access control standards
- Represented a major U.S. consumer financial services provider in defending against claims brought under the TCPA, FCRA, FDCPA, and their state law counterparts, including securing dismissal on dozens of claims on motion practice
- Represented several large financial institutional clients in successfully defending claims asserting violations of consumer protection statutes, as well as claims for breach of contract, deceptive trade practices, defamation, intentional infliction of emotional distress, and invasion of privacy
- Assisted a multinational insurance brokerage firm in developing an incident response plan and written information security policy
- Prepared privacy and data protection policies for a global digital media service provider to ensure compliance with EU law following the invalidation of Safe Harbor
*Certain representations undertaken prior to joining Foley
Mr. Goldstick obtained his law degree from Chicago-Kent College of Law (J.D., 2013), where he was a member of the Law Review. During this time, he received CALI Awards for the highest grade in legal writing II, legal writing III, and disability law.
He earned a bachelor’s degree in political science and legal studies from the University of Wisconsin-Madison (B.A., with distinction, 2010), where he was named to the Dean’s List and a member of the Sigma Alpha Lambda Honor Society and National Society of Collegiate Scholars.
Mr. Goldstick is admitted to practice in Illinois. He is a member of the Chicago Bar Association’s Cyber Law & Data Privacy Committee, the IAPP, and the Midwest Cyber Security Alliance.